Quality Assurance

Question 1

QA of software can be achieved by

Answer 1

testing its reliability (functionality), recoverability, resiliency (security), interoperability, and privacy.

Question 2

The categorization of the different types of software quality assurance testing are:

Answer 2

Functional (Unit, Logic, Integration, Regression), Non-Functional (Performance, Scalability, Environment, Simulation), and Other (Privacy, User Acceptance).

Question 3

Reliability software

Answer 3

Reliability implies that the software is functioning as it is expected by the business or customer

Question 4

Resiliency software

Answer 4

Resiliency is the measure of how strong the software is to be able to withstand attacks when an attacker is attempting to compromise it.

Question 5

Recoverability software

Answer 5

Recoverability is the ability for the software to restore itself to an operational state after downtime which can be caused accidentally or intentionally.

Question 6

Privacy testing is conducted to check

Answer 6

that personally-identifying information (PII), personal health information (PHI), personal financial information (PFI) and any information that is exclusive to the owner of the information, is assured confidentiality and no intrusion.

Question 7

Test Strategy artifact

Answer 7

The test strategy outlines the testing approach that will be undertaken. It is the main instrument that is used to inform and communicate testing issue with members of the software development team.

Question 8

Test Plan artifact

Answer 8

The test plan is much more granular document that details the testing approach systematically (like a workflow).

Question 9

A test plan is used to ensure and verify that

Answer 9

the software is reliable i.e., meeting requirements, both functional and assurance (security) requirements.

Question 10

Test Case artifact

Answer 10

A test case takes the test requirements from the test plan and defines measurable conditions to validate that the requirements are indeed being met as expected.

Question 11

Test Script artifact

Answer 11

It is essentially the procedures that the tester will undertake to perform the test.

Question 12

Test Suite artifact

Answer 12

Groups and a collection of test cases makes up a test suite. It is usually organized logically by section, such as functional tests, performance tests, etc.

Question 13

Test Harness artifact

Answer 13

All the components that are necessary to conduct software testing are collectively referred to as a test harness. It includes the testing tools, test data samples,
testing configurations, test cases and test scripts.

Question 14

Functional Testing

Answer 14

Software testing is performed to primarily attest the functionality of the software as expected by the business or customer.

Question 15

Unit Testing

Answer 15

it is the first process to ensure that the software is functioning properly, according to specifications (Developer conducts it).

Question 16

Unit Testing can reveal

Answer 16

Cyclomatic complexities in code; uncover common coding vulnerabilities such as hard coding values and sensitive information such as passwords and cryptographic keys inline code.

Question 17

Unit testing provides many benefits such as

Answer 17

validate functional logic; find out inefficiencies, complexities and vulnerabilities in code; automate testing processes by integrating easily with automated
build scripts and tools; extend test coverage; enable collective code ownership in agile development.

Question 18

Logic testing

Answer 18

Logic testing validates the accuracy of the software processing logic.

Question 19

Integration Testing

Answer 19

Integration testing is the logical next step after unit
testing to validate the software’s functionality, performance and security. It helps to identify problems that occur when units of code are combined.

Question 20

Regression Testing

Answer 20

Regression testing is performed to validate that the

software did not break previous functionality or security and regress to a nonfunctional or insecure state.

Question 21

How to determine the need for regression testing

and the tests that need to be run

Answer 21

Determining the Relative Attack Surface Quotient (RASQ) for newer versions of software with the RASQ values of the software before it was modified can be used as a measure.

Question 22

Non-Functional Testing covers testing for

Answer 22

the recoverability and environmental aspects of the software such as appropriate replication, load balancing, interoperability and disaster recovery mechanisms functioning properly.

Question 23

Examples of common recoverability testing

Answer 23

Performance testing (load testing, stress testing) and scalability testing

Question 24

Performance Testing

Answer 24

Testing should be conducted to ensure that the software is performing to the SLA and expectations of the business.

Question 25

Performance testing goal

Answer 25

Performance testing is not performed with the intent of finding vulnerabilities (bugs or flaws) but with the goal of determining bottlenecks that are present in the software.

Question 26

Stress Testing

Answer 26

It is performed to determine the ability of the software to handle loads beyond its maximum capabilities.

Question 27

Stress Testing primarily performed with two objectives.

Answer 27

Find out if the software can recover gracefully upon failure, when the software breaks; To assure that the software operates according to the design principle of failing securely.

Question 28

Scalability Testing main objectives

Answer 28

To identify the loads (which can be obtained from load testing) and to mitigate any bottlenecks that will hinder the ability of the software to scale to handle more load or changes in business processes or technology.

Question 29

Important verification exercises that must be performed to attest the security aspects of software

Answer 29

Interoperability testing, simulation testing and Disaster Recovery (DR) testing.

Question 30

List of interoperability testing that can be performed to verify that:

Answer 30

``` security standards (such as WS-Security for web services implementation) are used; complete mediation is effectively working to ensure that authentication cannot be bypassed; tokens used for transfer of credentials cannot be stolen, spoofed and replayed, and; authorization checks post authentication are working properly. ```

Question 31

Disaster Recovery (DR) Testing verifies

Answer 31

The recoverability of the software. It also uncovers data accuracy, integrity and system availability issues.

Question 32

Simulation Testing can uncover

Answer 32

The effectiveness of least privilege implementation and configuration mismatches.

Question 33

Privacy Testing

Answer 33

Verification of organizational policy controls that impact privacy. It should also encompass the monitoring of network traffic and the communication between end-points to assure that personal information is not disclosed.

Question 34

UAT

Answer 34

User Acceptance Testing - Prior to software release, during the software acceptance phase, the end user needs to be assured that the software meets their specified requirements.

Question 35

Prerequisites of UAT include the following

Answer 35

The software must have exited the development (implementation) phase; Other quality assurance and security tests such as unit testing, integration testing, regression testing, software security testing, etc. must be completed; Functional and security bugs need to be addressed; Real world usage scenarios of the software are identified and test cases to cover these scenarios are completed.