Tuesday, September 16, 2008

Software Testing FAQs

I] Software Testing:
What is Software Testing? AnswerWhy do software have defects? AnswerWhat is Software life cycle? AnswerWhite and Black box testing techniques AnswerWhat are the attributes of a Good Software Test Engineer? AnswerII] Software Quality:What is Software Quality Assurance (SQA) ?
Answer
Software quality assurance (SQA) involves the entire software development,
monitoring the software engineering processes and methods used to ensure quality
work products are delivered at each stage of the Software Development Life
Cycle. Internal audits are conducted in a planned manner at different stages of
software development life cycle. Audits are based on one or more standards,
usually ISO 9000.
SQA covers entire software development process, including processes such as
software design, coding, source code control, code reviews, change control
management, configuration management, and release management.
Advantages of having SQA
1) Satisfied Customers :- Since SQA ensures process is followed across different
phases of SDLC (Software Development Life Cycle) this would result in Quality
product that would translate to satisfied customers.
2) Reduced cost of development :- SQA is designed to prevent software defects,
and attain better stage containment. As a result development costs are
significantly reduced since all later stages of the development life cycle
become streamlined and simplified. Reduced cost of development also means
reduction in development schedule.
What is Cost of Quality (COQ) ?
Answer
Cost of Quality (COQ) is the cost incurred beyond the cost of developing the
Software “Correctly in first time”.
COQ quantifies the total cost incurred because of Defect prevention, detection,
fixing and any cost arising because of defects of the software.
Cost of Quality has three components.
1) Prevention Cost: This includes the cost incurred on Planning for Quality,
establishing methods, Procedures, training, as well as any money spent buying
tools.
2) Appraisal Cost: This includes cost incurred on reviewing and validating work
products/deliverables and software against requirements. Appraisal cost includes
cost of reviews, walkthroughs, testing and internal audits.
3) Failure Cost: This includes the cost incurred after the delivery of defective
software to customer. This cost includes all the cost of analyzing, fixing,
testing of post production defects reported by customers or end users of the
software. This cost also includes money paid as a penalty to customer for not
meeting the quality norms agreed and documented in SLA (Service Level
Agreement).
List ISO 9126 Quality Factors
Answer
ISO 9126 Quality Factors
ISO 9126 defines 6 key quality factors that could be used to assess software
quality.
Functionality: Degree to which software complies with requirements
specifications. Includes sub attributes accuracy, security, interoperability.
Reliability: Amount of time the software is available and functioning as
expected. Includes sub attributes fault tolerance, recoverability.
Usability: Indicates how easy it is to learn and use the software. Includes sub
attributes Learnability, Operability, accessibility.
Efficiency: Extent to which software efficiently uses available system
resources. Includes sub attributes memory, CPU, disk space and extern devices.
Maintainability: Indicates how easy is it to fix defects or enhance or add new
functionality to the software. Includes sub attributes analyzability,
changeability, testability.
Portability: Indicates how easy is it to port or migrate the software to a
different hardware or Operating system. Includes sub attributes installability,
adaptability and replaceability.

What is Validation?
Answer
Validation is a process of running the developed software and conducting tests
to check compliance with requirements.
Validation techniques used during Testing Stage are:- Unit Test, Integration
Test, System Test and UAT (User Acceptance Test)
What is Verification?
Answer
Verification is a process of confirming that the intermediate deliverables/work
products are developed as per pre defined specification and standards.
Verification techniques involves conducting Reviews, Walkthroughs and
Inspections. e.g.:- Requirement Reviews, Design Reviews, Test Case Reviews, Code
Walkthrough, Code Inspection and so on.
What is Inspection?
Answer
Inspection is one of the verification techniques. Inspection is formalized and
more structured than 'walkthrough'. Participants of an inspection are a
moderator, reader, and a recorder to take notes. Inspection is typically carried
out for Requirements specification, Code, Test plan etc. with an intent of
finding gaps or problems, record the same and present the outcome of inspection
as a report. Inspection is one of the effective methods to find gaps or issues
in the work products, as verification is done more systematically than
Walkthroughs.
What is Walkthrough?
Answer
Walkthrough is one of the verification techniques. "Walkthrough" is an informal
meeting conducted for evaluation or informational purposes. Walkthrough does not
require much preparation like inspection. Objectives of walkthrough is to verify
algorithm or code or automated scripts or any other deliverable are created as
per standards e.g.:- coding standards are employed etc. Walkthroughs are also
used for assessing competency of an individual or a team.III] Lessons Learnt:Report Defects immediately after you find them ReadDo not use number of defects to measure tester performance ReadAvoid logging duplicate defects ReadTesters should not exaggerate on their defects ReadReport defects as it is and do not tell how to fix it ReadIV] Types of Testing:What is Black Box Testing?
AnswerBlack box testing
Black-box is a testing method in which test data are derived from the specified
functional requirements without regard to the final program structure. It is
also termed data-driven, input/output driven or requirements-based testing.
Because only the functionality of the software module is of concern, black-box
testing also mainly refers to
functional testing, a testing method emphasized on executing the functions and
examination of their input and output data. The tester treats the software under
test as a black box only the inputs, outputs and specification are visible, and
the functionality is determined by observing the outputs to corresponding
inputs. In testing, various inputs are exercised and the outputs are compared
against specification to validate the correctness. All test cases are derived
from the specification. No implementation details of the code are considered.

