ISTQB Foundation Level Exam Crash Course Part-21
This is Part 21 of 35 containing 5 Questions (Q. 101 to 105) with detailed explanation as expected in ISTQB Foundation Level Exam Latest Syllabus updated in 2011
Deep study of these 175 questions shall be of great help in getting success in ISTQB Foundation Level Exam
Q. 101: What is the purpose of using Coverage Measurement Tools?
Coverage measurement tools measure the percentage of the code structure covered across white-box measurement techniques such as statement coverage and branch or decision coverage. In addition, they can also be used to measure coverage of modules and function calls. Coverage measurement tools are often integrated with static and dynamic analysis tools
and are primarily used by developers.Coverage measurement tools can measure code written in several programming languages, but not all tools can measure code written in all languages. They are useful for reporting coverage measurement and can therefore be used to assess test completion criteria and/or exit criteria.
Coverage measurement of requirements and test cases/scripts run can usually be obtained from test management tools. This function is unlikely to be provided by coverage measurement tools.
Coverage measurement can be carried out using intrusive or non-intrusive methods. Non-intrusive methods typically involve reviewing code and running code. Intrusive methods, such as �instrumenting the code� involve adding extra statements into the code. The code is then executed and the extra statements write back to a log in order to identify which statements and branches have been executed.
Instrumentation code can then be removed before it goes into production.
Intrusive methods can affect the accuracy of a test because, for example, slightly more processing will be required to cope with the additional code. This is known as the probe effect and testers need to be aware of its consequences and try to keep its impact to a minimum.
<<<<<< =================== >>>>>>
Q. 102: What is the purpose of using Security Testing Tools?
Security testing tools are used to test the functions that detect security threats and to evaluate the security characteristics of software. The security-testing tool would typically be used to assess the ability of the software under test to:
1) Handle computer viruses;
2) Protect data confidentiality and data integrity;
3) Prevent unauthorized access;
4) Carry out authentication checks of users;
5) Remain available under a denial of service attack;
6) Check non-repudiation attributes of digital signatures.
Security testing tools are mainly used to test e-commerce, e-business and websites. For example, a third-party security application such as a firewall may be integrated into a web-based application.
The skills required to develop and use security tools are very specialized and such tools are generally developed and used on a particular technology platform for a particular purpose. Therefore it maybe worth considering the use of specialist consultancies to perform such testing.
Security tools need to be constantly updated, as there are problems solved and new vulnerabilities discovered all the time – consider the number of Windows XP security releases to see the scale of security problems.
<<<<<< =================== >>>>>>
Q. 103: What is the purpose of using Dynamic Analysis Tools?
Dynamic analysis tools are used to detect the type of defects that are difficult to find during static testing. They are typically used by developers, during component testing and component integration testing, to:
1) Report on the state of the software during its execution;
2) Monitor the allocation, use and de-allocation of memory;
3) Identify memory leaks;
4) Detect time dependencies;
5) Identify unassigned pointers;
6) Check pointer arithmetic.
They are generally used for safety-critical and other high-risk software where reliability is critical.
Dynamic analysis tools are often integrated with static analysis and coverage measurement tools. For example, a developer may want to perform static analysis on code to localize defects so that they can be removed before component test execution.
The integrated tool may allow:
a) The code to be analyzed statically;
b) The code to be instrumented;
c) The code to be executed (dynamically).
Dynamic analysis tools are usually language specific, so to test code written in C++ you would need to have a version of a dynamic analysis tool that was specific to C++.
The tool could then:
a) Report static defects;
b) Report dynamic defects;
c) Provide coverage measurement figures;
d) Report upon the code being (dynamically) executed at various instrumentation points.
<<<<<< =================== >>>>>>
Q. 104: What is the purpose of using Performance Testing/Load Testing/Stress Testing Tools?
Performance testing is very difficult to do accurately and in a repeatable way without using test tools. Therefore performance-testing tools have been developed to carry out both load testing and stress testing.
Load testing reports upon the performance of a system under test, under various loads and usage patterns. A load generator (which is a type of test driver) can be used to simulate the load and required usage pattern by creating virtual users that execute predefined scripts across one or more test machines. Alternatively, response times or transaction times can be measured under various levels of usage by running automated repetitive test scripts via the user interface of the system under test. In both cases output will be written to a log. Reports or graphs can be generated from the contents of the log to monitor the level of performance.
Performance testing tools can also be used for stress testing. In this case, the load on the system under test is increased gradually (ramped up) in order to identify the usage pattern or load at which the system under test fails. For example, if an air traffic control system supports 200 concurrent aircraft in the defined air space, the entry of the 201st or 205th aircraft should not cause the whole system to fail.
Performance testing tools can be used against whole systems but they can also be used during system integration test to test an integrated group of systems, one or more servers, one or more databases or a whole environment.
If the risk analysis finds that the likelihood of performance degradation is low then it is likely that no performance testing will be carried out. For instance, a small enhancement to an existing mainframe system would not necessarily require any formal performance testing. Normal manual testing may be considered sufficient (during which poor performance might be noticed).
There are similarities between performance testing tools and test execution tools in that they both use test scripts and data-driven testing. They can both be left to run unattended overnight and both need a heavy up-front investment, which will take some period of time to pay back.
<<<<<< =================== >>>>>>
Q. 105: What type of defects can be detected by the use of Performance testing tools?
Performance testing tools can find defects such as:
1) General performance problems.
2) Performance bottlenecks.
3) Memory leakage (e.g. if the system is left running under heavy load for some time).
4) Record-locking problems.
5) Concurrency problems.
6) Excess usage of system resources.
7) Exhaustion of disk space.
The cost of some performance tools is high and the implementation and training costs are also high. In addition, finding experts in performance testing is not that easy. Therefore it is worth considering using specialist consultants to come in and carry out performance testing using such tools.
Part – 22 of the Crash Course – ISTQB Foundation Exam
Access The Full Database of Crash Course Questions for ISTQB Foundation Level Certification
An expert on R&D, Online Training and Publishing. He is M.Tech. (Honours) and is a part of the STG team since inception.