CSQA Practice Exam Questions with Answers CSQA Certified Software Quality Analyst Certification

The Test Manager ensures that testing is performed, that it is documented, and that testing techniques are established and developed. The manager is also responsible for:

Planning and estimating tests

Designing the test strategy

Ensuring tests are created and executed in a timely and productive manner

Generally, a SLA should contain clauses that define a specified level of service, support options, incentive awards for service levels exceeded and/or penalty provisions for services not provided. Before having such agreements with customers the IT services need to have a good quality of these services, Quality management (link is external) will try to improve the Quality of service (link is external), whereas the SLAs will try to keep the quality and guarantee the quality to the customer.

Typical Service Level Agreement Contents:

Services Delivered

Performance

Problem Management

Customer Duties

Warranties & Remedies

Security

Disaster Recovery

Termination

If an organization is not ready, and also lacks the sales skills to convince the management group, the probability of success is so low that it is best not to bother with implementation at this time. A ready organization with good salesmanship can take care of itself. The other scenarios present different challenges. Organizations that are not ready, but have the salesmanship, are referred to as

“Challenge 1.” Organizations that are ready, but lack the salesmanship, are referred to as

“Challenge 2.” Each challenge is analyzed separately.

Challenge 1

The solution is to get ready. To get ready, an organization needs the following:

The presence of a competent, trained staff that is capable of performing quality work when building and maintaining systems. Additionally, there must be backup for these individuals. In a moderate-size organization, quality initiatives might be assigned to one person. With the substantial effort to get it going, it can be traumatic if that individual becomes promoted or should leave.

A good IT management team that is capable of setting up the quality function, monitoring it, and making it work. The existence of good management tools, especially project management and systems development methodologies that spell out what to do when,and are specific about where the quality review functions belong in the development cycle and in maintenance.

A limit on the number of internal improvement projects to be done at once.

Good credibility. If there has been a history of not doing things that were promised it may be premature to initiate a quality function until a track record of satisfying promises has been accomplished.

To be mentally prepared for the length of time (measured in months and years, not weeks) to get a new and important function like this into operation and stabilized.

Challenge 2

The process of selling a new quality function is similar to the process of selling anything associated with internally improving an organization. Some items to consider include the following:

To be an issue of real value to the total organization, the quality function must be heartfelt to the salesperson. Without a very strong belief in quality, no one can sell it.

When the proposition is taken to the management group, it is essential for the salesperson to speak the language of the listener.

Management values their time, which places a burden on the presenter to think the proposition through, present the case, ask for a clear decision, and then leave the room when receiving an affirmative answer. Most executive managers will buy into any well thought-out plan that has the necessary controls built in and where they can conceptually see the logic of how the pieces fit together.

It is essential to present a realistic picture. Extreme benefits should not be promised, nor should the salesperson claim that problems could be solved in a very short period of time. Most executive managers are astute enough to see through the unrealistic claims rapidly, weakening the total case.

There is an important principle of getting some things accepted, which is referred to as the Mafia Rule. This is an offer that management can't refuse. Offer that the management group can make all of the decisions on quality issues, while the proponents of the quality function will handle the administrative details.

Ideas are typically accepted only after the person presenting the ideas is accepted. If the salesperson’s personal relationship with management is weak, some "fencemending" should be done before asking management for a major decision.

Using outsiders can sometimes help in getting the right decision. The simple process of paying for advice somehow makes that advice seem more important.

Structural testing is considered white-box testing because knowledge of the internal logic of the system is used to develop test cases. Structural testing includes path testing, code coverage testing and analysis, logic testing, nested loop testing, and similar techniques. Unittesting, string or integration testing, load testing, stress testing, and performance testing are considered structural.

Functional testing addresses the overall behavior of the program by testing transaction flows, input validation, and functional completeness. Functional testing is considered black-box testing because no knowledge of the internal logic of the system is used to develop test cases. System testing, regression testing, and user acceptance testing are types of functional testing.

Structural Testing

Advantages

The logic of the software’s structure can be tested.

Parts of the software will be tested which might have been forgotten if only functional testing was performed.

Functional Testing

Advantages

Simulates actual system usage.

Makes no system structure assumptions.

Just-in-time principles can be used in IT in the following ways:

Systems development and maintenance tasks become driven when the user of an internal or external product or service needs them. Programs would not be developed before they are needed for test or production.

Systems analysts and programmers would not be given information and documents to store until they need them.

Internal information processes would be designed so individuals can move from job to job with minimal delay. For example, programmers should be able to stop working on one program and start another within the JIT ten-minute turnover standard.

While watching the demonstration, let part of your mind be a casual overseer of the entire process. Attempt to get a feel for what is happening and how that might impact your business. You want to end up being able to assess whether you feel good about the software. If you have concerns, attempt to articulate them to the demonstrator as well as possible to determine how the demonstrator responds and addresses those concerns.

Static testing is another name for in-process reviewing. It means that the test is being performed without executing the code. Static testing occurs throughout the development life cycle; however, a large part of it takes place during the requirements and design phases in the form of walkthrough inspections, and system reviews. Other examples of static testing include code analyzers or writing analyzers.

There are two types of static tests:

Validation

Validation is testing the software in an operational state. While there are several iterations of testing, they do not occur until the latter part of the system development life cycle. Thus, validation does not take advantage of the control theory stating that the control should be placed as close as possible to where the defect occurs. The most common types of validation are unit testing, integration testing, and system testing. Unit testing tests the smallest operating module ofa system; integration testing tests the connecting logic between the modules/units; and the systemtesting validates that the system executes in the organization's operating environment.