What is White Box or Glass Box testing?
Answer
White box or glass-box testing
Structure and flow of the software under test are analyzed by the tester. Test
plans are made according to the details of the software implementation, such as
programming language, logic, and styles. Test cases are derived from the program
structure. White-box testing is also known as logic-driven testing or
design-based testing. Control-flow testing, loop testing, and data-flow testing,
all maps the corresponding flow structure of the software into a directed graph.
Test cases are carefully selected based on the criterion that all the nodes or
paths are covered or traversed at least once.
What is Unit Testing?
AnswerUnit testing
The most 'micro' scale of testing; to test particular functions or code modules.
Typically done by the programmer and not by testers, as it requires detailed
knowledge of the internal program design and code. Not always easily done unless
the application has a well-designed architecture with tight code; may require
developing test driver modules or test harnesses.

What is Integration Testing?
Answer
Integration testing
Also called as Integration and Testing, abbreviated I&T. Is the phase of
software testing in which individual software modules or individual
applications, client and server applications on a network, combined and tested
as a group. Integration testing is done after Unit testing is completed and
before system testing starts. Integration testing takes modules that have been
unit tested as its input, groups them in larger aggregates, applies tests
defined in an integration test plan to those aggregates, and delivers as its
output the integrated system ready for system testing. Different types of
integration testing are big bang, top-down, and bottom-up.
What is Incremental Integration Testing?
AnswerIncremental integration testing
Software or application is developed incrementally and tested after each
enhancement; requires that various aspects of an application's functionality be
independent enough to work separately before all parts of the program are
completed, or that test drivers be developed as needed.

What is Alpha Testing?
Answer
What is Beta Testing?
Answer
What is Comparison Testing?
AnswerComparison testing
Involves Comparing software weaknesses and strengths to competing
software(s)/products. Below are some of the key attributes of the software that
would be typically compared.
- Features
- Ease of Use
- Performance
- Price
- Usability
- Reliability


What is Mutation Testing? AnswerWhat is Ad hoc Testing?
Answer
Ad-hoc testing
Is an informal testing performed without a planning and documentation. Intention
of performing Ad-hoc testing is to find defects that are not already uncovered
by other types of testing i.e., Functional, Regression testing etc. However the
tester performing Ad-hoc testing would have thought through on what part of the
software/functionality he/she is going test. Tester would perform Ad-hoc testing
on the part of the software/functionality where he/she anticipates to find
defects based on his experience. It contrasts to regression testing that looks
for a specific issue with detailed reproduction steps, and a clear expected
result.
What is Exploratory Testing? AnswerWhat is Compatibility Testing? AnswerWhat is Security testing? Answer
What is Penetration Testing?
Answer
Penetration testing
Is a method of measuring the security of a computer system, software and network
by simulating an attack as a malicious user/hacker.
Penetration tests can be conducted as a Black Box, White box or gray box
testing. Testers performing the tests should be knowledgeable about the IP
addresses, configuration, infrastructure, network diagrams and source code
information in order to perform an effective Penetration testing. There are
softwares available in the market that would help in performing penetration
testing effectively e.g., ISS, Nessus, WebInspect etc.,
Methodology used for penetration testing :
1) Port scanning:- Scan open TCP, UDP ports using a port scanning software. port
scanner is a piece of software designed to search a network host for open ports.
This is often used by system administrators to check the security of their
networks and by hackers to compromise it.
2) SQL Injection:- SQL injection is a type of security exploit in which the
attacker submits Structured Query Language (SQL) code along with the data that
is being submitted, as a result hacker would be running the SQL or PL/SQL code
of his choice. It is possible in windows/desktop applications because there queries are used but but not in web applications because Stored Procedures /“SP” are used there.
3) Service probing:- Scan for services that can used without authentication or
can launch DOS (Denial of Service) attack.

What is Failover Testing?
Answer
Failover testing
Primary objective of Failover testing is to find out when the primary hardware
or software or component or server or web service etc., fails, the Secondary
system should be automatically engaged as specified in the Configuration file.
e.g.:- If Webservice1 is goes down then after pre defined number of (as in
config file) retries all the web service requests should get redirected to
Webservice2. If webservice2 is also down then the web service requests are
directed to webservice3. So the configuration file will details on how many
secondary systems are available and the order of engaging the systems or
service.
Failover testing provides technology specialists a realistic benchmark of how a
mission critical component will respond when failure occurs.
Failover testing is very critical incase of Banking, Financial, Telecom and
other real-time systems where disruption of the service due to
application/software/Database/Network/hardware is not acceptable.

