ISTQB Foundation Level Exam Crash Course Part-7

ISTQB Foundation Level Exam Crash Course Part-7

This is Part 7 of 35 containing 5 Questions (Q. 31 to 35) with detailed explanation as expected in ISTQB Foundation Level Exam Latest Syllabus updated in 2011

Deep study of these 175 questions shall be of great help in getting success in ISTQB Foundation Level Exam

Q. 31: What are the factors on which the success of reviews mainly depend?

When measuring the success of a particular review the following suggested success factors should be considered:

1) Each review should have a clearly predefined and agreed objective and the right people should be involved to ensure the objective is met. For example, in an inspection each reviewer will have a defined role and therefore

needs the experience to fulfil that role; this should include testers as valued reviewers.

2) Any defects found are welcomed, and expressed objectively.

3) The review should be seen as being conducted within an atmosphere of trust, so that the outcome will not be used for the evaluation of the participants, and that the people issues and psychological aspects are dealt with (e.g. making it a positive experience for the author and all participants).

4) Review techniques (both formal and informal) that are suitable to the type and level of software work-products and reviewers (this is especially important in inspections).

5) Checklists or roles should be used, where appropriate, to increase effectiveness of defect identification; for example, in an inspection, roles such as data entry clerk or technical architect may be required to review a particular document.

6) Management support is essential for a good review process (e.g. by incorporating adequate time for review activities in project schedules).

7) There should be an emphasis on learning and process improvement.

Other more quantitative approaches to success measurement could also be used:

a) How many defects found.

b) Time taken to review/inspect.

c) Percentage of project budget used/saved.

<<<<<< =================== >>>>>>

Q. 32: What do we do in Static Analysis � one of static testing techniques?

Like reviews, static analysis looks for defects without executing the code. However, unlike reviews static analysis is carried out once the code has been written. Its objective is to find defects in software source code and software models.

Source code is any series of statements written in some human-readable computer programming language that can then be converted to equivalent computer executable code – the developer normally generates it.

A software model is an image of the final solution developed using techniques such as Unified Modeling Language (UML); a software designer normally generates it.

Static analysis can find defects that are hard to find during test execution by analyzing the program code, e.g. instructions to the computer can be in the form of control flow graphs (how control passes between modules) and data flows (ensuring data is identified and correctly used).

<<<<<< =================== >>>>>>

Q. 33: What are the benefits of using static analysis � static testing technique?

1) Early detection of defects prior to test execution: As with reviews, the earlier the defect is found, the cheaper and easier it is to fix.

2) Early warning about suspicious aspects of the code or design: By the calculation of metrics, such as a high-complexity measure. If code is too complex it can be more prone to error or less dependent on the focus given to the code by developers. If they understand that the code has to be complex then they are more likely to check and double check that it is correct; however, if it is unexpectedly complex there is a higher chance that there will be a defect in it.

3) Identification of defects not easily found by dynamic testing: Such as development standard breaches as well as detecting dependencies and inconsistencies in software models, such as links or interfaces that were either incorrect or unknown before static analysis was carried out.

4) Improved maintainability of code and design: By carrying out static analysis, defects will be removed that would otherwise have increased the amount of maintenance required after �go live�. It can also recognize complex code that if corrected will make the code more understandable and therefore easier to maintain.

5) Prevention of defects: By identifying the defect early in the life cycle it is a lot easier to identify why it was there in the first place (root cause analysis) than during test execution, thus providing information on possible process improvement that could be made to prevent the same defect appearing again.

Static analysis tools add the greatest value when used during component and integration testing. This will normally involve their use by developers to check against predefined rules or development standards, and by designers during software modelling.

<<<<<< =================== >>>>>>

Q. 34: What type of defects are generally discovered by static analysis tools?

1) Referencing a variable with an undefined value, e.g. using a variable as part of a calculation before the variable has been given a value.

2) Inconsistent interface between modules and components, e.g. module X requests three values from module Y, which has only two outputs.

3) Variables that are never used. This is not strictly an error, but if a programmer declares a variable in a program and does not use it, there is a chance that some intended part of the program has inadvertently been omitted,

4) Unreachable (dead) code. This means lines of code that cannot be executed because the logic of the program does not provide any path in which that code is included.

5) Programming standards violations, e.g. if the standard is to add comments only at the end of the piece of code, but there are notes throughout the code, this would be a violation of standards.

6) Security vulnerabilities, e.g. password structures that are not secure.

7) Syntax violations of code and software models, e.g. incorrect use of the programming or modelling language.

<<<<<< =================== >>>>>>

Q. 35: What are the drawbacks of using static analysis tools?

A static analysis tool runs automatically and reports all defects it identifies, some of which may be insignificant and require little or no work to correct, whilst others could be critical and need urgent correction.

These defects therefore require strong management to ensure that the full benefit is obtained from using the tool in the first place.

Part – 8 of the Crash Course – ISTQB Foundation Exam

Access The Full Database of Crash Course Questions for ISTQB Foundation Level Certification