iSQI CTFL_Syll2018 ISTQB Certified Tester Foundation Level Exam Practice Test

Answer : A

Product risk analysis is an approach to testing that aims to reduce the level of product risks and inform stakeholders of their status, starting in the initial stages of a project1.It involves the identification of product risks and the use of risk levels to guide the test process1.Product risks are uncertain situations that can affect the quality or value of the software product2.One of the factors that can influence the testing approach is the test design technique to be applied3.Test design techniques are methods to derive and select test cases based on the test objectives, test conditions, and test basis2.Decision table testing is a test design technique that is suitable for testing complex business rules that have logical conditions and outcomes2.Therefore, if the product risk analysis identifies that the complex business rules could result in costly failures, then decision table testing will be used for test case design to cover all the possible combinations of conditions and outcomes2.

The other options are not examples of how product risk analysis can influence the testing approach, because they are either not related to product risks or not based on risk levels. They are:

Performance failures were much lower than expected, so more test analysis will be conducted in this area (B).This is not related to product risk analysis, but to test monitoring and control, which is the process of comparing actual progress against the plan and reporting the status2.Test analysis is the activity of analyzing the test basis and defining test objectives2. If the performance failures were much lower than expected, then more test execution or evaluation might be needed, not more test analysis.

There is a lack of automation skills in the test team, so training for the automation tool will be rolled out .This is not related to product risk analysis, but to test management, which is the process of planning, monitoring, and controlling the test activities and resources2.Test automation is the use of software to perform or support test activities2.The lack of automation skills in the test team is a project risk, not a product risk, and it should be addressed by providing adequate training, tools, and resources for the test team2.

There are no product risks recorded around security, so security testing will be given priority as a contingency measure (D). This is not based on risk levels, but on the absence of risk identification, which is a poor practice in product risk analysis.Security testing is a type of testing that determines whether the software protects data and maintains functionality as intended2.Product risk analysis should identify the potential security risks and assign them appropriate risk levels based on their probability and impact1.Security testing should be prioritized based on the risk levels, not on the lack of risk identification, which could lead to overlooking or underestimating the security risks1.

ISTQB Foundation Level 2018 syllabus

Risk in Software Testing

Risk-Based Testing

Test Approach

Answer : C

The correct answer is C, as it is an example of a project risk.A project risk is a risk that affects the management and control of the testing project, such as planning, budget, schedule, resources, quality, or scope1.Team members' skills may not be sufficient for the assigned work is a project risk, as it affects the quality and efficiency of the testing activities1. Option A is incorrect, as it is an example of a product risk.A product risk is a risk that affects the quality of the software product under test, such as functionality, reliability, usability, security, or performance1.A system architecture may not support some non-functional requirements is a product risk, as it affects the reliability and performance of the software product1. Option B is incorrect, as it is an example of a defect.A defect is a flaw in the software product that causes it to produce incorrect or unexpected results or behavior1.A computation is not always performed correctly in some situations is a defect, as it causes the software product to produce incorrect results1. Option D is incorrect, as it is an example of a defect.A defect is a flaw in the software product that causes it to produce incorrect or unexpected results or behavior1.Specific modules do not adequately meet their intended functions according to the user is a defect, as it causes the software product to produce unexpected behavior1. Reference:1, Section 2.8

Answer : B

The correct answer is B, as it defines risk level correctly.Risk level is determined by the likelihood of an event happening and the impact or harm from that event4.Likelihood is the probability or frequency of the event occurring4.Impact is the severity or consequence of the event occurring4.Risk level can be calculated by multiplying likelihood and impact, or by using a risk matrix that assigns risk levels based on different combinations of likelihood and impact4. Option A is incorrect, as it does not define risk level correctly.Risk level is not calculated by adding the probabilities of all planned risks to a project, but by assessing the likelihood and impact of each individual risk4. Option C is incorrect, as it does not define risk level correctly.Risk level is not calculated by dividing the sum of all known risks by the sum of all unknown risks, but by assessing the likelihood and impact of each individual risk4. Option D is incorrect, as it does not define risk level correctly.Risk level is not determined by calculating the absolute value of the sum of all potential issues that may occur on the project, but by assessing the likelihood and impact of each individual risk4. Reference:4, Section 2.8