What is Web Service?
AnswerA 'Web service' (also Web Service) is defined by the W3C as "a software system designed to support interoperable Machine to Machine interaction over a network"[1]. Web services are frequently just Web APIs that can be accessed over a network, such as the Internet, and executed on a remote system hosting the requested services.
The W3C Web service definition encompasses many different systems, but in common usage the term refers to clients and servers that communicate using XML messages that follow the SOAP standard. In such systems, there is often machine-readable description of the operations offered by the service written in the Web Services Description Language (WSDL). The latter is not a requirement of a SOAP endpoint, but it is a prerequisite for automated client-side code generation in many Java and .NET SOAP frameworks (frameworks such as Spring, Apache Axis2 and Apache CXF being notable exceptions). Some industry organizations, such as the WS-I, mandate both SOAP and WSDL in their definition of a Web service.
More recently, RESTful Web services have been regaining popularity. These also meet the W3C definition, and are often better integrated with HTTP than SOAP-based services. They do not require XML messages or WSDL service-API definitions.
What is Recovery Testing? AnswerWhat is Install - Uninstall Testing? AnswerWhat is Usability Testing? Answer
What is Performance Testing?
Answer
Is testing that is performed, to determine how fast the software would respond
under specified load. The tests are also carried out to validate that the
software meets the performance requirements. It can also serve to validate and
verify other quality attributes of the system, such as scalability, reliability
and resource usage.
Performance testing can serve different purposes. It can demonstrate that the
system (software + hardware) meets performance criteria. It can compare two
environments to find which performs better. E.g. same application is tested using different browsers, different OS, along with different configuration P3,P4 machine and different RAMs. Performance testing is done by using
load testing software.
What is Stress Testing? Answer

What is User Acceptance Testing (UAT) ?
Answer
User Acceptance Testing (UAT) is a process to obtain confirmation by owner or
client of the software under test, through trial or review, that the
modification or additions done in the software meets mutually agreed-upon
requirements. In software development, UAT is the final stages of a project and
often occurs before a client or customer sign-off on the new system. The UAT
acts as a final verification of the required business function and proper
functioning of the system, emulating real-world usage conditions.
What is Load Testing? AnswerWhat is Regression Testing? Answer
What is Smoke Testing?
AnswerSmoke testing
Smoke test is a collection of tests that are performed on a system or an
application before accepting the new version or build for further testing. This
is also known as a build verification test. This is a "shallow and wide"
approach to the application. The tester "touches" all areas of the application
without getting too deep, looking for answers to basic questions like "Are there
any show stopper defects that would prevent me from carrying out major
testing?". Smoke testing is done before System or regression testing is carried
out.

What is Sanity Testing?
Answer
Sanity testing
This is an initial testing effort to determine if the newer version of the
software is performing well enough so that major testing effort (system or
regression or performance testing etc.,) can be carried out. For example, if the
newer version of the software is crashing systems every 2 minutes, or the page
response is very slow.

What is End to End Testing?
Answer
End-to-end testing
Is similar to system testing, Test activity aimed at proving the correct
implementation of a required function at a level where the entire
hardware/software chain involved in the execution of the function is available.
Involves testing of a complete application environment in a situation that
mimics real-world use, such as interacting with a database, using network
communications, or interacting with other applications, hardware, or as
appropriate.
What is System Testing?
Answer
System testing
Is the type of testing conducted on a complete, integrated system to evaluate
the system's compliance with its specified requirements. System testing falls
within the scope of black box testing, and as such, would require no knowledge
of the inner design of the code or logic of application or software. System
testing is done by testing team/testers.

What is Operation Readiness Test (ORT) ?
Answer
ORT is also know as "Pre Go Live" Test. Objective of ORT is to ensure
application is configured and functioning correctly in production environment
before end users start using the application.

ORT has two phases:
1) Code deployment and configuration verification: In this phase, Development or
testing team will verify the changes made by OPS (Operations) and/or DBA team(s)
are correctly done.
2) Application tests: In this phase, testing team will perform high level sanity
test by navigating through few application flows to check application
availability before passing it on for Business Users for testing. Business users
will perform the actual ORT. Usually Business users execute key UAT test cases
to certify application is working fine in Production environment.
What is Browser Compatibility Testing (BCT) ? AnswerWhat to Testing in Browser Compatibility Testing? AnswerV] Test Cases and Scenarios:What are Test Cases?
Answer
A test case contains a sequence of Steps describing actions to be performed,
test data to be used and an expected response for each action performed. Test
Cases are written based on Business & Functional/Technical requirements, use
cases and Technical design documents.

There can be 1:1 or 1:N or N:1 or N:N relationship between requirements and Test
cases i.e., 1 requirements can have multiple test cases OR 1 test case can cover
multiple requirements.

The level of details specified in test cases will vary depending on
Organizations, Projects and also on the Test Case Template used OR on the Test
Management tool being used in the project.

Construction of Test Cases also helps in finding issues or gaps in the
requirements or Technical design itself. As Test Case construction activity
would make tester to think through different possible Positive and Negative
scenarios.
What are the details captured by a Good Test Case Template?
Answer1) Requirement ID(s) being covered in the Test Case.
2) Test Condition(s) and Expected Result(s) being exercised in the Test Case.
3) Initial setup required for executing the test script. This could be
environment or data or configuration setup to be done before running the test
case.
4) Post execution activities. For e.g.:- Delete the application user 'WebAdmin'
after test execution is completed.
5) Priority (High, Medium and Low) of the Test Case. Priority will help the
tester to decide which test case(s) have to be run earlier than others.
6) Complexity of the Test Case. It will help to identify and filter Test Cases
based on complexity. This would help in assigning test cases to testers, before
test execution.
7) Approximate time required for executing the test case. This entry is required
from Project management perspective to track the productivity and also to ensure
we can still meet the test execution deadlines.
8) Test Steps. This contains instruction on what actions to perform and what
test data to use.
9) Expected results. Each Test Step will have a corresponding Expected result
field that would specify the expected response.
10) Actual result. Each Test Step will have a corresponding Actual result field.
Tester would enter the details on the response he saw after executing the test
step.
11) Test Step result. Typically this field would contain values Not Applicable,
No Run, Passed, Failed or in progress etc
12) Test Case Version number
13) Test case creation timestamp.
14) Revision history. When and who wrote or modified the test case etc.
15) Test Case status (Draft, completed, reviewed, Not Valid etc.)
16) Test Case execution timestamps.
17) Associated Defects. This field will help to identify what are the existing
defect(s) that are associated with the test case.
18) Project Name
19) Application Name

