Assume that you are the Test Manager for a small insurance application development project.
You have decided to adopt a risk-based testing strategy: 5 product risks (R1, R2, R3, R4, R5)
have been identified and their levels of risk have been assessed. 10 test cases (T1, …, T10) have
been designed to cover all the product risks.
The following table shows the risk level and the test cases associated to the identified product
risks (higher risk level means higher risk):
You are not confident with the assessment of the risk level and you suspect that it will be possible
to find high-priority bugs in low-risk areas.

Furthermore the period for test execution is very short. Your goal is to test all the product risks in a
risk-based way, while assuring that each product risk gets at least some amount of testing.
Which of the following answers describes the best test execution schedule in this scenario?

Assume you are working on a CAS (Conditional Access System) for Pay-TV that allows the
access, selection and transfer of services and media to authorized users. Authorized users can
choose their services through different channels: Web Customer Portal, IVR (Interactive Voice
Response), Call Centre and SMS. The system uses a Smart Card to receive and decrypt the
broadcasted encrypted control words which allow decrypting pay-per-view TV. Every authorized
user must have a Smart Card and a Set-Top Box to view the contents.
The following is an excerpt from the product risk analysis document:

Both likelihood and impact have been rated on the following scale: (1 – Very low, 2 – Low, 3 –
Medium, 4 – High, 5 – Very High).
The required test environment and code have been delivered. All test cases for each identified
product risk item have been written and are ready to be executed. The Database used to contain
the Smart Cards is empty and so only new Smart Cards can be used during test execution.
A Smart Card can only be activated if it has been previously pre-activated. This means the postconditions for the execution of the test cases to test the pre-activation of the Smart Card are the
pre-conditions for activation of the Smart Card.
Which of the following statements represents the most effective contribution of the stakeholders to
the completion of the failure mode analysis table?

Assume that the following test cases have been executed at the end of the first week of test
execution: TC-001, TC-002 and TC-007. All these tests are ‘passes’.

What is the MINIMUM number of the remaining test cases that must be successfully executed to
fulfill the EX1 exit criteria?

You can count on well-written requirements, but you can’t count on an adequate contribution of the
stakeholders to the quality risk analysis. You have to mitigate the insufficient contribution of the
stakeholders because the risk-based testing approach shall minimize the product risks. Your test
team has one expert tester in security testing.
Which of the following test activities would you expect to be the less important in this context?

During the follow-up phase the following conditions are checked:
X1. The code has been completely reviewed
X2. All the identified defects have been correctly fixed and the modified code has been compiled
successfully and run through all the static analyzers used by the project without warnings and
errors
X3. The modified code is available under the configuration management system with a new
version number for the specified CI
If these conditions are fulfilled then the review process terminates.
Which of the following characteristics of a formal review is missing in this description?

Assume you are managing the system testing phase of a project.
The system test execution period is scheduled to twenty weeks.
All tests are manual tests. You are following a risk-driven test approach.
During the last staff meeting the project manager tells you new deadlines that will not allow
completion of all the system tests.

Which of the following would you expect to be the best way to respond to this situation?

You are performing a quality risk analysis for a CSCI (Computer Software Configuration Item)
used to implement a CBIT (Continuous Built-In Test) module of a safety-critical system.
During the quality risk analysis you are trying to identify the ways in which failures of the CBIT
module can occur, for each of them trying to determine the potential causes and likely effects, and
the risk level (calculated as the product of three factors: severity, occurrence and detection).
Which of the following risk analysis techniques are you working with?

You are working on a project to develop an authentication system for an e-commerce website.
This system provides two features: Registration and authentication. Two different development
teams develop these two features.

There is a high likelihood that the delivery of the authentication feature to the test team will be
three weeks later. To complete the registration the user must provide the following registration
inputs: Name, surname, birth date, fiscal code and he/she can select a username and a password.
A registered user can be a special user or a normal user. To be identified as a special user,
he/she must also provide, during the registration process, a voucher possibly received from the IT
department.
Access is granted only if a user is registered and the password is correct: In all other cases access
is denied. If the registered user is a special user and the password is wrong, a special warning is
shown on the system console.
You are currently performing a quality risk analysis using FMEA.
Based only on the given information, which of the following is NOT a product risk that could be
identified during the quality risk analysis?

Which of the following statements describing how identified product quality risks should be
mitigated and managed, is true?

Which of the following statements about management of product quality risks in mature
organizations with respect to the lifecycle, is true?