Question 344 - CTFL-2018 discussion

Product risk analysis is an approach to testing that aims to reduce the level of product risks and inform stakeholders of their status, starting in the initial stages of a project1.It involves the identification of product risks and the use of risk levels to guide the test process1.Product risks are uncertain situations that can affect the quality or value of the software product2.One of the factors that can influence the testing approach is the test design technique to be applied3.Test design techniques are methods to derive and select test cases based on the test objectives, test conditions, and test basis2.Decision table testing is a test design technique that is suitable for testing complex business rules that have logical conditions and outcomes2.Therefore, if the product risk analysis identifies that the complex business rules could result in costly failures, then decision table testing will be used for test case design to cover all the possible combinations of conditions and outcomes2.

The other options are not examples of how product risk analysis can influence the testing approach, because they are either not related to product risks or not based on risk levels. They are:

Performance failures were much lower than expected, so more test analysis will be conducted in this area (B).This is not related to product risk analysis, but to test monitoring and control, which is the process of comparing actual progress against the plan and reporting the status2.Test analysis is the activity of analyzing the test basis and defining test objectives2. If the performance failures were much lower than expected, then more test execution or evaluation might be needed, not more test analysis.

There is a lack of automation skills in the test team, so training for the automation tool will be rolled out .This is not related to product risk analysis, but to test management, which is the process of planning, monitoring, and controlling the test activities and resources2.Test automation is the use of software to perform or support test activities2.The lack of automation skills in the test team is a project risk, not a product risk, and it should be addressed by providing adequate training, tools, and resources for the test team2.

There are no product risks recorded around security, so security testing will be given priority as a contingency measure (D). This is not based on risk levels, but on the absence of risk identification, which is a poor practice in product risk analysis.Security testing is a type of testing that determines whether the software protects data and maintains functionality as intended2.Product risk analysis should identify the potential security risks and assign them appropriate risk levels based on their probability and impact1.Security testing should be prioritized based on the risk levels, not on the lack of risk identification, which could lead to overlooking or underestimating the security risks1.

ISTQB Foundation Level 2018 syllabus

Risk in Software Testing

Risk-Based Testing

Test Approach