What is Boundary Value Analysis (BVA) ?
Answer
BVA is a test case design technique and used for identifying test data. As a
matter of fact, errors tend to occur at boundaries of input domain than
inside/middle of input domain range. BVA and
Equivalence Partition are test case design techniques that complement each
other.

e.g.:- If a field accepts a range of values (at least $200 but equal or less
than $1000) would have 3 equivalence classes.
- Lower Boundary Plus and Minus 1 (i.e. $199 and $200)
- Equal to Boundaries ($200 and $1000)
- Upper Boundary Plus and Minus 1 (i.e. $999 and $1001)


What is Equivalence Partition?
AnswerEquivalence Partition is a test case design technique and used for identifying
test data. Equivalence Partition is used to identify Test Data and classify test
data as input classes i.e.:- Valid and Invalid classes of test data. Objective
of Equivalence Partition is to uncover classes of errors and efficiently design
test cases.

Equivalence Partition and Boundary Value Analysis are test case design
techniques that complement each other.

e.g.:- If a field accepts a range of values (at least $200 but equal or less
than $1000) would have 3 equivalence classes.
- Less than $200 (invalid classes)
- Greater than $1000 (invalid classes)
- Equal to $200 and not greater than $1000 (Valid Classes)

Effective equivalence classes can be defined as per below guidelines.
1) Incase an input condition specifies a range or specific values then One valid
and
two invalid classes can be defined.
2) Incase an input condition specifies Boolean values or a set of inputs values
then One valid and One invalid classes can be defined.


What is Error Guessing?
Answer
Error guessing is a test case design technique. Error guessing will require tester to think out of the box and would involve intuition and experience of the tester. Error guessing techniques are applied in addition to other test case design techniques with the intention of identifying missing negative test conditions.e.g.:- If a date field has to be tested then some of the inputs that could be derived from error guessing are- 31/06/1999 (June has only 30 days in a month)- 29/02/2003 (2003 is not a leap year)- 00/00/0000
Certifications:Advantages of Getting Certified
Answer
Advantages of getting Certified
IT industry is becoming more competitive as more experienced and skilled
software engineers are adding on to work force year after year. In order to
quickly identify skilled Software Engineers, management and HR give preference
for certified professionals. Getting certified creates value for individuals and
organization they are working for.

Motivation for companies to hire certified professionals are as below:
1) Reduce time and money spent on interviewing candidates by giving preference
for certified professionals. As the success rate of finding candidates with
right skill set would be higher when they interview certified professionals.

2) Certified professionals have demonstrated their ability by passing the
certification on particular technology / tools / domains. Companies will save
money on training cost & time on the skill set they are looking for.

3) Certified candidates are considered as valuable assets for a company. As
companies can project the certification statistics to prospective clients and
have a strategic advantage over Business competitors.

4) Most of the Service provider companies have higher billing rates for
certified employees. Having more certified employees would mean more revenue for
the company.

Monetary and Non-Monetary benefits for Certified Individuals:
1) Any Certification would require enhancing knowledge on Technology, tool or
domain. This would help individuals to make a committed effort on learning the
desired skill set in the planned timeframe.

2) Recognition from peers and Management as an SME (Subject Matter Expect).

3) Increased chances of getting higher pay and have an edge over peers during
promotion.

4) Increased self confidence in professional capabilities.

5) Greater chances of being recognized and recruited by top companies in the
industry.
Certifications on Software Testing AnswerCSTE Certification AnswerCSPM Certification AnswerVII] Test Plan:
What is Test Plan?
Answer

