Question 67 - CTFL-2018 discussion

Risk-based testing is an approach to testing that prioritizes and focuses on testing activities based on the level of risk associated with each feature or function of the system under test. Risk-based testing aims to optimize the use of time, resources, and techniques for testing by identifying and addressing the most critical and likely sources of failure or harm in the system under test. Some examples of typical risk-based testing activities are:

Brainstorming sessions are held with a wide variety of stakeholders to identify possible failures in the system: This activity is part of the risk identification process, which involves gathering information and opinions from different perspectives and sources to discover potential risks in the system under test.

Tests are prioritized to ensure that those associated with critical parts of the system are executed earlier: This activity is part of the risk analysis and evaluation process, which involves assessing the probability and impact of each risk and ranking them according to their severity and importance.

The focus of testing is shifted to an area in the system where tests find more defects than expected: This activity is part of the risk mitigation and monitoring process, which involves taking actions to reduce or eliminate the risks and tracking their status and progress.

The evaluation of a risk-management tool to decide which tool to use for future projects is not an example of a typical risk-based testing activity because it is not directly related to testing the system under test based on its risks. Rather, it is an example of a tool selection or evaluation activity, which involves comparing and choosing a tool that can support or enhance the testing process based on criteria such as functionality, usability, reliability, compatibility, cost, etc. You can find more information about risk-based testing in [A Study Guide to the ISTQB Foundation Level 2018 Syllabus], Chapter 3, Section 3.4.