Verification

Verification is the static testing of the system in a nonoperational status. It primarily tests the documentation produced by the project team. The documentation includes requirements, design, code, test, and operating documentation. Verification is performed through a variety of processes, including code analyzers, walkthroughs, reviews, and inspections. These verification processes also interact with the project team, end users, and other interested parties. Level 2 also incorporates acceptance testing, in which the end users define the criteria, which the system must meet in order to, be acceptable, and then test against those criteria.

Please check the explanation for detailed answer.

The concerns that arise in maintaining a relationship of harmony and good will include:

Contractor obligations met - The contractor should meet their requirements as specified in the contract.

Customer obligations met - The customer should meet their requirements as specified in the contract.

Need met - It is to the benefit of both parties to have the customer satisfied with the application system. Even when the initial deliverables meet the customer’s need, there will be ongoing maintenance required to meet the continually evolving needs of the customer. The methods of doing this should be specified in the contract, and those requirements should form the basis for both parties specifying and delivering new contractual obligations.

Limits on cost increases - The cost specified in the contract should include provisions for ongoing costs. In an inflationary economy, it may be advantageous to have limits placed on cost increases. For example, if service is provided at an hourly rate, the increases in that rate might be specified in the contract.

At a minimum, the tool selected should support the recording and communication of all significant information about a defect. For example, a defect log could include:

ƒ Defect ID number

ƒ Descriptive defect name and type

ƒ Source of defect - test case or other source that found the defect

ƒ Method – SDLC phase of creation

ƒ Phases – SDLC phase of detection

If people are the key, but are also a weak link, more and better attention must be paid to this “component of security”. A robust and enterprise-wide awareness and training program is paramount to ensuring that people understand their IT security responsibilities, organizational policies, and how to properly use them to protect the IT resources entrusted to them.

This practice provides a strategy for building and maintaining a comprehensive awareness and training program, as part of an organization’s IT security program. The strategy is presented in a life cycle approach, ranging from designing, developing, and implementing awareness and training program, through post-implementation evaluation of the program. The document includes guidance on how IT security professionals can identify awareness and training needs, develop a training plan, and get organizational buy-in for the funding of awareness and training program efforts.

Both the business staff and the quality staff should be involved in IT planning. Involvement is in both strategic and tactical planning.

The objective of this single planning cycle is to ensure that adequate resources and time are available to perform the quality activities. The net result is that the individuals executing the business plan cannot differentiate the quality planning from the business planning. For example, if business planning calls for a quality review prior to the end of each phase of software development, the business staff will assume, that is a logical part of the software development process. If it is not integrated, the review is owned by the quality professional and may not be adequately supported by the IT business staff, such as, system designers and programmers.

Rahail HDD:Users:iMac:Desktop:Screen Shot 2015-01-12 at 6.45.40 PM.png

The figure gives an example of business planning and an example of quality planning. While the blocks show that strategic and tactical business planning and strategic and tactical quality planning occur, the end result is a business plan that incorporates quality activities.

The quality professional should not allow COTS or contracted software to be placed into operation without some acceptance testing. If the COTS software is acquired by the internet or from a business college its reliability is questionable, and it may contain viruses. Many organizations do not permit their employees to acquire software from unapproved sources such as the internet.

The quality professional may or may not be involved in the actual acceptance testing. However, the quality professional must determine that acceptance criteria are developed. It has been demonstrated extensively that the cost of not acceptance testing is normally much greater than the cost of acceptance testing. It only takes a few problems in acquired software to far exceed the cost of acceptance testing.

Acceptance testing of software will be dependant upon the risk associated with the use of that software. As the use and importance diminishes so does the amount of acceptance testing.

Likewise, the greater assurance the quality professional has in the ability of a contractor of software to produce high quality, defect-free software, the fewer acceptance testing that needs to be conducted.

Several procedures are necessary to maintain control over program changes.

The nature of the proposed change should be explained in writing, and formally approved by a responsible individual. Major changes should be approved by the systems-planning steering committee, commonly called the CCB or Configuration Control Board, in the same manner as for new systems. Minor changes may only require the joint approval of the IT manager and senior personnel in the user department. Documenting the proposed change clears up any initial misunderstandings that may arise when only verbal requests are made. In addition, written proposals provide a history of changes in a particular system.

Developers should make the program changes, not the operations group. Any change should be supported by adequate systems documentation. If the operators were authorized to make minor changes, it would greatly increase the difficulty of controlling versions and of maintaining up-to-date documentation.

Someone independent of the person who designed and made the change should be responsible for testing the final revised program. The results should be recorded on program change registers and sent to the IT manager for approval. Operations should accept only properly approved changes.

Finally, the documentation system should be updated with all change sheets or change registers and printouts.

The four project variables are scope, schedule, resources, and quality. The management challenge in completing the project can be illustrated as a dashboard of four system attribute dials, which get set according to the project criteria as illustrated in the following figure. The four dials are interconnected, so movement of one dial affects one or more of the other dials.

Rahail HDD:Users:iMac:Desktop:Screen Shot 2015-01-13 at 3.12.48 AM.png

All goes well until one of the variables needs to be changed. For example, the project team agrees to install a new requirement, but if management holds schedule and resources firm while moving the scope, something must give. Since the dials are interconnected, what must give is quality. Reduced quality occurs as less testing, less documentation, or fewer controls. One role of the quality function is to hold the quality dial firm, so that scope changes cause the resources orschedule dials to move, and not cause a reduction in quality.