Test Plan is a document that describes Scope, approach, schedule, Resources,
environments, Test Cycles and other details involved in testing activities.
Test Plan also documents features to be tested, features that would not / cannot
be tested, exit & Entry criteria, assumptions, risks identified, how the
identified risks are tracked and mitigated and roles & responsibilities of the
people involved.
Test plan template, based on IEEE 829 format
1) Test Plan Identifier:- A unique identifier e.g.:-
TestPlan_project_app-Name_release-Num_version-Num.doc Naming convention depends
on the Organization standards followed.
2) References: - Business Requirements, Functional Requirements, Project Plan,
High Level and Detail design documents, Documents detailing organization’s
process etc.,
3) Introduction: - objective or scope of the Test plan, process to used for
change control, communication.
4) Test Items: - Functionality that would be tested. It contains delivery
schedule of key deliverables.
5) Software Risk Issue: - Known or anticipated risks associated with project or
testing activities, tools or people.
6) Features to be tested: - List of features that will be tested.
7) Features not to be tested: - List of features ‘not’ to be tested. There are
several reasons why some of the features are not being tested, they are
a) Functionality already exists, found to be stable and not impacted by current
implementation.
b) Functionality will not be used in this release.
8) Approach:- This is the most important part of the Test Plan. Below are the
details covered in Approach.
a) Types of tests carried out and details of the responsible team/individuals.
b) Pass Execution details.
c) Hardware, Software and tools used for testing.
d) Levels of regression testing that would be carried out.
e) CM (Configuration Management) setup and usage.
f) Metrics collected during different stages of the project.
9) Item Pass/Fail Criteria:- Criteria used to determine each test item has
passed or failed.
10) Entry & Exit Criteria:- Explains on when to start and stop testing.
11) Suspension Criteria and Resumption Requirements:- criteria used to suspend
all / portion of testing activities. Similarly resumption criteria specify when
to resume testing after it was suspended.
12) Test Deliverables:- Documents, process deliverables, Metrics, Reports to be
generated during different phases of testing.
13) Remaining Test Tasks: - This section details on the parts of the application
that this plan does not address, because the testing may be done by external
team or company.
14) Environmental Needs: - Specific details of Hardware configuration, Operating
System and other software requirements.
15) Staffing and Training Needs: - Training needs of domain knowledge,
Automation or any other tools required for testing etc.,
16) Responsibilities:- Details on who is responsible for what task and what is
the escalation mechanism.
17) Planning Risks and Contingencies: - Details on over risk of the project but
detailing more on risks associated with testing phase and also a plan on how to
mitigate the risk.
18) Approvals:- Different stake holders of the project can approve certain
deliverables e.g.:- Business approves UID (User Interface Design) document etc.
Most of the deliverables will require approvals from multiple stakeholders.
VI] Software Process and CMM:
What is Capability Maturity Model (CMM)?
Answer
Carnegie Mellon University’s Software Engineering Institute defined a model on
Software Engineering process capabilities that could be used to understand and
measure the process capability maturity of organizations.

CMM has been replaced by CMMI (Capability Maturity Model Integration) and CMM
was renamed to Software Engineering Capability Maturity Model (SE-CMM).

CMM / SE-CMM defines five different levels of Process Maturity from Level 1 to
Level 5:
Level 1 - Initial / Ad hoc
Level 2 - Repeatable / Controlled
Level 3 - Defined / Core-Competency
Level 4 - Managed/Predictable
Level 5 - Optimizing / Predictable
CMM Levels AnswerWhat is Key Process Area (KPA)?
Answer

What is KPA (Key Process Area)?
SEI (Software Engineering Institute) has defined KPAs (key Process Areas) for
each of the CMM and CMMI process maturity levels. KPAs describes the Software
Engineering and Project Management functions that (e.g.:- Requirements
Management, SCM etc.,) that must be followed to meet the practices of a
particular CMM or CMMI process level.
KPAs of CMM and SE-CMM
Answer
KPAs of CMM / SE-CMM
18 KPAs (Key Process Areas) are defined across all the levels of CMM / SE-CMM.
KPAs at Level 1: There are not KPAs defined for this level.
KPAs at Level 2: 6 KPAs are defined at this Level
Software Project Planning (SPP)
Software Requirement Management (SRM)
Software Quality Assurance (SQA)
Software Configuration Management (SCM)
Software Project Tracking & Oversight (SPT)
Software Subcontract Management (SSM)

KPAs at Level 3: 7 KPAs are defined at this Level, plus includes KPAs defined at
Level 2
Software Product Engineering (SPE)
Organizational Process Definition (OPD)
Organizational Process Focus (OPF)
Peer Review (PR)
Integrated Software Management (ISM)
Inter-Group Coordination (IGC)
Training Program (TP)

KPAs at Level 4: 2 KPAs at defined at this Level, plus includes KPAs defined at
Levels 3 & 2
Quality Process Management (QPM)
Software Quality Management (SQM)

KPAs at Level 5: 3 KPAs at defined at this Level, plus includes KPAs defined at
Levels 4, 3 & 2
Defect Prevention (DP)
Process Change Management (PCM)
Technology Change Management (TCM)
KPAs of CMMI
Answer
KPAs of CMMI
22 KPAs are defined across all the levels of CMMI as per CMMI version 1.2
Level 1: No KPAs defined at this level.
Level 2: 7 KPAs are defined at this Level
Configuration Management (CM)
Measurement and Analysis (MA)
Project Monitoring and Control (PMC)
Project Planning (PP)
Process and Product Quality Assurance (PPQA)
Requirements Management (REQM)
Supplier Agreement Management (SAM)

Level 3: 11 KPAs are defined at this Level, plus KPAs defined at Level 2
Decision Analysis and Resolution (DAR)
Integrated Project Management (IPM)
Organizational Process Definition (OPD)
Organizational Process Focus (OPF)
Organizational Training (OT)
Product Integration (PI)
Requirements Development (RD)
Risk Management (RSKM)
Technical Solution (TS)
Validation (VL)
Verification (VER)

Maturity Level 4: 2 KPAs at defined at this Level, plus KPAs defined at Levels 3
& 2
Quantitative Project Management (QPM)
Organizational Process Performance (OPP)

Maturity Level 5: 2 KPAs at defined at this Level, plus KPAs defined at Levels
4, 3 & 2
Causal Analysis and Resolution (CAR)
Organizational Innovation and Deployment (OID)Trial and Free Software and downloads:QTP Trial Software download AnswerRFT Trial software download AnswerOpenSTA (Load testing) software download AnswerLoadrunner Software download AnswerLoadrunner:How is Performance or Load testing planned? AnswerComponents of LoadRunner AnswerWhy do we define Transactions in Performance or Load Testing? AnswerWhat is Rendezvous Point? AnswerWhy is Loadrunner one the Best Performance Testing Tools?AnswerDefects:How to write Good Defect Reports?
Answer
A Good defect report will not just convey what is not working but also details
on how to reproduce the defect and what is the impact of the defect from
Customer’s perspective. So that defects get prioritized correctly and gets fixed
on time.

