Risk-based Testing Questions

Question
Assume you are managing the system testing phase of a project. The system test
execution period is scheduled to twenty weeks.
All tests are manual tests. You are following a risk-driven test approach. During the last
staff meeting the project manager tells you new deadlines that will not allow
completion of all the system tests.
Which of the following would you expect to be the best way to respond to this
situation?
K2 1 credit
A. Prioritize executing the tests for the highest product risks and track these risks
B. Remove testers from your test team, so that they can be assigned to other projects
C. Automate all remaining tests
D. No action is needed, test as much as possible in the remaining time period

Question
You are performing a quality risk analysis for a CSCI (Computer Software Configuration
Item) used to implement a CBIT (Continuous Built-In Test) module of a safety-critical
system.
During the quality risk analysis you are trying to identify the ways in which failures of the
CBIT module can occur, for each of them trying to determine the potential causes and
likely effects, and the risk level (calculated as the product of three factors: severity,
occurrence and detection).
Which of the following risk analysis techniques are you working with?
K2 1 credit
A. A lightweight product risk analysis technique
B. Failure Mode and Effect Analysis
C. Wide Band Delphi
D. Cost of Exposure

https://www.udemy.com/istqb-advanced-level-test-manager-ctal/
Risk-based Testing Questions

Question
You are working on a project to develop an authentication system for an e-commerce
website. This system provides two features: Registration and authentication. Two
different development teams develop these two features.
There is a high likelihood that the delivery of the authentication feature to the test team
will be three weeks later. To complete the registration the user must provide the
following registration inputs: Name, surname, birth date, fiscal code and he/she can
select a username and a password.
A registered user can be a special user or a normal user. To be identified as a special
user, he/she must also provide, during the registration process, a voucher possibly
received from the IT department.
Access is granted only if a user is registered and the password is correct: In all other
cases access is denied. If the registered user is a special user and the password is wrong,
a special warning is shown on the system console.
You are currently performing a quality risk analysis using FMEA.
Based only on the given information, which of the following is NOT a product risk that
could be identified during the quality risk analysis?
K4 3 credits
A. The late delivery of the authentication feature to the test team causes delays in the
start of test execution and this could result in a shorter test period
B. The authentication system denies access for a special user with a wrong password,
but doesn't display a special warning on the system console
C. The authentication system grants access to a normal user with a wrong password
D. The authentication system grants access to a special user with a wrong password

https://www.udemy.com/istqb-advanced-level-test-manager-ctal/
Risk-based Testing Questions

Question
You are managing the system testing for a SOA based system. The integrated system
consists of several subsystems:
- A SOA middleware
- A CRM (Customer Relationship Management) system
- A BRM (Billing and Revenue Management) system
- A SMS (Subscriber Management System) system and you performed a risk analysis
based on these subsystems.
At the end of the scheduled period for test execution you produce a first classical report
based on the traditional metrics of testing. Test pass/fail status and bug status
(open/resolved). That table provides you a distorted picture of the quality risk, because
there is no indication of the risk level of the failed tests, the tests not run, or the open
bugs. Thus, you produce the following table to solve this distortion issue:
In the table above, where you have introduced the concept of risk weighting, the
highest risk test or bug report has a score of 1, while the lowest risk test or bug report
has a score of 0.04.
Which of the following subsystems, based on the risk scores of the table, is most risky?
K4 3 credits

A. SOA
B. CRM
C. BRM
D. SMS

https://www.udemy.com/istqb-advanced-level-test-manager-ctal/
Risk-based Testing Questions

Question
Assume that you are the Test Manager for a small banking application development
project. You have decided to adopt a risk-based testing strategy and 5 product risks (R1,
R2, R3, R4, and R5) have been identified during the quality risk analysis. The following
table shows the risk level associated to these product risks (higher numbers mean
higher risk):
55 test cases have been designed and implemented to cover all these 5 product risks.
The coverage is described in a traceability matrix.
This is the test execution status table, after the first week of test execution:
About 56% of the planned test cases have been successfully executed.
Assume that no additional product risks have been identified during the first week of
test execution.
Which of the following answers would you expect to best describe the residual risks
associated with the identified product risks, at the end of the first week of test
execution?
K3 2 credits

A. Since R3 is the only risk for which all test cases have passed, the risk has been
reduced by 20%
B. The test execution status table indicates that the risk has been reduced by 56%
C. The residual risk level can't be determined, because it requires that all the test cases
have been executed
D. The test execution table doesn't give an indication of the risk level of the open
defects and the test cases that failed or are not run yet

https://www.udemy.com/istqb-advanced-level-test-manager-ctal/