iSQI CTFL_Syll2018 Exam Questions

Product risk analysis is an approach to testing that aims to reduce the level of product risks and inform stakeholders of their status, starting in the initial stages of a project1.It involves the identification of product risks and the use of risk levels to guide the test process1.Product risks are uncertain situations that can affect the quality or value of the software product2.One of the factors that can influence the testing approach is the test design technique to be applied3.Test design techniques are methods to derive and select test cases based on the test objectives, test conditions, and test basis2.Decision table testing is a test design technique that is suitable for testing complex business rules that have logical conditions and outcomes2.Therefore, if the product risk analysis identifies that the complex business rules could result in costly failures, then decision table testing will be used for test case design to cover all the possible combinations of conditions and outcomes2.

The other options are not examples of how product risk analysis can influence the testing approach, because they are either not related to product risks or not based on risk levels. They are:

Performance failures were much lower than expected, so more test analysis will be conducted in this area (B).This is not related to product risk analysis, but to test monitoring and control, which is the process of comparing actual progress against the plan and reporting the status2.Test analysis is the activity of analyzing the test basis and defining test objectives2. If the performance failures were much lower than expected, then more test execution or evaluation might be needed, not more test analysis.

There is a lack of automation skills in the test team, so training for the automation tool will be rolled out .This is not related to product risk analysis, but to test management, which is the process of planning, monitoring, and controlling the test activities and resources2.Test automation is the use of software to perform or support test activities2.The lack of automation skills in the test team is a project risk, not a product risk, and it should be addressed by providing adequate training, tools, and resources for the test team2.

There are no product risks recorded around security, so security testing will be given priority as a contingency measure (D). This is not based on risk levels, but on the absence of risk identification, which is a poor practice in product risk analysis.Security testing is a type of testing that determines whether the software protects data and maintains functionality as intended2.Product risk analysis should identify the potential security risks and assign them appropriate risk levels based on their probability and impact1.Security testing should be prioritized based on the risk levels, not on the lack of risk identification, which could lead to overlooking or underestimating the security risks1.

ISTQB Foundation Level 2018 syllabus

Risk in Software Testing

Risk-Based Testing

Test Approach

The test execution schedule should follow the priority order of the tests, as well as the dependency constraints. The priority order is given by the user value column, where higher values indicate higher priority. The dependency constraints are given by the dependency column, where a test ID indicates that the test cannot be run until the test with that ID has been successfully completed. Therefore, the test execution schedule should start with the highest priority test that has no dependency, which is test 5. Then, it should continue with the next highest priority test that has no dependency or has a satisfied dependency, which is test 1. Then, it should proceed with test 2, which depends on test 1, and then test 3, which depends on test 2. Finally, it should end with test 4, which depends on test 3. Thus, the test execution schedule that best meets the prioritisation and dependency conditions is 5,1,2,3,4.

The correct answer is D, as it describes tools that support reviews.Tools that support reviews are tools that assist with performing static testing activities such as checking documents for defects or compliance with standards3. Examples of tools that support reviews are:

Tools for document review and annotation

Tools for document comparison and version control

Tools for checklist management and defect tracking

Option A is incorrect, as it describes tools that support usability testing.Tools that support usability testing are tools that assist with performing dynamic testing activities related to how easy and user-friendly the software product is3. Examples of tools that support usability testing are:

Tools for recording user actions and feedback

Tools for analyzing user behavior and satisfaction

Tools for simulating different user interfaces and devices

Option B is incorrect, as it describes tools that assess data quality.Tools that assess data quality are tools that assist with evaluating and improving the accuracy and completeness of data used for testing3. Examples of tools that assess data quality are:

Tools for data validation and verification

Tools for data cleansing and transformation

Tools for data profiling and analysis

Option C is incorrect, as it describes tools that support specialized testing needs.Tools that support specialized testing needs are tools that assist with performing dynamic testing activities related to specific domains or technologies3. Examples of tools that support specialized testing needs are:

Tools for security testing

Tools for performance testing

Tools for accessibility testing

This scenario is using a walkthrough review type and a perspective-based review technique. A walkthrough is a type of review that is relatively informal and led by the author of the work product. A perspective-based review technique is a technique that involves reviewing the work product from different viewpoints or perspectives of various stakeholders. The scenario matches these descriptions, as it involves an informal approach, a meeting leader who is the author of the requirements document, and a goal of improving the software application's usability and accessibility by considering the various stakeholders' viewpoints. Option A is incorrect, as a pair review is a type of review that involves only two people, usually the author and another team member. Option C is incorrect, as a checklist-based review technique is a technique that involves reviewing the work product against a predefined list of items or criteria. Option D is incorrect, as it combines the incorrect descriptions of options A and C.

Priority is an important item of information that is missing from the incident report. Priority indicates the importance or urgency of resolving the incident, based on the business needs and the impact on the stakeholders. Priority is usually assigned by the project manager or the customer, and it helps to determine the order in which incidents should be addressed. Priority may differ from severity, which indicates the degree of impact of the incident on the system or the component under test. Severity is usually assigned by the tester or the developer, and it helps to assess the risk of the incident. For example, an incident may have a high severity but a low priority, if it affects a critical function but only occurs in a rare situation. Conversely, an incident may have a low severity but a high priority, if it affects a minor function but occurs frequently or affects many users. Therefore, both priority and severity are useful information for incident management and resolution.

The other options are not essential information for the incident report, although they may be helpful or desirable in some cases. Recommendations are suggestions or proposals for resolving the incident, which may be provided by the tester, the developer, or other stakeholders. However, recommendations are not mandatory, and they may not be feasible or acceptable in some situations. Name of tester is the identifier of the person who reported the incident, which may be useful for communication or accountability purposes. However, name of tester is not critical, and it may be replaced by other identifiers, such as email address, employee number, or role. Change history is the record of the changes made to the incident report, such as status, resolution, or comments. Change history is valuable for tracking and auditing purposes, but it is not part of the initial incident report, rather it is updated as the incident progresses.