1) Before logging a defect, check the following
a) Check Defect reproducibility: Check if the defect is always reproducible or
frequently reproducible or you were able to reproduce the defect only once. If a
defect is not always reproducible then you will have to mention the same in the
description of the defect, so that the defect does not get rejected as not
reproducible.
b) Check if the defect is already reported: Its important that you check in
defect tracker or talk to your peers/Test Lead to ensure the defect is not
already logged, which would save your time from logging a defect that would get
rejected as “Duplicate”.
c) Find out alternative paths to same defect: In most of the cases, same defect
can be reproduced in alternate paths. If alternate paths are not specified in
the defect report then developer would not fix it.
2) Submit one defect per defect report i.e., do not combine 2 or more defects in
a single defect report. Different defects will have different severities &
priorities and even the developers who fixing the defects could be different.
This usually makes developers complain on the way defects are reported.
3) “Title” of the defect is short and precise.
e.g.:- SysAdmin - Change Password - does not accept special characters
Looking at the title, a developer will immediately come to know what’s the
problem.
4) Write defect report in simple words and do not use any words or sentences
that would result in ambiguity. so that developer(s) won’t call you for
clarifications. Use application / domain / technology specific words to reduce
ambiguity.
5) Mention the associated requirement number(s) at the top in “Description”
field. e.g.:- Impacted Requirement(s) Nos: FCT-Login-01, FCT-Login-02. Incase
the defect management software does not provide a separate field to indicate the
associated requirement(s).
6) Provide step by step instructions in defect “Description” field to reproduce
the defect along with test data to be used.
7) Attach Screenshots/snapshot of the application with error message(s).
Screenshots will provide better understanding of the defect to the developer or
anybody who sees the screenshots.
8) Attach application log(s) when required, so that it would help developers to
fix the defect in less time and efficiently.
9) In “Comments” section, mention the associated failed test cases to be re-run
once the defect is fixed.
10) Select/Provide correct severity for the defect. Do not simply increase
defect severity because it is a defect logged by you or you want to get your
defect fixed sooner.
11) Just before submitting the defect report, re-verify all the values
entered/Options selected in the defect report are correct. As an example, If the
release column value is incorrectly selected or entered in the defect report
then there are chances that the defect won’t even get noticed and hence fixed as
Developers filter by Application and Release columns.
What is Defect?
Answer
Defect is a problem detected in Software output and a non-confirmance with
software requriements. Any missing or incorrect or extra behaviour exhibited by
the system will be considered as a Defect.
Defect Severity Answer
Fields of a Good Defect reporting Template
Answer
Below are the list of fields that a Good Defect report tool/template would support.
Defect Id
Project Name
Application Name
Defect Title
Detailed Defect Description
Related to Module/Component
Attachment (Provision to attach screen shots, logs, data sheet etc.,)
Defect Status (e.g.:- New, Open, Assigned, Fixed, Closed, Rejected, Deferred
etc.,)
Defect Severity
Defect Priority
Detected By
Detected in Environment (Development, Integration Test, System Test,
Pre-Production, UAT, Production)
Detected in Phase
Detected in Version
Detected in Build No.
Detected on Date and Time
Fixed in Phase
Fixed in Version
Fixed in Build No.
Fixed on Date and Time
Fix Verified in Environment (Development, Integration Test, System Test,
Pre-Production, UAT, Production)
Assigned to
Requirement No.
Defect Root Cause
Comments
Defect History (Non editable field that displays history of the defect)
Associated Test Case(s)
Is this a Regression Defect? (Yes/No/Don't know)
Estimated Time to Fix
Actual Time taken to Fix
Estimated Time required to Retest
Is it possible to have a defect with high severity and low priority and vice-versa?
Answer
Yes, it is Possible. Severity indicates how bad the defect is and Priority
indicates how soon the defect should be fixed. In most of the cases if defect
severity is high then priority will also be high and viz. However its also
possible the Defect with high severity can have low priority and the reverse as
well. Below are examples.


Defect with low severity and high priority.
Scenario: Text "User Nam:" is displayed instead of "User Name:" on the
application login page.
Answer: In this case, Defect Severity is low (Severity 4) as it is a spell
mistake but Priority is high (Priority 1) because it’s high visibility.


