iSQI CTFL_Syll2018 Exam Actual Questions

2-point boundary value analysis is a technique that tests the boundary values of valid and invalid partitions with two values each: one at the boundary and one just outside the boundary. For example, if the valid range is 1 to 10, the 2-point boundary values are 1, 2, 9, 10 for the valid partition, and 0, 11 for the invalid partitions. The advantage of this technique is that it reduces the number of test cases compared to 3-point boundary value analysis, which tests one value inside the boundary as well. However, it may miss some defects that occur only with the values inside the boundary.

In this question, the valid partitions are the ranges of spending that correspond to different discounts, and the invalid partitions are the ranges of spending that are below or above the valid partitions. The boundaries are the values of spending that trigger a change in the discount rate. The 2-point boundary values for each partition are:

Invalid partition below 500: 0, 499

Valid partition for 5% discount: 500, 501

Valid partition for 10% discount: 1000, 1001

Valid partition for 15% discount: 2000, 2001

Valid partition for 20% discount: 4000, 4001

Invalid partition above 4000: 4001, 4002

The test cases TC1 and TC2 already cover two of the boundary values: 500 and 2000. Therefore, to achieve 100% 2-point boundary value analysis, we need to write seven more test cases to cover the remaining boundary values: 0, 499, 501, 1000, 1001, 4000, and 4002. Note that 4001 is a boundary value for both the valid and invalid partitions, so we only need to test it once.

Product risk analysis is an approach to testing that aims to reduce the level of product risks and inform stakeholders of their status, starting in the initial stages of a project1.It involves the identification of product risks and the use of risk levels to guide the test process1.Product risks are uncertain situations that can affect the quality or value of the software product2.One of the factors that can influence the testing approach is the test design technique to be applied3.Test design techniques are methods to derive and select test cases based on the test objectives, test conditions, and test basis2.Decision table testing is a test design technique that is suitable for testing complex business rules that have logical conditions and outcomes2.Therefore, if the product risk analysis identifies that the complex business rules could result in costly failures, then decision table testing will be used for test case design to cover all the possible combinations of conditions and outcomes2.

The other options are not examples of how product risk analysis can influence the testing approach, because they are either not related to product risks or not based on risk levels. They are:

Performance failures were much lower than expected, so more test analysis will be conducted in this area (B).This is not related to product risk analysis, but to test monitoring and control, which is the process of comparing actual progress against the plan and reporting the status2.Test analysis is the activity of analyzing the test basis and defining test objectives2. If the performance failures were much lower than expected, then more test execution or evaluation might be needed, not more test analysis.

There is a lack of automation skills in the test team, so training for the automation tool will be rolled out .This is not related to product risk analysis, but to test management, which is the process of planning, monitoring, and controlling the test activities and resources2.Test automation is the use of software to perform or support test activities2.The lack of automation skills in the test team is a project risk, not a product risk, and it should be addressed by providing adequate training, tools, and resources for the test team2.

There are no product risks recorded around security, so security testing will be given priority as a contingency measure (D). This is not based on risk levels, but on the absence of risk identification, which is a poor practice in product risk analysis.Security testing is a type of testing that determines whether the software protects data and maintains functionality as intended2.Product risk analysis should identify the potential security risks and assign them appropriate risk levels based on their probability and impact1.Security testing should be prioritized based on the risk levels, not on the lack of risk identification, which could lead to overlooking or underestimating the security risks1.

ISTQB Foundation Level 2018 syllabus

Risk in Software Testing

Risk-Based Testing

Test Approach

The test execution schedule should follow the priority order of the tests, as well as the dependency constraints. The priority order is given by the user value column, where higher values indicate higher priority. The dependency constraints are given by the dependency column, where a test ID indicates that the test cannot be run until the test with that ID has been successfully completed. Therefore, the test execution schedule should start with the highest priority test that has no dependency, which is test 5. Then, it should continue with the next highest priority test that has no dependency or has a satisfied dependency, which is test 1. Then, it should proceed with test 2, which depends on test 1, and then test 3, which depends on test 2. Finally, it should end with test 4, which depends on test 3. Thus, the test execution schedule that best meets the prioritisation and dependency conditions is 5,1,2,3,4.

A test completion report for a test level typically includes a summary of all the testing activities that have been performed. It should detail any deviations from the original test schedule, including any changes in the planned duration or effort that were required to complete the test activities. This report serves as a record of what was tested, how it was tested, and any issues that were encountered.

Priority is an important item of information that is missing from the incident report. Priority indicates the importance or urgency of resolving the incident, based on the business needs and the impact on the stakeholders. Priority is usually assigned by the project manager or the customer, and it helps to determine the order in which incidents should be addressed. Priority may differ from severity, which indicates the degree of impact of the incident on the system or the component under test. Severity is usually assigned by the tester or the developer, and it helps to assess the risk of the incident. For example, an incident may have a high severity but a low priority, if it affects a critical function but only occurs in a rare situation. Conversely, an incident may have a low severity but a high priority, if it affects a minor function but occurs frequently or affects many users. Therefore, both priority and severity are useful information for incident management and resolution.

The other options are not essential information for the incident report, although they may be helpful or desirable in some cases. Recommendations are suggestions or proposals for resolving the incident, which may be provided by the tester, the developer, or other stakeholders. However, recommendations are not mandatory, and they may not be feasible or acceptable in some situations. Name of tester is the identifier of the person who reported the incident, which may be useful for communication or accountability purposes. However, name of tester is not critical, and it may be replaced by other identifiers, such as email address, employee number, or role. Change history is the record of the changes made to the incident report, such as status, resolution, or comments. Change history is valuable for tracking and auditing purposes, but it is not part of the initial incident report, rather it is updated as the incident progresses.