Question 1

Reliability testing is a technique that feeds random input data into applications just to see what happens to the results.

Accepted Answer

Reliability testing is aimed at verifying if a system operates as expected under certain conditions for a specified period of time, focusing on consistency and dependability, rather than feeding random input data to observe outcomes.

Question 2

A testing script needs to be created for every possible situation and attack that the program could encounter.

Accepted Answer

A testing script should cover as many possible situations and attacks as possible to ensure that the program is robust and can handle all potential scenarios.

Question 3

The application will never be 100% secure.

Accepted Answer

No software application can offer 100% security as there can always be vulnerabilities and new threats that can be discovered and exploited. It is important to continuously update and patch applications to reduce the risk of security breaches.

Question 4

Unit testing catches errors that compilers won't find.

Accepted Answer

Unit testing involves testing individual units of code in isolation, which can uncover errors that may not be detected by a compiler. Compilers check for syntax errors and may perform some basic checks, but they are not able to detect all types of logic errors or issues that arise from complex interactions between different parts of the code.

Question 5

Reliability of an application is when the application produces correct results despite being under attack or under extreme use.

Accepted Answer

Reliability refers to the ability of an application to function correctly under various conditions, including attacks or heavy usage. This means that the application consistently produces accurate results regardless of external factors.

Question 6

The more complexity that is added to the system, the more secure it becomes.

Accepted Answer

This statement is false. Complex systems often have more vulnerabilities and are more difficult to maintain and secure. Simple systems with limited access points and clear protocols can often be more secure.

Question 7

It is better to use programmers for general testing because they are familiar with the architecture and code.

Accepted Answer

While programmers may be familiar with the architecture and code, general testing requires a broader perspective and knowledge of user behavior, requirements, and potential issues outside of the code itself. It is better to use a dedicated testing team or specialist who is trained in various testing techniques and can approach the application from a more comprehensive point of view.

Question 8

The testing phase of any applications is only a minor phase of the lifecycle.

Accepted Answer

The testing phase is a crucial phase in the application lifecycle, as it ensures that the application is functioning as expected and meets the requirements. It is not a minor phase.

Question 9

Fuzz testing and reliability testing are conducted during system testing.

Accepted Answer

Fuzz testing and reliability testing are both types of testing that are conducted during system testing. Fuzz testing involves generating and inputting invalid or unexpected data to see how the system handles it, while reliability testing checks the system's ability to function consistently over time and under different conditions. Both types of testing are important for ensuring the overall quality and reliability of the system.

Question 10

Use cases are a great starting point for functional test scripts.

Accepted Answer

Use cases define the expected behavior of a system and provide a clear understanding of what features need to be tested, making them a perfect starting point for functional test scripts.

Question 11

Testing should generate error-free software.

Accepted Answer

The answer of Testing should generate error-free software....

Question 12

Unit testing is the lowest level of testing a developer can conduct.

Accepted Answer

The answer of Unit testing is the lowest level of...

Question 13

There are two types of resourcres needed to execute the test case: -Internal -External

Accepted Answer

The answer of There are two types of resourcres needed...

Question 14

Internal threats don't pose any real problems and do not need to be considered.

Accepted Answer

The answer of Internal threats don't pose any real problems...

Question 15

Testing software consists of running a battery of test cases using multiple techniques against a specific use case and evaluating the results for pass or fail marks.

Accepted Answer

The answer of Testing software consists of running a battery...

Question 16

Security code scanners also report a number of false positives.

Accepted Answer

The answer of Security code scanners also report a number...

Question 17

Integrations testing is when two or more modules, web services, or platforms are linked together and tested.

Accepted Answer

The answer of Integrations testing is when two or more...

Question 18

Penetrations testing is a very rare practice in the security field.

Accepted Answer

The answer of Penetrations testing is a very rare practice...

Question 19

Source-based fault injections is when you go into the source code and force an error or an attack non-manually.

Accepted Answer

The answer of Source-based fault injections is when you go...

Question 20

A system test involves only a portion of the application.

Accepted Answer

The answer of A system test involves only a portion...

Question 21

What type of resources are tools or people who are hired on a temporary basis to come into a project, test the application, and report findings?&#10;A) Internal&#10;B) Tools&#10;C) Application Guide&#10;D) External

Accepted Answer

The answer of What type of resources are tools or...

Question 22

When testing for resiliency, what is being evaluated?&#10;A) Security vulnerabilities&#10;B) Policies and procedures&#10;C) Documentation&#10;D) Software

Accepted Answer

The answer of When testing for resiliency, what is being...

Question 23

What type of testing implies executing the current use case using valid inputs and then comparing the real results with expected results for pass or failures&#10;A) Dynamic&#10;B) Static&#10;C) Load&#10;D) Stress

Accepted Answer

The answer of What type of testing implies executing the...