Defect with high severity and low priority.
Scenario: While changing password if SysAdmin enters more than 100 characters in
"Change Password" and "Confirm Password" fields, then the entire database gets
corrupted.
Answer: In this case, Defect Severity is High (Severity 1) as the entire
database gets corrupted, however Priority is low (Priority 4) because in actual
usage, SysAdmin will never want a password more than 100 chars.SDLC:What is SDLC? Answer
What is JAD (Joint Application Development) Session?
Answer
Meetings conducted between software producers and customers/end users to
discuss, negotiate and agree/finalize upon software requirements.SCM:What is SCM?
AnswerWhat is SCM (Software configuration management)?
Software configuration management (SCM) is task involving Storage, control,
Coordination, tracking changes and auditing. SCM involves storing and managing
requirements, change requests, builds, documents, issues, designs, libraries,
patches, and track changes made to them.
Goals of SCM are:
1) Environment management - Managing the software and hardware of different
(Development, Test, Production, UAT) environments.
2) Configuration identification - What is the code / build that is running on
our environments?
3) Configuration control - Controlling the release of a product or patch.
4) Process management - Ensuring adherence to the organization’s software
development process.
5) Build management - Managing the process and tools used for builds.
6) Tracking - Making sure every Requirement, Test Cases and defects are
traceable.
Below are few Configuration Management Softwares:
1) Microsoft—Visual Source Safe
2) IBM Rational—ClearCase
3) Open Source Software (Free) -- Git
4) Open Source Software (Free) – Darcs
Security:What is SQL Injection?
Answer
SQL injection is a type of technique to exploit security vulnerability of an
application using a database. SQL injections are used to Retrieve information
from database OR gain unauthorized access to a database. Function-based SQL
injection attacks are of concern as these attacks do not require knowledge of
the application being targeted. SQL injection is easy to perform and can be
prevented by following coding practices. SQL Injection can be prevented by
validating every dynamic SQL statement and or by using bind variables.
SQL Injection Attacks can be categorized as below:
1) SQL Manipulation: Involves modifying the SQL statement by altering the WHERE
clause to return a different result OR by using set operations (e.g., Union).
e.g.:-
Passing x’ or ‘1’=’1 as value in User Name field, if code does not filter user
input for escape characters then the query can get all the user names other than
for the current user.
SQLstatement := “SELECT * FROM user_table WHERE name = ‘” + user_Name + “’;”
2) Code Injection: when an attacker appends or inserts new database commands or
SQL statements into SQL statement. Injecting SQL Server EXECUTE command is a
common code injection attack.
e.g.:-
If a database allows execution of multiple statement like MS SQL Server, then
user can manipulate SQL statement by passing the below stringx’;DROP TABLE
user_table
3) Function Call Injection: Insertion of database or custom functions into a
vulnerable SQL statement. These function calls will be used to make calls to
Operating system or manipulate date in the database.
e.g.:-
In the below example attacker is using “adduser” function of “commonfunctions”
package. Here the text string “commonfunctions.adduser(‘SystemAdmin’, ‘xyz’)”
was passed as input to application.
SELECT TRANSLATE(“ commonfunctions.adduser(‘SystemAdmin’, ‘xyz’) “,
‘324’,’657’)FROM dual;
4) Buffer Overflows: Attacker injects functions that have vulnerabilities and
which would result in buffer overflows. Buffer overflow injection is also part
of function call injection. To prevent Buffer Overflow attacks database servers
have to be patched regularly.Standards:W3C Standards and Validators
Answer
W3C Standards and Validators
W3C is an international consortium where full-time staff, organizations, and
public work together to develop Web standards. W3C primary mission is to create
Web standards and guidelines.
Tim Berners-Lee and others founded W3C. In 1989, Mr. Berners-Lee, invented the
World Wide Web (WWW) when he was working at the European Organization for
Nuclear Research (CERN). Since 1994, Berners-Lee has served as W3C Director.
Since 1994, W3C has published more than more than 100 such standards. Visit W3C
Specifications, this link contains list of latest specifications on HTML, XHTML,
XML, P3P, CSS, SOAP, Mobile Web Best Practices and several others.

Visit link Validators to validate your web pages or files against standards of
HTML, CSS, P3P, XML, check for broken links, MobileOK etc.,VIII] Database:What are Codd’s rules?
Answer
Codd’s rules, are a set of 12 rules proposed by Edgar F. Codd, that defines the
criteria for a database management system to be considered as (RDBMS) relational
data management system.
Rule 1: The information rule
All information in the database are represented as Tables, rows and columns.

Rule 2: Rule of guaranteed access
All data must be accessible with no ambiguity. This is the rule that specifies
provision of primary keys. It says that every individual value in the database
must be logically addressable by specifying the name the table, column and
primary key of the row containing the value.
Rule 3: Systematic treatment of null values
DBMS should allow null (or empty) values and should be treated as missing or not
applicable information. Null values should not be treated as zero or space and
is not dependent of a supported data type.
Rule 4: Catalog based
Database structure is stored in catalogs. Catalogs should be accessible by
authorized user with required privileges. Users should be able to access the
information in catalogs using the same query language that is used for accessing
data.
Rule 5: Data sub language rule
System should support at least one Relational language that has linear syntax,
that supports data definition, data manipulation, security and integrity and
transaction management operations and can be used interactively or with in the
application.
Rule 6: View updating rule
Any view that are theoretically updateable must be updateable by the system.
Rule 7: Data Manipulation
Select, insert, update and delete should be allowed on set or a single row of a
table based on the criteria specified in the query.
Rule 8: Physical data independence
Changes to the physical level must not require a change to an application based
on the structure.
Rule 9: Logical data independence
Changes to the logical level must not require a change to an application based
on the structure.
Rule 10: Integrity independence
Integrity constraints should be allowed to be specified independently and should
be stored in Catalog. Integrity constraints should be allowed to be modified.
Rule 11: Data Distribution independence
Data distributed in various locations should be invisible to users of the
database. This is applicable when the data is stored for the first time or when
data is redistributed by data management system for optimization or any other
reason.
Rule 12: The no subversion rule
If the database system provides low-level language, then the low-level language
should not be allowed to bypassing integrity constraints or security
constraints.
Myths:Are Testers are alone responsible for Quality? AnswerBooks and Tutorials:Good books on Software Testing Answer




