Testing for Security & Quality Assurance

Testing 1

Testing 2

Testing 3

Standards

Data and Bug Tracking

100

Which of these are testing artifacts?

- Test scripts

- Test cases

- Test method

- Test reports

- Test scripts

- Test cases

100

What is testing without knowledge of the inner workings of a system called?

Pen testing
White-box testing
Black-box testing
Vulnerability scanning

C. Black-box testing

100

Environmental testing can be used to do what?
1. Test data movement across trust boundaries from end to end of the application
2. Ensure the code will run in the cloud
3. Ensure code compiles completely
4. Verify mutual authentication functions in the application

A. Test data movement across trust boundaries from end to end of the application

100

What Is the Difference Between ISO 25010 and ISO 9126?

ISO 25010, which was published in 2011, superseded ISO 9126 published in 2001.

The main difference between the two lies in how they categorize and define non-functional software quality requirements.

ISO 25010 added two additional product quality characteristics to the six specified in ISO 9126 — adding security and compatibility.

100

What process can be performed on real production data in order to develop useful data for complex environments?

- Automatize real data

- Decrypt real data

- Encrypt real data

- Anonymize real data

Anonymize real data

200

Which type of functional testing has test cases that include line coverage, code path coverage, and method coverage?

- Smoke testing

- Sanity testing

- Unit testing

- Usability testing

Unit testing

200

When testing is done with complete knowledge of the source code, it is called what?
1. Unit testing
2. Functional testing
3. White-box testing
4. Code walkthrough

C. White-box testing

200

Functional testing includes what steps?
1. Requirements, test data creation, expected output results, execute test cases, comparison of actual and expected outputs
2. Create test data, perform functional test, score output
3. Requirements, create test data, perform functional test
4. Requirements, perform functional test, score output

A. Requirements, test data creation, expected output results, execute test cases, comparison of actual and expected outputs

200

What is an international standard for establishing quality in software products?
1. ISO 9000
2. ISO 27001
3. ISO 21827
4. ISO 25010

D. ISO 25010

200

What is a list of the types of errors that are not allowed to go forward as part of the SDL process called?
1. Bug bar
2. Attack surface validation
3. Security requirements
4. SDL security gate

A. Bug bar

300

Which type of functional testing establishes a benchmark for the performance of the application?

- Load testing

- Resilience testing

- Stress testing

- Baseline testing

Baseline testing

300

Functional testing includes all of the following except what?
1. System testing
2. Attack surface area testing
3. Unit testing
4. Performance testing

B. Attack surface area testing

300

Which of the following is not necessarily spelled out in a test plan?
1. Scope
2. Schedule
3. Results
4. Resources

C. Results

300

What is OSSTMM used for?
1. Assessing operational security using analytical metrics
2. Security engineering
3. Quality assurance for software
4. Evaluating security engineering practices

A. Assessing operational security using analytical metrics

300

Which of these are typical states in the remediation of bugs?

- Removal of data

- Mitigation of responsibility

- Ignore the issue

- Mitigation of defect

Ignore the Issue

Mitigation of Defect

400

Which are the advantages of white-box testing? (note: could be more than 1 answer)

- No need to specific knowledge

- Tests performed from the user’s perspective

- Allows for earlier testing

- More thorough testing

- Allows for earlier testing

- More thorough testing

400

Functional testing is used to determine which of the following characteristics?
1. Reliability, bugs, performance, and scalability
2. Resiliency, logic, security, and testability
3. Resiliency, bugs, requirements, and scalability
4. Reliability, logic, performance, and scalability

D. Reliability, logic, performance, and scalability

400

Software testing provides evidence that the software complies with what?
1. The customer’s view of what they want
2. Legal regulations
3. The contract that specifies requirements
4. The configuration management plan

C. The contract that specifies requirements

400

Which of these are valid primary quality characteristics suggested by the ISO 9126-1 software quality assurance standard?

- Portability

- Effectiveness

- Functionality

- Compliance

- Reliability

- Portability

- Functionality

- Reliability

400

An operational measure of what constitutes the minimum level of quality with respect to security in code is a description of what?
1. ISO 9216 process element
2. OSSTMM report
3. Bug bar
4. SDL process requirement

C. Bug bar

500

Which types of boundaries should be subject to environment testing to ensure adequate security? (Notes: could be more than 1 answers)

- Code boundaries

- Security boundaries

- Trust boundaries

- Data boundaries

- Security boundaries

- Trust boundaries

500

What type of testing is used to assess software behavior, albeit with significant false-positive results because of no system knowledge?
1. OSSTMM testing
2. Environmental testing
3. Trust boundary testing
4. Black-box testing

D. Black-box testing

500

What does a test case describe?
1. An output that produces a predictable input
2. An input that produces a predictable output
3. An algorithm
4. A result

B. An input that produces a predictable output

500

Which of the four phases of the OSSTMM methodology include a posture review, logistics, and active detection?

- Interactive Controls

- Test Phase

- Regulatory

- Information

- Definitions

Regulatory

500

What are the typically four states in the remediation of bugs?

Removal of the defect,

Mitigation of the defect,

Transfer of responsibility

Ignore the issue.