Answer : D

The correct answer is D, as it describes a test summary report for executive-level employees.A test summary report is a document that summarizes the results and evaluation of testing activities for a specific activity or phase3.It may have different levels of detail and content depending on the intended audience and purpose3.A test summary report for executive-level employees is typically high-level and includes a status summary of defects by priority or budget3.This type of report provides a concise overview of the quality and progress of testing without going into too much detail or technical information3. Option A is incorrect, as it describes a test summary report for technical-level employees.A test summary report for technical-level employees is typically detailed and includes specific information on defects and trends3.This type of report provides a comprehensive analysis of the quality and progress of testing with relevant data and metrics3. Option B is incorrect, as it describes a test summary report that is neither suitable for executive-level nor technical-level employees.A test summary report that is detailed and includes a status summary of defects by priority or budget is too detailed for executive-level employees and too vague for technical-level employees3. Option C is incorrect, as it describes a test summary report that is neither suitable for executive-level nor technical-level employees.A test summary report that is high-level and includes specific information on defects and trends is too high-level for technical-level employees and too specific for executive-level employees3. Reference:3, Section 2.7

Answer : A

The correct answer is A, as it states that the Wideband Delphi estimation technique is an example of the expert-based approach.The Wideband Delphi estimation technique is a method of estimating testing effort or duration by using a structured group process that involves multiple experts2.The experts provide their estimates independently and anonymously, then compare and discuss them until they reach a consensus2.This technique is an example of the expert-based approach, which is an approach that relies on the knowledge and experience of experts to estimate testing activities2. Option B is incorrect, as it states that the Wideband Delphi estimation technique is an example of the metrics-based approach.The metrics-based approach is an approach that uses historical data and mathematical formulas to estimate testing activities2. This approach does not involve experts or group processes. Option C is incorrect, as it states that burndown charts used in Agile development is an example of the expert-based approach.Burndown charts are graphical tools that show the amount of work remaining versus time in an Agile project2. They are used to monitor and control testing progress and quality. They are not examples of the expert-based approach, as they do not rely on experts' opinions or estimates. Option D is incorrect, as it states that burndown charts used in Agile development is an example of the risk-based approach.The risk-based approach is an approach that uses risk analysis to prioritize and estimate testing activities2. This approach involves identifying and assessing risks based on their likelihood and impact.It does not involve burndown charts or Agile development. Reference:2, Section 2.6

Answer : B

According to the syllabus, a mindset is a set of attitudes, beliefs, and assumptions that influence how a person thinks, feels, and behaves. A mindset for test activities and a mindset for development activities are different and complementary, as they reflect different goals and perspectives of testing and development. A tester is concerned with finding defects while a developer is interested in designing solutions. This statement best describes the key difference between a mindset for test activities and a mindset for development activities. A tester's mindset is focused on identifying and reporting problems in the software product or system, such as errors, failures, or deviations from requirements or expectations. A tester's mindset is also characterized by professional skepticism, curiosity, creativity, and critical thinking. A developer's mindset is focused on creating and implementing solutions for the software product or system, such as features, functions, or enhancements. A developer's mindset is also characterized by professional optimism, confidence, logic, and analytical thinking. The other answers are incorrect because they either confuse the roles of testers and developers or use incorrect terms.

Answer : A

According to the syllabus, a tester's ability to communicate about defects, test results, and other test information well is an important skill that contributes to testing effectiveness and efficiency. A tester should be able to communicate clearly, accurately, objectively, constructively, politely, and persuasively with various stakeholders involved in testing or affected by testing outcomes. A tester should also be able to use appropriate communication methods and tools depending on the context and purpose of communication. The answer A is correct because it is an example of a tester's ability to communicate about defects, test results, and other test information well. Emphasizing the benefits of testing means highlighting how testing adds value to the software product and the business goals. This can help to gain support and trust from stakeholders and foster a positive attitude towards testing. The other answers are incorrect because they are examples of poor communication skills that can hinder testing effectiveness and efficiency. Taking a command-and-control approach with the project team (B) means imposing one's own decisions or opinions without considering others' inputs or feedback. This can create conflicts and resentment among team members and reduce collaboration and cooperation. Being firm and assertive with test findings and information means insisting on one's own views or demands without being flexible or open-minded. This can lead to arguments and disagreements with stakeholders who may have different perspectives or expectations. Writing subjective defect reports and review findings (D) means using personal, biased, or unobservable information that does not support the evaluation or analysis of defects or tests. This can cause confusion and misunderstanding among stakeholders who may not be able to reproduce or verify the defects or tests.