Q38. The main objectives the senior management team wants to achieve are:
– to reduce the costs associated with dynamic testing
– to use reviews to ensure that the project is on course for success and following the plan
– to use reviews as a well-documented and effective bug-removal activity following a formal process with well-defined roles
– to determine the effectiveness of reviews in terms of phase containment
– to improve phase containment effectiveness
Which of the following answers would you expect to describe the best way to achieve these objectives?

Q39. Which of the following statements describing how identified product quality risks should be
mitigated and managed, is true?
K2 1 credit

Q40. The main objectives the senior management team wants to achieve are:
– to reduce the costs associated with dynamic testing
– to use reviews to ensure that the project is on course for success and following the plan
– to use reviews as a well-documented and effective bug-removal activity following a formal
process with well-defined roles
– to determine the effectiveness of reviews in terms of phase containment
– to improve phase containment effectiveness
Which of the following answers would you expect to describe the best way to achieve these
objectives?
K4 3 credits

Q41. Assume you are the Test Manager for a new software release of an e-commerce application.
The server farm consists of six servers providing different capabilities. Each capability is provided through a set of web services.
The requirements specification document contains several SLAs (Service Level Agreements) like the following:
SLA-001: 99.5 percent of all transactions shall have a response time less than five seconds under a load of up-to 5000 concurrent users
The main objective is to assure that all the SLAs specified in the requirements specification document will be met before system release. You decide to apply a risk-based testing strategy and an early risk analysis confirms that performance is high risk. You can count on a well-written requirements specification and on a model of the system behavior under various load levels produced by the system architect.
Which of the following test activities would you expect to be the less important ones to achieve the test objectives in this scenario?

Q42. For which of the following activities would the costs be classified as a cost of detection?

Q43. You are the Test Manager for a project to develop a web customer portal of a Pay-TV company that allows customers (with a smartcard and a set-top box) to purchase digital contents.
In the “select” page the system displays a dialogue where the customer can select the items (digital contents) he/she is interested in. In this page he/she can add one or more items to a shopping cart. An item consists of a product and a duration.
There are three types of products: Movie, sport and premium (movie and sport).
There are four possible durations: 1 months, 2 months, winter (from the beginning of January to end of March) and summer (from the beginning of July to end of September).
All the combinations of products and durations are allowed to define an item. Thus there are twelve possible items. A maximum of six different items can be added to the shopping cart at a time.
When the customer decides to check out he/she goes to the “purchase” page where he/she can pay the total amount of the shopping cart in three different ways:
– using a credit voucher
– using a credit already charged on the smartcard
– using a credit card (accepted credit cards are. Visa, MasterCard and Great Wall Card) The customer can logout from both the “select” and “purchase” pages. In this case no purchase is made.
You decide to apply a blended risk-based and reactive testing strategy and the following is a subset of the exit criteria for system testing:
EXCR1- Each “critical” quality risk item must be covered by at least one test condition EXCR2- Each “critical” requirement must be covered by at least one test condition You are following a risk-based testing strategy. The test execution time is very limited. Assume that all the product risk items require more or less the same level of test effort.

Which of the following answers describes the best execution schedule in this scenario?

Q44. Assume you are working on a CAS (Conditional Access System) for Pay-TV that allows the access, selection and transfer of services and media to authorized users. Authorized users can choose their services through different channels: Web Customer Portal, IVR (Interactive Voice Response), Call Centre and SMS. The system uses a Smart Card to receive and decrypt the broadcasted encrypted control words which allow decrypting pay- per-view TV. Every authorized user must have a Smart Card and a Set-Top Box to view the contents.
The following is an excerpt from the product risk analysis document:
Both likelihood and impact have been rated on the following scale: (1 – Very low, 2 – Low, 3 – Medium, 4 – High, 5 – Very High).
The required test environment and code have been delivered. All test cases for each identified product risk item have been written and are ready to be executed. The Database used to contain the Smart Cards is empty and so only new Smart Cards can be used during test execution.
A Smart Card can only be activated if it has been previously pre-activated. This means the post-conditions for the execution of the test cases to test the pre-activation of the Smart Card are the pre-conditions for activation of the Smart Card.
Which of the following statements represents the most effective contribution of the stakeholders to the completion of the failure mode analysis table?

