⁷

Final-Term Exam (Take-Home) Fall – 2020

Department of Computer Science/ Software Engineering

Subject Software Quality Assurance Program BS CS/SE

Instructor: Azhar Ansari/ Ridah Fatima/ Farooq Iqbal

Maximum Marks 40
Submission Saturday Submission 30 - 01- 2021
Day Date

Q. No. 1 2 3 4 5 6
Total Marks 7 8 5 7 8 5
Obtained Marks

IMPORTANT INSTRUCTIONS:
Please follow the instructions carefully:
1. Write your answers in a Word file and upload the file before the due date on Blackboard.
2. Write your name and registration ID on the first page of your Word file.
3. Answer scripts can only be uploaded on Blackboard any time before its deadline.
4. To avoid any unforeseen problems, you are advised NOT to wait for the last hour to
upload your answer script.
5. Submission of answer copy(ies) will be considered acceptable through Blackboard only.
Therefore, do not submit your document through email or any other medium.
6. Use 12 pt. font size and Times New Roman font style along with 1-inch page margins.
7. Follow the requirements of the word limit and the marking criteria while writing your
answers.
8. Provide relevant, original and conceptual answers, as this exam aims to test your ability to
examine, explain, modify or develop concepts discussed in class.

Page 1 of 7
9. Do not copy answers from the internet or other sources. The plagiarism of your answers
may be checked through Turnitin.
10. Recheck your answers before the submission on BlackBoard to correct any content or
language related errors.
11. Double check your word file before uploading it on BlackBoard to ensure that you have
uploaded the correct file with your answers.

Question 1
Problem Statement: Software Quality Metrics

You are appointed as a “Junior Associate - Software Process Improvement” in ABC software
house. The company has successfully delivered many projects in past. Your team lead has called
a meeting and briefed you about the processes going around in the company. He has given you
the data of the recently completed project and asked you to come up with different metrics
related to SQA in general and testing in specific. He has an opinion that they could bring in some
improvements in testing process of the company by analyzing the data.
The ERP that was recently developed by the company is running in production environment and
the client has reported 75 issues of different nature, out of which 15 were of understanding
issues. The testing team had developed 800 different test cases and were able to report 560 issues
to the development team. Out of these 560 issues, 80 issues were discovered through smoke test
for which no test cases were prepared. The development effort was of 14 months (2464 hours)
and testing team took 6 months (1056 hours) to complete all the test cycles. Source lines of code
written for this project were 218,974.
Required:
[07 marks] Now it’s your turn to calculate different metrics related to software testing.

Question 2
Problem Statement: Software Testing – Test case designing techniques

The main purpose of this website would be to make room booking facility online for our chain of
hotels (Hotel Deluxe, Hotel Seafront and Hotel Park View). This would facilitate our existing
customers, as well as potential new customers, in booking hotels and itinerary prior to their
arrival. This would not only enable them to be more comfortable (because they would know that

Page 2 of 7
hotel room of their choice is already booked) but also increase our chances of maximizing hotel
room bookings and minimizing the load on front desk receptions of our hotels.
It would require the customers to get registered by simply providing some basic information of
themselves like First Name, Last Name, Passport Number and Age (age must be 18 or above)
and then proceeding to searching of hotels, selecting appropriate hotel and eventually making a
booking for the room of their choice and paying it off using online payment methods (credit
cards).
During the room-booking process, the user needs to first choose a hotel. Then he can search for a
period of a year into the future using the Date fields to see the availability of rooms. User cannot
search for past dates or after the maximum date. Once the user has selected a hotel and sees
availability of rooms, he is required to select the room type via dropdown (i.e. Single, Double
and Quad). He then needs to enter the number of rooms of that type he wishes to book in a
textbox. He can book up to 5 rooms in one transaction. Lastly, he is required to enter the number
of guests in a textbox. The number of guests should match the capacity of the rooms he is trying
to book.
After completing all of the above steps, he can proceed to payment and pay via Credit Card by
entering Credit Card Number, CVV, and Expiry date. When the user fills in this information on
our website, our system validates only the Expiry Date to check its validity (meaning it’s at least
3 months in the future) and then submits the information to Payment Gateway portal.
Required:
As the tester of this project you need to identify the test data for this project:
1. [02 marks] Identify all types of test data.
2. [02 marks] Classify which test data will require techniques like Equivalence Partitioning and
Boundary Value Analysis.
3. [04 marks] Use these techniques to formulate the test data for those fields.

Question 3
Problem Statement: Software Configuration & Change Management

You are working with a consultant firm and as part of an assignment you are evaluating different
processes followed by “Up-think Solutions Private Limited”. After careful observation and
reviewing different artifacts and minutes of meetings you have come across the following:
The main issues the team faces are related to change and configuration management. It’s very
common among team members that their work overrides if more than one developers are
working on a same code file. Another issue is related to changes in the requirements. The team
leads normally coordinate with the clients and inform the changes to the relevant developers to
be implemented in the system. Sometimes, the changes are related to database and not being

Page 3 of 7
informed to all the concerned teams. A good amount of time has spent on resolving these issues
on regular basis and deadlines are slipped or hard to manage.

