Which of these are testing artifacts?
- Test scripts
- Test cases
- Test method
- Test reports
- Test scripts
- Test cases
What is testing without knowledge of the inner workings of a system called?
Pen testing
White-box testing
Black-box testing
Vulnerability scanning
C. Black-box testing
Environmental testing can be used to do what?
Test data movement across trust boundaries from end to end of the application
Ensure the code will run in the cloud
Ensure code compiles completely
Verify mutual authentication functions in the application
A. Test data movement across trust boundaries from end to end of the application
What Is the Difference Between ISO 25010 and ISO 9126?
ISO 25010, which was published in 2011, superseded ISO 9126 published in 2001.
The main difference between the two lies in how they categorize and define non-functional software quality requirements.
ISO 25010 added two additional product quality characteristics to the six specified in ISO 9126 — adding security and compatibility.
What process can be performed on real production data in order to develop useful data for complex environments?
- Automatize real data
- Decrypt real data
- Encrypt real data
- Anonymize real data
Anonymize real data
Which type of functional testing has test cases that include line coverage, code path coverage, and method coverage?
- Smoke testing
- Sanity testing
- Unit testing
- Usability testing
Unit testing
When testing is done with complete knowledge of the source code, it is called what?
Unit testing
Functional testing
White-box testing
Code walkthrough
C. White-box testing
Functional testing includes what steps?
Requirements, test data creation, expected output results, execute test cases, comparison of actual and expected outputs
Create test data, perform functional test, score output
Requirements, create test data, perform functional test
Requirements, perform functional test, score output
A. Requirements, test data creation, expected output results, execute test cases, comparison of actual and expected outputs
What is an international standard for establishing quality in software products?
ISO 9000
ISO 27001
ISO 21827
ISO 25010
D. ISO 25010
What is a list of the types of errors that are not allowed to go forward as part of the SDL process called?
Bug bar
Attack surface validation
Security requirements
SDL security gate
A. Bug bar
Which type of functional testing establishes a benchmark for the performance of the application?
- Load testing
- Resilience testing
- Stress testing
- Baseline testing
Baseline testing
Functional testing includes all of the following except what?
System testing
Attack surface area testing
Unit testing
Performance testing
B. Attack surface area testing
Which of the following is not necessarily spelled out in a test plan?
Scope
Schedule
Results
Resources
C. Results
What is OSSTMM used for?
Assessing operational security using analytical metrics
Security engineering
Quality assurance for software
Evaluating security engineering practices
A. Assessing operational security using analytical metrics
Which of these are typical states in the remediation of bugs?
- Removal of data
- Mitigation of responsibility
- Ignore the issue
- Mitigation of defect
Ignore the Issue
Mitigation of Defect
Which are the advantages of white-box testing? (note: could be more than 1 answer)
- No need to specific knowledge
- Tests performed from the user’s perspective
- Allows for earlier testing
- More thorough testing
- Allows for earlier testing
- More thorough testing
Functional testing is used to determine which of the following characteristics?
Reliability, bugs, performance, and scalability
Resiliency, logic, security, and testability
Resiliency, bugs, requirements, and scalability
Reliability, logic, performance, and scalability
D. Reliability, logic, performance, and scalability
Software testing provides evidence that the software complies with what?
The customer’s view of what they want
Legal regulations
The contract that specifies requirements
The configuration management plan
C. The contract that specifies requirements
Which of these are valid primary quality characteristics suggested by the ISO 9126-1 software quality assurance standard?
- Portability
- Effectiveness
- Functionality
- Compliance
- Reliability
- Portability
- Functionality
- Reliability
An operational measure of what constitutes the minimum level of quality with respect to security in code is a description of what?
ISO 9216 process element
OSSTMM report
Bug bar
SDL process requirement
C. Bug bar
Which types of boundaries should be subject to environment testing to ensure adequate security? (Notes: could be more than 1 answers)
- Code boundaries
- Security boundaries
- Trust boundaries
- Data boundaries
- Security boundaries
- Trust boundaries
What type of testing is used to assess software behavior, albeit with significant false-positive results because of no system knowledge?
OSSTMM testing
Environmental testing
Trust boundary testing
Black-box testing
D. Black-box testing
What does a test case describe?
An output that produces a predictable input
An input that produces a predictable output
An algorithm
A result
B. An input that produces a predictable output
Which of the four phases of the OSSTMM methodology include a posture review, logistics, and active detection?
- Interactive Controls
- Test Phase
- Regulatory
- Information
- Definitions
Regulatory
What are the typically four states in the remediation of bugs?
Removal of the defect,
Mitigation of the defect,
Transfer of responsibility
Ignore the issue.