Question 24

Code reviews, if conducted right can have a very positive effect on the team.

Accepted Answer

The answer of Code reviews, if conducted right can have...

Question 25

What type of scripts are specifically created for testing the security of the application?&#10;A) Secure testing&#10;B) automated&#10;C) functional testing&#10;D) User based

Accepted Answer

The answer of What type of scripts are specifically created...

Question 26

What are people-intensive verification techniques that are conducted either formally or informally that allow peers to read code statements and look for common security vulnerabilities, such as hard-coded IDs or passwords,and general quality features?

A) Code scanners
B) Code Reviews
C) Load testers
D) Fuzzing

Accepted Answer

The answer of What are people-intensive verification techniques that are...

Question 27

What defines how effective security is tested and implemented within the software?&#10;A) Software test plan&#10;B) User Acceptance reports&#10;C) Types of testing tools&#10;D) Software Assurance

Accepted Answer

The answer of What defines how effective security is tested...

Question 28

What tool scans (parse) through static code and analyze the code base for security vulnerabilities&#10;A) static code analyzers&#10;B) Application Guide&#10;C) Load testing&#10;D) Brute force tools

Accepted Answer

The answer of What tool scans (parse) through static code...

Question 29

Coding for resiliency means accepting the fact that something bad will happen and that when it does, you will be ready.

Accepted Answer

The answer of Coding for resiliency means accepting the fact...

Question 30

Static testing involves executing methods and techniques to test the code while running the application.

Accepted Answer

The answer of Static testing involves executing methods and techniques...

Question 31

What type of errors does unit testing find?&#10;A) errors with third party code modules&#10;B) heap management&#10;C) logic errors&#10;D) load balancing

Accepted Answer

The answer of What type of errors does unit testing...

Question 32

What is a technique that feeds random input data into applications just to see what happens to the results?&#10;A) Brute force&#10;B) Concurrent users&#10;C) Load test&#10;D) Fuzzing

Accepted Answer

The answer of What is a technique that feeds random...

Question 33

Who creates and approves the test plan?&#10;A) Developers&#10;B) Testers&#10;C) Project Management&#10;D) Business Analysts

Accepted Answer

The answer of Who creates and approves the test plan?&#10;A)...

Question 34

What are step-by-step instructions that depict a specific scenario or situation that the use case will encounter as well as the expected result?&#10;A) Secure test scripts&#10;B) Functional test scripts&#10;C) User acceptance&#10;D) Load testing

Accepted Answer

The answer of What are step-by-step instructions that depict a...

Question 35

Code review needs to include the developer who coded the software and one other person on the development team.

Accepted Answer

The answer of Code review needs to include the developer...

Question 36

Manually going into the source code and forcing an error or attack is called?&#10;A) Unit testing&#10;B) Source-based fault injections&#10;C) fuzzing&#10;D) code reviews

Accepted Answer

The answer of Manually going into the source code and...

Question 37

What test is when two or more modules or platforms are linked together and tested?&#10;A) System&#10;B) Integration&#10;C) Unit&#10;D) Load

Accepted Answer

The answer of What test is when two or more...

Question 38

Making something bad happen actually tests the dependencies and resiliency of the software.

Accepted Answer

The answer of Making something bad happen actually tests the...

Question 39

What is tested when the application produces correct results despite being under attack?&#10;A) Integrity&#10;B) Confidentiality&#10;C) Fuzzing&#10;D) Reliability

Accepted Answer

The answer of What is tested when the application produces...

Question 40

What type of test involves a complete front-to-back execution of the entire application?&#10;A) System&#10;B) Unit&#10;C) Integration&#10;D) Acceptance

Accepted Answer

The answer of What type of test involves a complete...

Question 41

What is the Holodeck tool used for?&#10;A) Load testing&#10;B) Heap management&#10;C) fault simulation&#10;D) brute force

Accepted Answer

The answer of What is the Holodeck tool used for?&#10;A)...

Question 42

What type of errors do code scanners catch?&#10;A) Security vulnerabilities&#10;B) Heap management&#10;C) Load testing&#10;D) Logic errors

Accepted Answer

The answer of What type of errors do code scanners...

Question 43

What type of errors does integration testing find?&#10;A) calls to services or third party modules&#10;B) logic problems&#10;C) syntax errors&#10;D) reporting problems

Accepted Answer

The answer of What type of errors does integration testing...

Question 44

What is a simulation tool used for?&#10;A) Syntax errors&#10;B) Concurrent users&#10;C) Security vulnerabilities&#10;D) logic errors

Accepted Answer

The answer of What is a simulation tool used for?&#10;A)...

Question 45

What type of errors does compilers find?&#10;A) Log errors&#10;B) Reporting errors&#10;C) Heap managements&#10;D) syntax

Accepted Answer

The answer of What type of errors does compilers find?&#10;A)...

Deck 10: Testing for Quality and Security