Required:

[05 marks] What you will suggest to your team lead after evaluating and observing the situation
at “Up-think Solutions Private Limited” in order to eliminate the problem they are facing and
streamline their processes by adopting best practices.

Question 4
Problem Statement: Software Inspection and Reviews

Evaluate the below mentioned process and formulate your recommendations related to what
should be added or changed in the process to make it more effective and in line with the best
practices followed in the industry?
Keeping in mind the problem statement presented in the first paragraph of the scenario, you need
to:
1. [02 marks] Identify the types of reviews that are being conducted in the company and in
which phase they are being conducted
2. [03 marks] Evaluate existing reviews and see if they are correctly implemented i.e.
follow the best practices and identify their shortcomings and co-relate which types of
bugs mentioned in the problem statement might be the result of these shortcomings
3. [02 marks] Recommend adding new reviews to process and who should be involved in
those new reviews

Required:

Need to Evaluate the Review Process of ABC Soft:

Our Company (ABC Soft) is striving to implement a thorough process which should result in
creating our software projects with high quality. To achieve this, we have embedded different
Quality Control activities in our SDLC focusing specially on Reviews. Even after implementing
this new process, we are not getting the desired results as our products still suffer from numerous
issues. After performing a trend analysis of the feedback we received from our customers, we
found that only around 20% of the customers think that our product had the desired set of
requirements. Most of our customers think that our products are not scalable and efficient.
Around 80% of our customers think that our products have more bugs than they were expecting.

Page 4 of 7
These defects range from missing features to unstable features. We are not sure why this is
happening even after we have implemented a Review process at various stages in our SDLC.

We have now hired you to review our process and guide us what elements are missing in our QC
process, especially regarding our Review process.

Following is the brief description of our process:

“After completing the work on Requirements document, Business Analyst needs to submit it to
his lead who will review it and provide his feedback. After incorporating that feedback, the
Requirements document is deemed final and provided to Architect for formulating the
architecture of the application. After the architect completes his work, the Project Manager
provides these documents to the required development team members for implementation. At the
end of development, the code is reviewed by two Development Team Leads so as to ensure that
code is following all the coding standards (i.e. comments, naming conventions are followed). In
parallel to development activity, our QA team picks up the Requirement document and starts
creating test cases. All test cases are created by the Test Lead. After the test cases are created, he
schedules an Inspection process. He invites his QA team members and presents his cases to them
and seek their feedback. The final outcome of the discussion is noted by the Secretary. At the
end of the Inspection session, the Lead submit the final findings of the Inspection to his team
members so that they can make the necessary amendments to the test cases.”

Question 5
Problem Statement: Software Quality Management

Excelligence Pvt. Ltd is revamping their internal processes and organizational structure in
pursuit of excellence. Lately the management of this company has changed and majority of the
new team members are fresh and newly inducted in the company. Earlier the company was not
following any standards or best practices. They had no clearly defined job descriptions and were
following ad hoc processes. The intentions were to develop the products and deliver them to the
customers. It was sort of reactive strategy and similar to CMMI level 1.
They have hired you to go through a rigorous evaluation and review of their existing processes to
produce better quality products ranging from desktop applications to sophisticated mobile
applications. The initial reviews entail the existence of Quality Management System (QMS) in
place.

Page 5 of 7
Deming’s improvement cycle will be followed in order to implement QMS at first place and later
on the emphasis will be on adoption of defect prevention and detection techniques. Internal
audits will be performed on predefined intervals to ensure that all the employees are following
the defined and agreed processes and procedures.

Required:

1. [02 marks] Suggest what components/functions are going to be implemented as part of

QMS?
2. [02 marks] In your opinion, why Deming’s cycle has suggested for process improvement at
Excelligence?
3. [02 marks] What defect prevention and detection techniques will you suggest if you were the
consultant and why?
4. [02 marks] Why first part audit is being recommended? Can we have second party audit
instead of first party audit?
Question 6
Problem Statement: Application’s Security Testing (AST)

Financia Pvt. Ltd. has just ended up the development of his web based application. The product
has gone through with rigorous inspections, reviews and functional tests. They are projecting that
this application will be used by millions of end users. As part of stringent quality standards, they
have to do the security test of their application. The testing team has no prior experience of
performing any security related testing but the technical lead is emphasizing to perform SQLi
before any other security related testing.
Since the testing team has left with limited time therefore they have decided to go with hit and
trial. For doing Penetration testing, they are planning to conduct SAST with Insider, a very
popular security testing tool. The test lead has asked his assistant to check possible
vulnerabilities of web server while doing SAST.
The team was successfully able to inject some malicious SQL script through the application’s
interface.

Required:

1. [02 marks] After reviewing the above scenario, highlight the mistakes which have been
made by the testing team.
2. [01 marks] If you had been the part of management what would had your decision related to
AST?
3. [01 mark ] Which type of testing Financia Pvt. Ltd. is missing out other than AST?
4. [01 mark ] How will the developers make sure to avoid/stop the SQLi?

Page 6 of 7
End of paper

Page 7 of 7