Q45. Assume you are working on a defect management process to be used by a software organization to track the current status of the defects reports for several projects.
When a defect is found for investigation a defect report is created in “Opened” state that is the unique initial state. The defect report status has also a unique finale state that is the “Closed” state.
The following state transition diagram describes the states of this defect management process:
Where only the initial (“Opened”) and final (“Closed”) states are indicated while the remaining states (V, W, X, Y, Z) have yet to be named.

Which of the following assignments would you expect to best complete the defect management process?

Q46. Which of the following factors could negatively influence a review?

Q47. During the system testing phase a tester from your test team observes a failure in the
system under test and he/she decides to create an incident report. The incident report is
currently in a “new” state, indicating it needs to be investigated.
Which THREE of the following information items can’t yet be present in the incident report?
K3 2 credits (2 credits out of 3 credits correct, 1 credit point)

Q48. You are performing a quality risk analysis for a CSCI (Computer Software Configuration Item) used to implement a CBIT (Continuous Built-In Test) module of a safety-critical system.
During the quality risk analysis you are trying to identify the ways in which failures of the CBIT module can occur, for each of them trying to determine the potential causes and likely effects, and the risk level (calculated as the product of three factors: severity, occurrence and detection).
Which of the following risk analysis techniques are you working with?

Q49. Consider an information system of a Pay-Tv company based on a SOA architecture.
The integrated system currently consists of three core systems:
– a CRM (Customer Relationship Management) system
– a BRM (Billing and Revenue Management) system
– a CAS (Conditional Access System) system all of them communicating with SOA
Middleware.
You have been asked to manage the testing activities for the integration of two additional
off-the-shelf systems from two different vendors: a SMS (Short Message Service) server
and an IVR (Interactive Voice Response) system.
Assume that there is a high likelihood that the two off-the-shelf systems will be low-quality
and that you have a clear proof that the testing performed by the two vendors on their
systems has been unsystematic and unprofessional. This obviously leads to higher quality
risk for the overall integrated system.
You are the Test Manager of this project. Your main goal is to plan for testing activities to
mitigate this risk.
Which of the following answers best describes the test activities (assuming it is possible to
perform all of them) you should plan for?
K4 3 credits

Q50. During the follow-up phase the following conditions are checked:
X1. The code has been completely reviewed
X2. All the identified defects have been correctly fixed and the modified code has been compiled successfully and run through all the static analyzers used by the project without warnings and errors X3. The modified code is available under the configuration management system with a new version number for the specified CI
If these conditions are fulfilled then the review process terminates.
Which of the following characteristics of a formal review is missing in this description?

Q51. In the next two months some new features will be constantly added to new releases of a
project you are working on as Test Manager.
You have identified as one of the main project risks, that the requirements specification will
still be incomplete when your team starts the test design and implementation phase.
Some requirements will most likely be completed too late to allow a proper test preparation.
You and your test team have already worked on several similar past projects in the same
organization.
Which one of the following options would you expect to be the most effective at mitigating
this risk?
K4 3 credits

Q52. After the presentation, you are asked to explain the chart.
Assume you have applied a full risk-based testing strategy.

Which of the following answers would you expect to best describe the pie chart?
K4 3 credits

Q53. You are estimating the effort for the integration testing activities of a new project. Consider the following factors, which can affect that estimation:
I. Availability of re-usable test systems and documentation from previous, similar projects II. Unexpected timing of components arrival
III. Stability of the integration test team (no turnover)
IV. Many and geographically distributed sub-teams
Which of the following statements is true?

Q54. Assume you are the Test Manager in charge of independent testing for avionics applications.
You are in charge of testing for a project to implement three different CSCI (Computer Software Configuration Item):
– a BOOT-X CSCI that must be certified at level B of the DO-178B standard
– a DIAG-X CSCI that must be certified at level C of the DO-178B standard
– a DRIV-X CSCI that must be certified at level A of the DO-178B standard These are three different software modules written in C language to run on a specific hardware platform.
You have been asked to select a single code coverage tool to perform the mandatory code coverage measurements, in order to meet the structural coverage criteria prescribed by the DO-178B standard. This tool must be qualified as a verification tool under DO-178B.
Since there are significant budget constraints to purchase this tool, you are evaluating an open-source tool that is able to provide different types of code coverage. This tool meets perfectly your technical needs in terms of the programming language and the specific hardware platform (it supports also the specific C-compiler).
The source code of the tool is available.
Your team could easily customize the tool to meet the project needs. This tool is not qualified as a verification tool under the DO-178B.
Which of the following are the three main concerns related to that open-source tool selection?

Q55. You are the Test Manager of a project that adopts a V-model with four formal levels of
testinG. unit, integration, system and acceptance testing.
On this project reviews have been conducted for each development phase prior to testing,
which is to say that reviews of requirements, functional specification, high-level design, low-
level design and code have been performed prior to testing.
Assume that no requirements defects have been reported after the release of the product.
Which TWO of the following metrics do you need in order to evaluate the requirements
reviews in terms of phase containment effectiveness?
K3 2 credits

Q56. Which of the following information would you expect to be the most useful to perform a
defect clustering analysis?
K2 1 credit

Q57. After a selection process you have selected a test management tool that is going be
introduced in your organization and used by your test team in a pilot project.
You have already identified the member of your test team who will be the administrator of
the tool, since he/she has a significant experience with the administration of test
management tools and so he/she is able to make effective and efficient up-front decisions
about “how” the tool will be used. You have also developed a training plan for the other
members of your test team.
In collaboration with the administrator of the tool you have also devised standard ways of
managing, storing and maintaining the tool and its assets including backup/restore
procedures.
You have also analyzed standard formats supported by the tool (CSV, XLS, XML, etc.) to
export, import and archive all the information managed by the tool itself (requirements, test
case specifications, test plans etc.) for compliance with the most important test
management tools, in order to minimize the impacts of migrating this information to a new
tool that could replace the existing one in the future.
Which of the following phases in the lifecycle of the new tool has NOT been adequately
considered in this description?
K2 1 credit

Q58. You are the Test Manager of a new project aimed at developing a software system that must be certified at level B of the DO-178B standard. The project will follow a V-Model software development life cycle and it will have four formal levels of testing: component, integration, system and acceptance testing.
You must produce the test plan documentation for this project by providing an adequate coordination across the four levels of testing in order to assure audit ability.
Which of the following answers would you expect to best describe how to organize the test plan?

Q59. Based on the historical data of 5 past and similar projects, you have calculated these
average numbers of defects detected in system testinG.
– For each 10000 LOC (lines of code), 200 defects
– For each person-month of development team effort, 49 defects
You want to use this information to perform estimation for a new project.
The project manager tells you that he/she has estimated 20000 new LOC for this new
project.
Four developers work for four months on this project before system testing.
During system testing, 797 defects are discovered.
Assume that the system test of this new project is using the same amount of work as spent
in the past projects.
Based on this information only, which of the following statement is certainly true about this
project?
K3 3 credits

Q60. You are working on a project to develop an authentication system for an e-commerce website. This system provides two features: Registration and authentication. Two different development teams develop these two features.
There is a high likelihood that the delivery of the authentication feature to the test team will be three weeks later. To complete the registration the user must provide the following registration inputs: Name, surname, birth date, fiscal code and he/she can select a username and a password.
A registered user can be a special user or a normal user. To be identified as a special user, he/she must also provide, during the registration process, a voucher possibly received from the IT department.
Access is granted only if a user is registered and the password is correct: In all other cases access is denied. If the registered user is a special user and the password is wrong, a special warning is shown on the system console.
You are currently performing a quality risk analysis using FMEA.
Based only on the given information, which of the following is NOT a product risk that could be identified during the quality risk analysis?

Q61. The following are the exit criteria described in the test plan of a software product:
EX1. The test suite for the product must ensure that at least each quality risk item is covered by at least one test case (a quality risk item can be covered by more test cases).
EX2. All test cases in the test suite must be run during the execution phase.
EX3. Defects are classified into two categories: “C” (critical defect) and “NC” (non-critical defect). No known C defects shall exist in the product at the end of the test execution phase.
Which of the following information is useless when the specified exit criteria is evaluated?