Some General Question other than testing

1. How do you connect to a database in C or C Plus Plus?

The C or C++ not have standard libraries to manage databases, you need to use the libraries provided by the compiler, or database vendors or any 3rd party libraries to connect and manage databases.

2. How do you connect to an Access database using C plus plus?

The easiest way to access an Access database from C++ is to use ODBC. An access database can easily be setup as an ODBC data source.

3. How do you load an access database form in vb 6?

first open a data application in the opening window there is a data environment and bind your database to the environment you can select a text box and in the property table under the data there is data source and field l after run the application it will bind without any code
first of all create a database file, then open the vb application. after opening place any control as you like. then connect the data source as file name and data fields
4. What is the difference between DBMS and a database?

The database holds the records, fields, cells ..with data. The DBMS is the "tools" used to manipulate the data in the database. An example of a DBMS is SQL Server.

5. What is difference between distriduted database and centrlized database system?

This relates to deployment of application.
Centralized DB : Where the data for application shall be stored in one location and the users can access the database using the application provided from anywhere using the network (LAN/WAN/Internet etc)
Distributed DB: -The application & the database shall be deployed where ever required and there will be some mechanism to synchronize the data between these databases

In more of layman' s words:
In centralized DB the database is stored in a central server and all user have access to that DB, and any changes made by any user in DB is reflected in central DB, thus visible to all the users using it.
In distributed DB the DB is stored in multiple locations (say different computers on a LAN or on a remote location comp). It is more of a kind of more than one copy of a single DB and changes in one copy doesn't reflects immediately , it is rather responsibility of DBA to ensure security and more importantly ensure the Integrity of Data in several locations(all copies). Distributed DB is fast to work with but incurs a lot of head-ache for DBA to ensure Security and data Integrity, also expensive to maintain. Whereas centralized DB is more reliable and reflects changes immediately thus ensuring data integrity and bit of less overhead in security. But Load on a centralized system is too high if users are more, so might slow down the performance and would incur greater response time.
6. What is a relational database?
Relational Database is collection of interrelated data managed with their relations. Database holds both the structure (schema) of the relations and the data itself. These structures are usually called tables.
For example, a to represent people working in different organizations, we could have a Person table, an Organization table, and Works table. Person table would hold a unique identifier of each worker, along with other personal information. Organization table would hold a unique identifier of each organization, along with other information about that entity. Works table would hold the pairs of unique identifiers - one pair for each person working in one organization.
If a Person is never allowed to work in more than one Organization, we could avoid using the Works table and store the organization's identifier as a field within the Person table. That is called a foreign key.
7. What is the difference between a file and a database?
Simply put, a file is a collection of bytes stored together. An example of a file could be a Text File (a collection of alphanumeric characters that, when put together, form a readable document) or a Bitmap Image File (a collection of bytes that software would then interpret as elements of an image).
A database is a special type of file that holds many tables. Each table can hold many fields as well as records. Think of a table as a spreadsheet. Each column represents different fields, such as "UserID", "LastName", and "CityOfResidence". Each row represents a record, or an entry, in the table, such as an entry for John Smith who lives in Albuquerque.
An example of a database would be one that has three tables: Books, Instructors, and Courses. Different fields in the "Books" table would be "Author", "Publisher", "Title", and "ISBN". Different records within "Books" would be, for example, an entry for "Learning Java in 20 Days" (Title) by John C. Doe (Author), published by ABC Publishing Co. (Publisher).
Each table in a database requires one field to be designated as the Primary Key. This means that, in order to uniquely identify a record in a table, one field needs to be used. In a "Students" table, the "StudentID" could be used as the Primary Key, since no two records (students) can have the same Student ID. For "Books" it could be "ISBN", since that is unique per book title.
Visually, a table would look something like this:
"Books" Table
ISBN
Title
Author
Publisher
1234567
"Learning Java" Bob Smith ABC Publishing
8675309
"Plumbing Basics" Joe Public XYZ Inc.
6762786
"American Literature" William Jones LMNOP Corp.
Finally, keep the following in mind: a database is a type of file. Therefore, all databases are files, '''but''' not all files are databases.
Answer
Any chunk of data you save is a file. Ten words of text in notepad, or a dozen images in a folder. Those are both files. A database is both a program to store and organize data, and make it searchable, and the data contained in it. I guess you could call a database a file as well, but they are typically large, and referred to as databases. You might search a product database for widgets of wool, orange in color, made in New Zealand. The result of that search you could also call a file.
Answer
When database managment systems (DBMS) first were developed, they used multiple files per database, typically one file per table. Now days, most of the common DBMS systems use one file per database. A database is a type of file (or a group of files.)
v

No comments: