1.1.1 Q-1. What Is Requirement Traceability Matrix?

Answer. Requirement Traceability Matrix (RTM) is a document which records the mapping
between the high-level requirements and the test cases in the form of a table.
That’s how it ensures that the Test Plan covers all the requirements and links to their latest
version.

1.1.2 Q-9. What Is The Difference Between A Test Driver And Test Stub?

Answer. The test driver is a piece of code that calls a software component under test. It is
useful in testing that follows the bottom-up approach.
Test stub is a dummy program that integrates with an application to complete its
functionality. These are relevant for testing that uses the top-down approach.
Let’s take an example.

1. Let’s say there is a scenario to test the interface between modules A and B. We have
developed only module-A. Then we can test module-A only if we have real module-B
or a dummy module for it. In this case, we call module-B as the Test Stub.
2. Now, module-B can’t send or receive data directly from module-A. In such
scenario, we’ve to move data from one module to another using some external
features called Test Driver.

1.1.3 Q-10. What Are The Essential Qualities Of An Experienced QA Or Test Lead?

Answer. Every QA or Test Lead should have the following qualities.

1. Well-versed in Software testing processes.
2. Ability to accelerate teamwork to increase productivity.
3. Improve coordination between QA and Dev engineers.
4. Provide ideas to refine the QA processes.
5. Ability to conduct RCA meetings and draw conclusions.
6. Excellent written and interpersonal communication skills.
7. Quick learner and able to groom the team members.

1.1.4 Q-11. What Are the Different Types Of Software Testing?

Answer. Following is the list of various testing types used by manual testers.
 Unit testing
 Integration testing
 Regression testing
 Shakeout testing
 Smoke testing
 Functional testing
 Performance testing
 Load testing
 stress testing
 Endurance testing
 White box and Black box testing
 Alpha and Beta testing
 System testing

.
1.1.5 Q-12. What Are the Key Elements Of A Test Plan?

Answer. A test plan contains the following main points.

 Testing objectives.
 Test scope.
 Testing the frame.
 The environment

1
 Reason for testing
 The criteria for entrance and exit
 Deliverables
 Risk factors

1.1.6 Q-13. What Is A Test Case?

Answer. A test case is a sequence of actions and observations that are used to verify the
desired functionality. A good test case helps to identify problems in the requirements or
design of an application.

1.1.7 Q-14. What Is Agile Testing And Why Is It Important?

Answer. Agile testing is a software testing process which evaluates a software from the
customer point of view. And it is important because this does not require Dev to complete
coding for starting QA. Instead, the coding and testing both goes hand in hand. However, it
may require continuous customer interaction.

.
Q-19. What Is the Difference Between Functional Requirement And Non-Functional
Requirement?

Answer. The functional requirement specifies how a product should run whereas a non-
functional requirement represents how it should be.
1.1.7.1 Functional Requirements.

 Authentication
 Business rules
 Historical Data
 Legal and Regulatory Requirements
 External Interfaces
1.1.7.2 Non-Functional Requirements.

 Performance
 Reliability
 Security
 Recovery
 Data Integrity
 Usability

1.1.8 Q-20. How Comes the Severity And Priority Relate To Each Other?

Answer.
 Severity – Represents the gravity/depth of the bug.
 Priority – Specifies which bug should get fixed first.
 Severity – Describes the application point of view.
 Priority – Defines the user’s point of view.
1.1.9 Q-21. What Are Different Types Of Severity?

Answer. The severity of a bug can be low, medium or high depending on the context.
 User Interface Defect – Low
 Boundary Related Defects – Medium
 Error Handling Defects – Medium
 Calculation Defects – High
 Misinterpreted Data – High
 Hardware Failures – High
 Compatibility Issues – High
 Control Flow Defects – High

2
 Load Conditions (Memory leakages under load testing) – High

1.1.10 Q-22. What Is Entry And Exit Criteria In Software Testing?

Answer.Entry criteria – It is a process that should run when a system begins. It includes
the following artifacts.
 SRS (Software Requirement Specification)
 FRS (Functional Requirement Specification)
 Use case
 Test-Case
 Test-plan
Exit Criteria – It signals when the testing should complete and when should the product be
ready to release. It includes the following artifacts.
 Test Summary Report
 Metrics
 Defect Analysis report

Q-23. What Is Test Strategy?

Answer. Test strategy is an approach to carry out the testing activity. It covers the
following.
 Roles and responsibilities for each member.
 Testing scope.
 Test tools.
 Test environment.
 Testing schedule.
 Associated risks.

1.1.11 Q-24. What Is Smoke Testing And What Is Sanity?

Answer.Smoke testing confirms the basic functionality works for a product. It requires you
to identify the most basic test cases for execution.
Sanity testing, on the other hand, ensures that the product runs without any logical errors.
For example, if we are testing a calculator app; we may multiply a number by 3 and check
whether the sum of the digits of the answer is divisible by 3.

1.1.12 Q-25. What Is the Difference Between A Bug, Defect, And Error?

Answer. A bug is usually same as the defect. Both of them represents an unexpected
behavior of the software.
However, an error would also fall in the same category. But in some cases, errors are fixed
values. For example – 404/405 errors in HTML pages.

Q-26. What Is The Difference Between High Level And Low-Level Test Case?

Answer.
 High-level test cases cover the core functionality of a product like standard business
flows.
 Low-level test cases are those related to user interface (UI) in the application.

1.1.13 Q-29. What Is Defect Leakage?

Answer.

3
Defect leakage occurs at the Customer or the End-user side after the product delivery. If the
end user sees any issue in the application, then such bugs lead to Defect leakage. And this
process of finding bugs is also called as Bug Leakage.

Q-32. What Is Business Requirements Document (BRD)?

Answer. BRD provides a detailed business solution for a project including the documentation
of customer needs and expectations.
BRD fulfills the following objectives.

 Gain agreement with stakeholders.

 Provide clarity on the business requirements.
 Describe the solution that meets the customer/business needs.
 Determine the input for the next phase of the project.

2 Q-33. What Is Risk Analysis?

Answer. Risk analysis is a technique to identify the things that can go wrong in a software
development project. They can negatively impact the scope, quality, timeliness, and cost of a
project.
However, everyone involved in the project has a part in minimizing the risk. But it’s the lead
who ensures that whole team understands the individual role in managing the risk.

2.1.1 Q-34. What Is Exploratory Testing?

Answer.Exploratory testing is a process which lets a tester to concentrate more on

execution and less on planning.It requires formulating a test charter, a short declaration of
the scope, set of objectives and possible approaches to be used.
 The test design and test execution activities may run in parallel without formally
documenting the test conditions, test cases or test scripts.
 Testers can use boundary value analysis to concentrate the testing effort on error-
prone areas by accurately pinpointing the boundaries.
 Notes should be recorded for the Exploratory Testing sessions as it would help to
create a final report of its execution.

2. What is risk-based testing?

Risk-based testing is the term used for an approach to creating a test strategy that is based
on prioritizing tests by risk. The basis of the approach is a detailed risk analysis and
prioritizing of risks by risk level. Tests to address each risk are then specified, starting with
the highest risk first.

12. What is beta testing?

Testing performed by potential customers at their own locations.

15. Rapid Application Development ?

Rapid Application Development (RAD) is formally a parallel development of functions and

subsequent integration. Components/functions are developed in parallel as if they were mini

4
projects, the developments are time-boxed, delivered, and then assembled into a working
prototype. This can very quickly give the customer something to see and use and to provide
feedback regarding the delivery and their requirements. Rapid change and development of
the product is possible using this methodology. However the product specification will need
to be developed for the product at some point, and the project will need to be placed under
more formal controls prior to going into production.

16. What is the difference between Testing Techniques and Testing Tools?

Testing technique: – Is a process for ensuring that some aspects of the application system or
unit functions properly there may be few techniques but many tools.

Testing Tools: – Is a vehicle for performing a test process. The tool is a resource to the
tester, but itself is insufficient to conduct testing

19. What is component testing ?

Component testing, also known as unit, module and program testing, searches for defects in,
and verifies the functioning of software (e.g. modules, programs, objects, classes, etc.) that
are separately testable. Component testing may be done in isolation from the rest of the
system depend-ing on the context of the development life cycle and the system. Most often
stubs and drivers are used to replace the missing software and simulate the interface
between the software components in a simple manner. A stub is called from the software
component to be tested; a driver calls a component to be tested.

20. What is functional system testing ?

Testing the end to end functionality of the system as a whole.

42. What is the difference between re-testing and regression testing?

Re-testing ensures the original fault has been removed; regression testing looks for
unexpected sideeffects
Below are the differences between Regression Testing and Retesting.

a) Retesting is carried out to verify defect fix / fixes. Regression testing is done to check if
the defect fix / fixes have not impacted other functionality of the application that was
working fine before applying the code changes.

b) Retesting is planned based for the defect fixes listed in Build Notes. Regression testing is
generic and may not be always specific to any defect fix or code change and can be planned
as regional or full regression testing.

c) Retesting involves executing test cases that were failed earlier and regression testing
involves executing test cases that were passed earlier build i.e., functionality that was
working in earlier builds.

5
d) Retesting will involve rerunning failed test cases that are associated with defect(s) fixes
being verified. Regression testing does not involve verifying defect fix but only executing
regression test cases.

e) Retesting always takes higher priority over Regression testing i.e., Regression testing is
done after completing Retesting. In some projects where there are ample testing resources,
Regression testing is carried out in parallel with retesting.

f) Though Retesting and regression testing have different objectives and priorities, they
equally important for project’s success.

72. The purpose of requirement phase is

To freeze requirements, to understand user needs, to define the scope of testing

73. How much testing is enough?

The answer depends on the risks for your industry, contract and special requirements

79. What is a failure?

Failure is a departure from specified behaviour.

99. What is exploratory testing?

Exploratory testing is a hands-on approach in which testers are involved in minimum

planning and maximum test execution. The planning involves the cre-ation of a test charter,
a short declaration of the scope of a short (1 to 2 hour) time-boxed test effort, the objectives
and possible approaches to be used. The test design and test execution activities are
performed in parallel typi-cally without formally documenting the test conditions, test cases
or test scripts. This does not mean that other, more formal testing techniques will not be
used. For example, the tester may decide to use boundary value analysis but will think
through and test the most important boundary values without necessarily writing them
down. Some notes will be written during the exploratory-testing session, so that a report can
be produced afterwards.

100. What is failure?

Deviation from expected result to actual result

Software testing life cycle identifies what test activities to carry out and when (what is the
best time) to accomplish those test activities. Even though testing differs between
organizations, there is a testing life cycle.

4. What is the difference between Priority and Severity?

The terms Priority and Severity are used in Bug Tracking to share the importance of a bug
among the team and to fix it.
Severity: Is found in the Application point of view

6
Priority- Is found in the User point of view
Severity- (tells the seriousness/depth of the bug)

1. The Severity status is used to explain how badly the deviation is affecting the build.
2. The severity type is defined by the tester based on the written test cases and
functionality.

Example

If an application or a web page crashes when a remote link is clicked, in this case clicking the
remote link by an user is rare but the impact of application crashing is severe, so the
severity is high and priority is low.

PRIORITY- (tells which bug should rectify first)

1. The Priority status is set by the tester to the developer mentioning the time frame to
fix a defect. If High priority is mentioned then the developer has to fix it at the
earliest.
2. The priority status is set based on the customer requirements.

Example

If the company name is misspelled in the home page of a website, then the priority is high
and the severity is low to fix it.

Severity: Describes the bug in terms of functionality.

Priority: Describes the bug in terms of customer.

Few examples:

High Severity and Low Priority -> Application doesn't allow customer expected
configuration.
High Severity and High Priority -> Application doesn't allow multiple user's.
Low Severity and High Priority -> No error message to prevent wrong operation.
Low Severity and low Priority -> Error message is having complex meaning.

Or

Few examples:

High Severity -Low priority

Supposing, you try the wildest or the weirdest of operations in a software (say, to be
released the next day) which a normal user would not do and supposing this renders a run -
time error in the application,the severity would be high. The priority would be low as the
operations or the steps which rendered this error by most chances will not be done by a
user.

Low Severity -High priority

An example would be- you find a spelling mistake in the name of the website which you are
testing.Say, the name is supposed to be Google and its spelled there as 'Gaogle'. Though, it
doesn't affect the basic functionality of the software, it needs to be corrected before the
release. Hence, the priority is high.

High severity- High Priority

7
A bug which is a show stopper. i.e., a bug due to which we are unable to proceed our
testing.An example would be a run time error during the normal operation of the
software,which would cause the application to quit abruptly.

Low severity - low priority

Cosmetic bugs

What is Defect Severity?

A defect is a product anomaly or flaw, which is variance from desired product specification.
The classification of defect based on its impact on operation of product is called Defect
Severity.

10. What is the difference between High level and Low Level test case?

High level Test cases are those which cover major functionality in the application (i.e.
retrieve, update display, cancel (functionality related test cases), database test cases).
Low level test cases are those related to User Interface (UI) in the application.

12. Explain Risk Analysis in Software Testing?

In Software Testing, Risk Analysis is the process of identifying risks in applications and
prioritizing them to test.

In Software testing some unavoidable risk might takes place like

 Change in requirements or Incomplete requirements

 Time allocation for testing.
 Developers delaying to deliver the build for testing.
 Urgency from client for delivery.
 Defect Leakage due to application size or complexity.

To overcome these risks, the following activities can be done

 Conducting Risk Assessment review meeting with the development team.

 Profile for Risk coverage is created by mentioning the importance of each area.
 Using maximum resources to work on High Risk areas like allocating more testers for
High risk areas and minimum resources for Medium and Low risk areas. Creation of
Risk assessment database for future maintenance and management review.

13. What is the difference between Two Tier Architecture and Three Tier
Architecture?

In Two Tier Architecture or Client/Server Architecture two layers like Client and Server
is involved. The Client sends request to Server and the Server responds to the request by
fetching the data from it. The problem with the Two Tier Architecture is the server cannot
respond to multiple requests at the same time which causes data integrity issues.
The Client/Server Testing involves testing the Two Tier Architecture of user interface in the
front end and database as backend with dependencies on Client, Hardware and Servers.

In Three Tier Architecture or Multi Tier Architecture three layers like Client, Server and
Database are involved. In this the Client sends a request to Server, where the Server sends
the request to Database for data, based on that request the Database sends back the data to
Server and from Server the data is forwarded to Client.

The Web Application Testing involves testing the Three Tier Architecture including the User

8
interface, Functionality, Performance, Compatibility, Security and Database testing.

14. What is the difference between Static testing and dynamic testing?

Static Testing (done in Verification stage)

Static Testing is a White Box testing technique where the developers verify or test their code
with the help of checklist to find errors in it, this type of testing is done without running the
actually developed application or program. Code Reviews, Inspections, Walkthroughs are
mostly done in this stage of testing.

Dynamic Testing (done in Validation stage)

Dynamic Testing is done by executing the actual application with valid inputs to check the
expected output. Examples of Dynamic Testing methodologies are Unit Testing, Integration
Testing, System Testing and Acceptance Testing.

Some differences between Static Testing and Dynamic Testing are,

 Static Testing is more cost effective than Dynamic Testing because Static Testing is
done in the initial stage.
 In terms of Statement Coverage, the Static Testing covers more areas than Dynamic
Testing in shorter time.
 Static Testing is done before the code deployment where the Dynamic Testing is done
after the code deployment.
 Static Testing is done in the Verification stage where the Dynamic Testing is done in
the Validation stage.

15. Explain Use case diagram. What are the attributes of use cases?

Use Case Diagrams is an overview graphical representation of the functionality in a system.

It is used in the analysis phase of a project to specify the system to be developed.
In Use Case Diagrams the whole system is defined as ACTORS, USE CASES and
ASSOCIATIONS, the ACTORS are the external part of the system like users, computer
software & hardware, USECASES is the behavior or functionality of the system when these
ACTORS perform an action, the ASSOCIATIONS are the line drawn to show the connection
between ACTORS and USECASES. One ACTOR can link too many USECASES and one
USECASE can link too many ACTORS.

16. What is Web Application testing? Explain the different phases in Web
Application testing?

Web Application testing is done on a website to check its load, performance, Security,
Functionality, Interface, compatibility and other usability related issues. In Web application
testing, three phases of testing is done, they are,

Web Tier Testing

In Web tier testing, the browser compatibility of the application will be tested for IE, Fire Fox
and other web browsers.

Middle Tier Testing

In Middle tier testing, the functionality and security issues were tested.

Database Tier Testing

In Database tier testing, the database integrity and the contents of the database were tested
and verified.

9
17. Explain Unit testing, Interface Testing and Integration testing. Also explain the
types of integration testing in brief?

Unit testing

Unit Testing is done to check whether the individual modules of the source code are working
properly. i.e. testing each and every unit of the application separately by the developer in
developer's environment.

Interface Testing

Interface Testing is done to check whether the individual modules are communicating
properly one among other as per the specifications.
Interface testing is mostly used in testing the user interface of GUI application.

Integration testing

Integration Testing is done to check the connectivity by combining all the individual modules
together and test the functionality.

The types of Integration Testing are

1. Big Bang Integration Testing

In Big Bang Integration Testing, the individual modules are not integrated until all the
modules are ready. Then they will run to check whether it is performing well.

In this type of testing, some disadvantages might occur like,

Defects can be found at the later stage.It would be difficult to find out whether the defect
arouse in Interface or in module.

2. Top Down Integration Testing

In Top Down Integration Testing, the high level modules are integrated and tested first. i.e
Testing from main module to sub module. In this type of testing, Stubs are used as
temporary module if a module is not ready for integration testing.

3. Bottom Up Integration Testing

In Bottom Up Integration Testing, the low level modules are integrated and tested first i.e
Testing from sub module to main module. Same like Stubs, here drivers are used as a
temporary module for integration testing.

18. Explain Alpha, Beta, Gamma Testing?

Alpha Testing:

Alpha Testing is mostly like performing usability testing which is done by the in-house
developers who developed the software or testers. Sometimes this Alpha Testing is done by
the client or an outsider with the presence of developer and tester. The version release after
alpha testing is called Alpha Release.

Beta Testing:

10
Beta Testing is done by limited number of end users before delivery, the change request
would be fixed if the user gives feedback or reports defect. The version release after beta
testing is called beta Release.

Gamma Testing:

Gamma Testing is done when the software is ready for release with specified requirements,
this testing is done directly by skipping all the in-house testing activities.

19. Explain the methods and techniques used for Security Testing?

Security testing can be performed in many ways like,

1. Black Box Testing

2. White Box Testing
3. Database Testing

1. Black Box Testing

a. Session Hijacking

Session Hijacking commonly called as "IP Spoofing" where a user session will be attacked on
a protected network.

b. Session Prediction

Session prediction is a method of obtaining data or a session ID of an authorized user and

gets access to the application. In a web application the session ID can be retrieved from
cookies or URL.
The session prediction happening can be predicted when a website is not responding
normally or stops responding for an unknown reason.

c. Email Spoofing

Email Spoofing is duplicating the email header ("From" address) to look like originated from
actual source and if the email is replied it will land in the spammers inbox. By inserting
commands in the header the message information can be altered. It is possible to send a
spoofed email with information you didn't write.

d. Content Spoofing

Content spoofing is a technique to develop a fake website and make the user believe that the
information and website is genuine. When the user enters his Credit Card Number, Password,
SSN and other important details the hacker can get the data and use if for fraud purposes.

e. Phishing

Phishing is similar to Email Spoofing where the hacker sends a genuine look like mail
attempting to get the personal and financial information of the user. The emails will appear
to have come from well known websites.

f. Password Cracking

Password Cracking is used to identify an unknown password or to identify a forgotten

password

Password cracking can be done through two ways,

11
 1. Brute Force – The hacker tries with a combination of characters within a length
and tries until it is getting accepted.
2. Password Dictionary – The hacker uses the Password dictionary where it is
available on various topics.

2. White Box level

a. Malicious Code Injection

SQL Injection is most popular in Code Injection Attack, the hacker attach the malicious code
into the good code by inserting the field in the application. The motive behind the injection is
to steal the secured information which was intended to be used by a set of users.

Apart from SQL Injection, the other types of malicious code injection are XPath Injection,
LDAP Injection, and Command Execution Injection. Similar to SQL Injection the XPath
Injection deals with XML document.

b. Penetration Testing:

Penetration Testing is used to check the security of a computer or a network. The test
process explores all the security aspects of the system and tries to penetrate the system.

c. Input validation:

Input validation is used to defend the applications from hackers. If the input is not validated
mostly in web applications it could lead to system crashes, database manipulation and
corruption.

d. Variable Manipulation

Variable manipulation is used as a method for specifying or editing the variables in a

program. It is mostly used to alter the data sent to web server.

3. Database Level

a. SQL Injection

SQL Injection is used to hack the websites by changing the backend SQL statements, using
this technique the hacker can steal the data from database and also delete and modify it.

20. Explain IEEE 829 standards and other Software Testing standards?

An IEEE 829 standard is used for Software Test Documentation, where it specifies format for
the set of documents to be used in the different stages software testing. The documents are,

Test Plan- Test Plan is a planning document which has information about the scope,
resources, duration, test coverage and other details.
Test Design- Test Design document has information of test pass criteria with test conditions
and expected results.
Test Case- Test case document has information about the test data to be used.
Test Procedure- Test Procedure has information about the test steps to be followed and
how to execute it.
Test Log- Test log has details about the run test cases, test plans & fail status, order, and
the resource information who tested it.
Test Incident Report- Test Incident Report has information about the failed test comparing
the actual result with expected result.
Test Summary Report- Test Summary Report has information about the testing done and
quality of the software, it also analyses whether the software has met the requirements
given by customer.

12
The other standards related to software testing are,

IEEE 1008 is for Unit Testing

IEEE 1012 is for Software verification and validation
IEEE 1028 is for Software Inspections
IEEE 1061 is for Software metrics and methodology
IEEE 1233 is for guiding the SRS development
IEEE 12207 is for SLC process

22. What is the difference between bug log and defect tracking?

Bug Log: Bug Log document showing the number of defect such as open, closed, reopen or
deferred of a particular module

Defect Tracking- The process of tracking a defect such as symptom, whether reproducible
/not, priority, severity and status.

23. What are Integration Testing and Regression Testing?

Integration Testing:

 Combining the modules together & construct software architecture.

 To test the communication & data flow
 White & Black box testing techniques are used
 It is done by developer & tester

Regression Testing

 It is re-execution of our testing after the bug is fixed to ensure that the build is free
from bugs.
 Done after bug is fixed
 It is done by Tester

24. Explain Peer Review in Software Testing?

It is an alternative form of Testing, where some colleagues were invited to examine your
work products for defects and improvement opportunities.
Some Peer review approaches are,

Inspection

It is a more systematic and rigorous type of peer review. Inspections are more effective at
finding defects than are informal reviews.
Ex: In Motorola's Iridium project nearly 80% of the defects were detected through
inspections where only 60% of the defects were detected through formal reviews.

Team Reviews: It is a planned and structured approach but less formal and less rigorous
comparing to Inspections.
Walkthrough: It is an informal review because the work product's author describes it to some
colleagues and asks for suggestions. Walkthroughs are informal because they typically do not
follow a defined procedure, do not specify exit criteria, require no management reporting,
and generate no metrics.

Or

A 'walkthrough' is an informal meeting for evaluation or informational purposes. Little or

no preparation is usually required.
Pair Programming: In Pair Programming, two developers work together on the same

13
program at a single workstation and continuously reviewing their work.

25. Explain Compatibility testing with an example?

Compatibility testing is to evaluate the application compatibility with the computing

environment like Operating System, Database, Browser compatibility, backwards
compatibility, computing capacity of the Hardware Platform and compatibility of the
Peripherals.

Example

If Compatibility testing is done on a Game application, before installing a game on a

computer, its compatibility is checked with the computer specification that whether it is
compatible with the computer having that much of specification or not.

26. What is Traceability Matrix?

Traceability Matrix is a document used for tracking the requirement, Test cases and the
defect. This document is prepared to make the clients satisfy that the coverage done is
complete as end to end, this document consists of Requirement/Base line doc Ref No., Test
case/Condition, Defects / Bug id. Using this document the person can track the Requirement
based on the Defect id.

27. Explain Boundary value testing and Equivalence testing with some examples?

Boundary value testing is a technique to find whether the application is accepting the
expected range of values and rejecting the values which falls out of range.

Exmple

A user ID text box has to accept alphabet characters ( a-z ) with length of 4 to 10
characters.
BVA is done like this, max value: 10 pass; max-1: 9 pass;
max+1=11 fail ;min=4 pass;min+1=5 pass;min-1=3 fail;
Like wise we check the corner values and come out with a conclusion whether the application
is accepting correct range of values.

Equivalence testing is normally used to check the type of the object.

Example

A user ID text box has to accept alphabet characters (a - z) with length of 4 to 10

characters.
In +ve condition we have test the object by giving alphabets. i.e. a-z char only, after that we
need to check whether the object accepts the value, it will pass.
In -ve condition we have to test by giving other than alphabets (a-z) i.e. A-Z, 0-9, blank etc,
it will fail.

28. What is Security testing?

Security testing is the process that determines that confidential data stays confidential
Or
Testing how well the system protects against unauthorized internal or external access, willful
damage, etc?
This process involves functional testing, penetration testing and verification.

29. What is Installation testing?

Installation testing is done to verify whether the hardware and software are installed and

14
configured properly. This will ensure that all the system components were used during the
testing process. This Installation testing will look out the testing for a high volume data,
error messages as well as security testing.

30. What is AUT?

AUT is nothing but "Application Under Test". After the designing and coding phase in
Software development life cycle, the application comes for testing then at that time the
application is stated as Application Under Test.

31. What is Defect Leakage?

Defect leakage occurs at the Customer or the End user side after the application delivery.
After the release of the application to the client, if the end user gets any type of defects by
using that application then it is called as Defect leakage. This Defect Leakage is also called as
Bug Leakage.

32. What are the contents in an effective Bug report?

1. Project
2. Subject
3. Description
4. Summary
5. Detected By (Name of the Tester)
6. Assigned To (Name of the Developer who is supposed to the Bug)
7. Test Lead (Name)
8. Detected in Version
9. Closed in Version
10. Date Detected
11. Expected Date of Closure
12. Actual Date of Closure
13. Priority (Medium, Low, High, Urgent)
14. Severity (Ranges from 1 to 5)
15. Status
16. Bug ID
17. Attachment
18. Test Case Failed (Test case that is failed for the Bug)

33. What is Error guessing and Error seeding?

Error Guessing is a test case design technique where the tester has to guess what faults
might occur and to design the tests to represent them.
Error Seeding is the process of adding known faults intentionally in a program for the reason
of monitoring the rate of detection & removal and also to estimate the number of faults
remaining in the program.

34. What is Ad-hoc testing?

Ad hoc testing is concern with the Application Testing without following any rules or test
cases.
For Ad hoc testing one should have strong knowledge about the Application.

37. What is the difference between Software Testing and Quality Assurance (QA)?

Software Testing involves operation of a system or application under controlled conditions

and evaluating the result. It is oriented to 'detection'.

15
Quality Assurance (QA) involves the entire software development PROCESS- monitoring and
improving the process, making sure that any agreed-upon standards and procedures are
followed, and ensuring that problems are found and dealt with. It is oriented to 'prevention'.

52. How do you go about testing of Web Application?

To approach a web application testing, the first attack on the application should be on its
performance behavior as that is very important for a web application and then transfer of
data between web server and .front end server, security server and back end server.

55. What is Mutation testing & when can it be done?

Mutation testing is a powerful fault-based testing technique for unit level testing. Since it is a
fault-based testing technique, it is aimed at testing and uncovering some specific kinds of
faults, namely simple syntactic changes to a program. Mutation testing is based on two
assumptions: the competent programmer hypothesis and the coupling effect. The competent
programmer hypothesis assumes that competent programmers turn to write nearly "correct"
programs. The coupling effect stated that a set of test data that can uncover all simple faults
in a program is also capable of detecting more complex faults. Mutation testing injects faults
into code to determine optimal test inputs.

57. How will you review the test case and how many types are there?

There are 2 types of review:

Informal Review: technical lead reviewing.

Peer Review: by a peer at the same organization (walkthrough? technical - inspection).

Or
Reviews:

1. Management Review
2. Technical Review
3. Code Review
4. Formal Review (Inspections and Audits)
5. Informal Review (Peer Review and Code Review)

and coming to walk through....

objectives of Reviews:

1. To find defects in requirements.

2. To find defects in Design.
3. To identify deviations in any process and also provide valued suggestions to improve
the process.

58. What do you mean by Pilot Testing?

 Pilot testing involves having a group of end users try the system prior to its full
deployment in order to give feedback on IIS 5.0 features and functions.
Or
Pilot Testing is a Testing Activity which resembles the Production Environment.
 It is Done Exactly between UAT and Production Drop.
 Few Users who simulate the Production environment to continue the Business Activity
with the System.

16
  They Will Check the Major Functionality of the System before going into production.
This is basically done to avoid the high-level Disasters.
 Priority of the Pilot Testing Is High and Issues Raised in Pilot Testing has to be Fixed
As Soon As Possible.

59. What is SRS and BRS in manual testing?

BRS is Business Requirement Specification which means the client who want to make the
application gives the specification to software development organization and then the
organization convert it to SRS (Software requirement Specification) as per the need of the
software.

60. What is Smoke Test and Sanity Testing? When will use the Above Tests?

Smoke Testing: It is done to make sure if the build we got is testable or not, i.e to check
for the testability of the build also called as "day 0" check. Done at the 'build level'
Sanity Testing: It is done during the release phase to check for the main functionalities
without going deeper. Sometimes also called as subset of regression testing. When no
rigorous regression testing is done to the build, sanity does that part by checking major
functionalities. Done at the 'release level'

61. What is debugging?

Debugging is finding and removing "bugs" which cause the program to respond in a way that
is not intended.

77. How would you ensure 100% coverage of testing?

We can not perform 100% testing on any application. but the criteria to ensure test
completion on a project are:

1. All the test cases are executed with the certain percentage of pass.
2. Bug falls below a certain level
3. Test budget depleted
4. Dead lines reached (project or test)
5. When all the functionalities are covered in a test cases
6. All critical & high bugs must have a status of CLOSED

78. Do you go about testing a web application?

Ideally to test a web application, the components and functionality on both the client and
server side should be tested. But it is practically impossible

The best approach to examine the project's requirements, set priorities based on risk
analysis, and then determine where to focus testing efforts within budget and schedule
constraints.
To test a web application we need to perform testing for both GUI and client-server
architecture.

Based on many factors like project requirements, risk analysis, budget and schedule, we can
determine that what kind of testing will be appropriate for your project. We can perform unit
n integration testing, functionality testing, GUI testing, usability testing, compatibility
testing, security testing, performance testing, recovery testing and regression testing.

79. What are your strengths?

I'm well motivated, well-organized, good team player, dedicative to work and I've got a
strong desire to succeed, and I'm always ready and willing to learn new information and

17
skills.

80. When should you begin testing?

For any Project, testing activity will be there from starting onwards, After the Requirements
gathering, Design Document (High and Low) will be prepared, that will be tested, whether
they are confirming to requirements or not, Design then Coding- White box will be done,
after the Build or System is ready, Integration followed by functional testing will be done, Till
the product or Project was stable. After the product or project is stable, then testing will be
stopped.

81. When should you begin test planning?

Test planning is done by test lead. As a test lead test planning begins when TRM is finalized
by project manager and handover to the test lead. Here test lead have some responsibilities
those are,

1. Testing team formation

2. identifying tactical risks
3. preparing test plan
4. Reviews on test plans

82. Would you like to work in a team or alone, why?

I would like to work in a team. Because the process of software development

is like a relay race where many runners have to contribute in their respective laps. It is
important because the complexity of work and degree of efforts required is beyond level of
an individual.

87. How involved where you with your Team Lead in writing the Test Plan?

As per my knowledge Test Member are always out of scope while preparing the Test Plan,
Test Plan is a higher level document for Testing Team. Test Plan includes Purpose, scope,
Customer/Client scope, schedule, Hardware, Deliverables and Test Cases etc. Test plan
derived from PMP (Project Management Plan). Team member scope is just go through TEST
PLAN then they come to know what all are their responsibilities, Deliverable of modules.

Test Plan is just for input documents for every testing Team as well as Test Lead.

88. What processes/methodologies are you familiar with?

Methodology

1. Spiral methodology
2. Waterfall methodology. these two are old methods.
3. Rational unified processing. this is from I B M and
4. Rapid application development. this is from Microsoft office.

fields. It is important because it functions as a publishing house and standards-making body.

101. Define Verification and Validation. Explain the differences between the two.

Verification - Evaluation done at the end of a phase to determine that requirements are
established during the previous phase have been met. Generally Verification refers to the
overall s/w evaluation activity, including reviewing, inspecting, checking and auditing.

Validation: - The process of evaluating s/w at the end of the development process to ensure

18
compliance with requirements. Validation typically involves actual testing and takes place
after verification is complete.

Or

Verification: Whether we are building the product right?

Validation: Whether we are building the right product/System?

112. What is migration testing?

Changing of an application or changing of their versions and conducting testing is migration

testing. Testing of programs or procedures used to convert data from existing systems for
use in replacement systems.

113. What is terminology? Why testing Necessary fundamental test process

psychology of testing Testing Terminologies

Error: a human action that produces an incorrect result.

Fault: a manifestation of an error in software.

Failure: a deviation of the software from its expected delivery or service.

Reliability: the probability that the software will not cause the failure of the system for a
specified time under specified conditions.

Why Testing is Necessary

Testing is necessary because software is likely to have faults in it and it is better (cheaper,
quicker and more expedient) to find and remove these faults before it is put into live
operation. Failures that occur during live operation are much more expensive to deal with
than failures than occur during testing prior to the release of the software. Of course other
consequences of a system failing during live operation include the possibility of the software
supplier being sued by the customers!

Testing is also necessary so we can learn about the reliability of the software (that is, how
likely it is to fail within a specified time under specified conditions).

114. What is UAT testing? When it is to be done?

UAT stands for 'User acceptance Testing' This testing is carried out with the user perspective
and it is usually done before a release
UAT stands for User Acceptance Testing. It is done by the end users along with testers to
validate the functionality of the application. It is also called as Pre-Production testing.

116. What is the difference between a test strategy and a test plan?

TEST PLAN: IT IS PLAN FOR TESTING.IT DEFINES SCOPE, APPROACH, AND

ENVIRONEMENT.

TEST STRATEGY: A TEST STRATEGY IS NOT A DOCUMENT.IT IS A FRAMEWORK FOR

MAKING DECISIONS ABOUT VALUE.

Sample Test Case:

19
 Test
Test Case Input Expected Actual
Case Pass/Fail Remarks
Description Data Result Result
ID

Sample Bug Case:

Initial Bug Retesting Bug

S. no Links Bug ID Description Conf Bug Status
Status Status

39. What is negative and positive testing?

A negative test is when you put in an invalid input and receives errors. While positive testing
is when you put in a valid input and expect some action to be completed in accordance with
the specification.
40. What is the purpose of a test completion criterion?
The purpose of test completion criterion is to determine when to stop testing
46. An input field takes the year of birth between 1900 and 2004. What the
boundary values for testing this field are?
1899,1900,2004,2005
101. What is the difference between STLC (Software Testing Life Cycle) and SDLC
(Software Development Life Cycle)?
SDLC deals with development/coding of the software while STLC deales with validation and
verification of the software
102. What is traceability matrix?
The relationship between test cases and requirements is shown with the help of a document.
This document is known as traceability matrix.

107. What are verification and validation?

Verification is a process of evaluating software at development phase and to decide whether
the product of a given application satisfies the specified requirements. Validation is the
process of evaluating software at the end of the development process and to check whether
it meets the customer requirements.

108. What are different test levels?

There are four test levels

1. Unit/component/program/module testing
2. Integration testing
3. System testing
4. Acceptance testing

111. What is the difference between UAT (User Acceptance Testing) and System
testing?
System Testing: System testing is finding defects when the system under goes testing as a
whole, it is also known as the end to end testing. In such type of testing, the application
undergoes from beginning till the end.

20
UAT: User Acceptance Testing (UAT) involves running a product through a series of specific
tests which determines whether the product will meet the needs of its users.

114. What is the difference between test scenarios, test cases and test script?
Difference between test scenarios and test cases is that
Test Scenarios: Test scenario is prepared before the actual testing starts, it includes plans
for testing product, number of team members, environmental condition, making test cases,
making test plans and all the features that are to be tested for the product.
Test Cases: It is a document that contains the steps that have to be executed, it has been
planned earlier.
Test Script: It is written in a programming language and it's a short program used to test
part of the functionality of the software system. In other words a written set of steps that
should be performed manually.
115. What is a Latent defect?
Latent defect: This defect is an existing defect in the system which does not cause any
failure as the exact set of conditions has never been met
116. What are the two parameters which can be useful to know the quality of test
execution?
To know the quality of test execution, we can use two parameters

 Defect reject ratio

 Defect leakage ratio

118. Explain what Test Deliverables is?

Test Deliverables are set of documents, tools and other components that have to be
developed and maintained in support of testing.
There are different test deliverables at every phase of the software development lifecycle

 Before Testing
 During Testing
 After the Testing

124. Explain what Test Plan is? What is the information that should be covered in
Test Plan?
A test plan can be defined as a document describing the scope, approach, resources, and
schedule of testing activities and a test plan should cover the following details.

 Test Strategy
 Test Objective
 Exit/Suspension Criteria
 Resource Planning
 Test Deliverables

127. On what basis you can arrive at an estimation for your project?
To estimate your project, you have to consider following points

 Divide the whole project into the smallest tasks

 Allocate each task to team members
 Estimate the effort required to complete each task
 Validate the estimation

128. Explain how you would allocate tasks to team members?

Task Member

21
  Analyze software requirement specification  All the members

 Create the test specification  Tester/Test Analyst

 Build up the test environment  Test administrator

 Execute the test cases  Tester, Test administrator

 Report defects  Tester

129. Explain what is testing type and what are the commonly used testing type?
To get an expected test outcome, a standard procedure is followed which is referred as
Testing Type.
Commonly used testing types are

 Unit Testing: Test the smallest code of an application

 API Testing: Testing API created for the application
 Integration Testing: Individual software modules are combined and tested
 System Testing: Complete testing of the system
 Install/UnInstall Testing: Testing done from the point of client/customer view
 Agile Testing: Testing through Agile technique

140. What is DFD (Data Flow Diagram)?

When a "flow of data" through an information system is graphically represented, then it is
known as Data Flow Diagram. It is also used for the visualization of data processing.

153. Mention what is bottom-up testing?

Bottom-up testing is an approach to integration testing, where the lowest level components
are tested first, then used to facilitate the testing of higher level components. The process is
repeated until the component at the top of the hierarchy is tested.
Q #1) What do you understand by web application?
Answer: Web application is a means to communicate and exchange information with the
customers. Unlike any desktop applications which are executed by an operating system, a
web application runs on a web server and is accessed by a web browser which acts as a
client.
The best Example of a web application is ‘Gmail’. In Gmail, the interaction done by an
individual user is completely independent of the others. You can send and receive
information through emails and also through attachments.
You can maintain documents in a drive, maintain spreadsheets in Google docs and includes
much more such features which make a user realize that they have an environment which is
customized to their specific identity.

Q #5) Is Web application testing different from Desktop Application testing? Explain how.
Answer: Yes, there is a lot of difference between web application and desktop application.
This can be explained with the help of the below-mentioned table:

22
 Web Application Desktop Application

Definition Web applications are the one which can Desktop applications are one
run on any client machine having the which are separately installed and
internet connection without any executed on the personal
installation of the execution file. computer.

Performance User actions, feedback, statistics can be User actions cannot be monitored
easily monitored as well as data updating as well as changes in data can be
in one place is reflected everywhere in only reflected at the machine.
web application.

Connectivity Desktop application can be only

Web application can be accessed on any accessed on specific PC where
PC having internet connection using web application is installed.
browser where performance of the
application depends on internet speed.

Security Desktop application is less prone

Risks Web application is more prone to security to security threats where user can
threats as applications can be accessed by keep a check on security issues at
anyone on the internet. the system level.

User data Data is stored, saved and

User data is saved and accessed remotely accessed from the same machine
in case of web applications. on which application is installed.
Q #6) What is Intranet Application?
Answer: Intranet application is a kind of private application which is deployed and run on
local LAN server and can only be accessed by the people within the organization. It uses local
network to share information.
Example: Organization usually has an application which stores information about your
attendance, holidays, upcoming celebrations within the organization or some important event
or information that needs to be circulated within the organization.
Q #7) Explain the difference between Authorization and Authentication in Web testing.
Answer: The difference between Authorization and Authentication is explained in below
table:
Authorization
Authentication

1 Authentication is the process with which Authorization is the process with which system
the system identifies who the user is? identifies what user is authorized to do?

2 Authentication determines the identity of Authorization decides the privileges given to the
the user. user i.e. whether the user can access or
manipulate features of certain program.

3 There are different types of There are two types of authorizations, like read
authentications, like password based, only and read write both.
device based, etc.

4 For example: Within an organization, For example: Only account manager or person
each and every employee can login into in accounts department can access account
an intranet application. section.
Q #8) What are the types of Web testing security problems?

23
Answer: Few web security problems include:
 Denial of Service (DOS) attack
 Buffer overflow
 Directly passing internal URL through browser address
 Viewing other stats
Q #9) Define HTTP.
Answer: HTTP stands for Hypertext Transfer Protocol. HTTP is the data transfer protocol
which defines how messages are formatted and transferred over World Wide Web. HTTP also
determines the response of the actions performed by web servers and browsers.
For Example, when an URL is entered on the web browser, the HTTP command is sent to the
web server which in turn fetches the requested web browser.
Q #10) Define HTTPS.
Answer: HTTPS stands for Hypertext Transfer Protocol Secure. This is basically HTTP over
SSL (Secure Socket Layer) for security purposes. There is always chances of eavesdrop on
data being transferred between a user and the web server when the website uses HTTP
protocol.
Therefore, websites use secure way i.e. SSL encryption of data sent back and forth using
HTTPS protocol. Almost all the websites that require user log in uses HTTPS protocol.
Few Examples are banking websites, e-commerce websites, etc.
Q #11) What are the common problems faced in Web testing?
Answer: Some of the common problems faced in web testing are enlisted below:
 Server Problem, which includes server down and server under maintenance problems.
 Database connection problem.
 Hardware and browser compatibility problems.
 Security related problems.
 Performance and load related problems.
 GUI (graphical user interface) related problems.
Q #12) What is Cookie testing?
Answer: Cookie is said to be a personalized user’s identity or information which is required
to communicate between different web pages as well as track user’s navigation through the
website pages. Whenever we access any website on any web browser, their respective cookie
is written on the hard disk.
Cookies are used to track user sessions, displays ads, remember user’s choice while
accessing any website, remember and retrieve user’s shopping cart, track the unique number
of visitors, etc.

Suppose an e-commerce site is accessible in many countries like US, Canada, Australia and
their testing is done in India. In that case, while testing the e-commerce site for different
countries in India, at first respective countries cookies is set so that actual data like time
zone etc., are accessed of that particular country.

Q #13) Define Client-side validation.

Answer: Client-side validation is the one which is basically done at the browser level where
user’s input is validated at the browser itself with no involvement of the server.
Let’s understand it with the help of an Example.
Suppose a user is entering an incorrect email format while filling a form. The browser will
then and there prompt an error message to correct it before moving on to next field. Thus
every field is corrected before submitting the form.

The client-side validation is usually done by script language such as JavaScript, VBScript,
HTML 5 attributes.

The two types of Client-side validation are:

 Field level validation
 Form level validation

24
Q #14) What do you understand by Server-side validation?
Answer: Server-side validation occurs where the validation and processing of user requests
require the response from the server. To understand it more clearly, user’s input is being
sent to the server and validation is done using server-side scripting languages such as PHP,
Asp.NET, etc.
After the validation process, feedback is sent back to the client in the form of dynamically
generated web page.

When compared to the Client Side validation process, Server side validation process is more
secure because here application is protected against malicious attacks and users can easily
bypass client-side scripting language.

Q #15) Differentiate between Static and Dynamic website.

Answer: Difference between static and dynamic websites are as follows:
Static Website Dynamic website

Static websites are the one which gives out Dynamic websites are the one where user
information only and there is no sort of interaction is possible between the website and
interaction between the user and the user along with imparting information.
website.

Static websites are cheapest to develop Dynamic websites are more expensive to develop
and host. as well as their hosting cost is also more.

Static websites are easily loaded on client Dynamic websites usually take the time to load
browser because of its fixed content and on client browser because contents to display are
no database connectivity. dynamically created and retrieved using database
queries.

Static websites can be created from HTML, Dynamic websites require server application
CSS and does not require any server language like ASP.NET, JSP, PHP to run the
application language. application on the server and display the output
on the webpage.

Change in the content of the page of any Dynamic website provides facilities to change the
static website; require being uploaded on page content using server application.
server many times.
Q #16) What do you understand by Client-Server testing?
Answer: Client-server application is the one where the application itself is loaded or installed
on a server whereas application EXE file is loaded on all client machines. This environment is
usually used in Intranet networks.
Following tests are performed on a Client-server application:
 GUI testing on both client and server systems.
 Client-server interaction.
 The functionality of an application.
 Load and performance testing.
 Compatibility testing.
All the test cases and test scenarios used in client-server application testing is derived from
the tester’s experience and requirement specifications.

Q #24) What is a Proxy server?

Answer: Proxy server is a server which acts as an intermediary or is the one that lies
between the client and the main server.

25
The communication between the main server and client-server is done through a proxy
server as the client request of any connection, file, resources from the main server is sent
through a proxy server and again the response from the main server or local cached memory
to client-server is done through the proxy server.

Some of the most common proxy servers based on their purpose and functionality are listed
below:
 Transparent proxy
 Web proxy
 Anonymous proxy
 Distorting proxy
 High anonymity proxy
The proxy server is basically used for the following purposes:
 To improve the performance of web response.
 In case of presence of a document in a cache memory, the response is directly sent to
the client.
 Proxy server filters web page content in the form of web proxies.
 A proxy server is also used to block offensive web content to be accessed by the user
especially in an organization, school, and college.
 Web proxies prevent the attack of computer viruses and malware.
Q #25) What is Database server?
Answer: A Database server can be defined as a server that refers to the back-end system of
a database application that provides database services such as accessing and retrieving data
from the database.
Database server uses client/server architecture where the data can be accessed either
through the database server by a “front end” which runs and displays data on user’s machine
or “back end” which runs on the database server itself.

A database server is like a data warehouse and also holds on Database Management System
(DBMS).

Ques.4. What is Quality Assurance?

Ans. Quality assurance is a process driven approach which checks if the process of
developing the product is correct and conforming to all the standards. It is considered as a
preventive measure as it identifies the weakness in the process to build a software. It
involves activites like document review, test cases review, walkthroughs, inspection etc.

Ques.5. What is Quality Control?

Ans. Quality control is product driven approach which checks that the developed product
conforms to all the specified requirements. It is considered as a corrective measure as it
tests the built product to find the defects. It involves different types of testing like functional
testing, performance testing, usability testing etc.

Ques.6. What is the difference between Verification and Validation?

Ans. Following are the major differences between verification and validation-

# Verification Validation

26
 Verification is the process of evaluating the
Validation is the process of
artifacts as well as the process of software
validating that the developed
1. development in order to ensure that the
software product conforms to the
product being developed will comply to the
specified business requirements.
standards.

It is static process of analysing the It involves dynamic testing of

2.
documents and not the actual end product. software product by running it.

Validation is a product oriented

3. Verification is a process oriented approach.
approach.

Answers the question - "Are we building Answers the question - "Are we

4.
the product right?" building the right product?"

Errors found during verification require Errors found during validation

lesser cost/resources to get fixed as require more cost/resources.
5.
compared to be found during validation Later the error is discovered
phase. higher is the cost to fix it.

Ques.7. What is SDLC?

Ans. Software Development Life Cycle refers to all the activities that are performed during
software development, including - requirement analysis, designing, implementation, testing,
deployment and maintenance phases.

27
Ques.8. Explain STLC - Software Testing life cycle.
Software testing life cycle refers to all the activities performed during testing of a software
product. The phases include-

 Requirement analyses and validation - In this phase the requirements documents are
analysed and validated and scope of testing is defined.
 Test planning - In this phase test plan strategy is defined, estimation of test effort is
defined along with automation strategy and tool selection is done.
 Test Design and analysis - In this phase test cases are designed, test data is prepared
and automation scripts are implemented.
 Test environment setup - A test environment closely simulating the real world
environment is prepared.
 Test execution - The test cases are prepared, bugs are reported and retested once
resolved.
 Test closure and reporting - A test closure report is prepared having the final test
results summary, learnings and test metrics.

Ques.9. What are the different types of testing?

Testing can broadly be defined into two types-

 Functional testing - Functional testing involves validating the functional specifications

of the system.
 Non Functional testing - Non functional testing includes testing the non-functional
requirements of the system like performance, security, scalability, portability,
endurance etc.

Going by the way the testing is done, it can be categorized as-

28
  Black box testing - In black box testing, the tester need not have any knowledge of
the internal architecture or implementation of the system. The tester interact with the
system through the interface providing input and validating the received output.
 White box testing - In white box testing, the tester analyses the internal architecture
of the system as well as the quality of source code on different parameters like code
optimization, code coverage, code reusability etc.
 Gray box testing - In gray box testing, the tester has partial access to the internal
architecture of the system e.g. the tester may have access to the design documents
or database structure. This information helps tester to test the application better.

Ques.10. What is a test bed?

Ans. A test bed is a test environment used for testing an application. A test bed configuration
can consist of the hardware and software requirement of the application under test including
- operating system, hardware configurations, software configurations, tomcat, database etc.

Ques.11. What is a test plan?

Ans. A test plan is a formal document describing the scope of testing, the approach to be
used, resources required and time estimate of carrying out the testing process. It is derived
from the requirement documents(Software Requirement Specifications).

Ques.12. What is a test scenario?

Ans. A test scenario is derived from a use case. It is used for end end to end testing of a
feature of an application. A single test scenario can cater multiple test cases. The scenario
testing is particularly useful when there is time constraint while testing.

Ques.13. What is a test case?

Ans. A test case is used to test the conformance of an application with its requirement
specifications. It is a set of conditions with pre-requisites, input values and expected results
in a documented form.

Ques.14. What are some attributes of a test case?

Ans. A test case can have following attributes-

1. TestCaseId - A unique identifier of the test case.

2. Test Summary - Oneliner summary of the test case.
3. Description - Detailed description of the test case.
4. Prerequisite or pre-condition - A set of prerequisites that must be followed before
executing the test steps.
5. Test Steps - Detailed steps for performing the test case.
6. Expected result - The expected result in order to pass the test.
7. Actual result - The actual result after executing the test steps.
8. Test Result - Pass/Fail status of the test execution.
9. Automation Status - Identifier of automation - whether the application is automated
or not.
10. Date - The test execution date.
11. Executed by - Name of the person executing the test case.

29
Ques.15. What is a test script?
Ans. A test script is an automated test case written in any programming or scripting
langauge. These are basically a set of instructions to evaluate the functioning of an
application.

Ques.16. What is a bug?

Ans. A bug is a fault in a software product detected at the time of testing, causing it to
function in an unanticipated manner.

Ques.17. What is a defect?

Ans. A defect is non-conformance with the requirement of the product detected in
production (after the product goes live).

Ques.18. What are some defect reporting attributes?

Ans. Some of the attributes of a Defect resport are-

 DefectId - A unique identifier of the defect.

 Defect Summary - A one line summary of the defect, more like a defect title.
 Defect Description - A detailed description of the defect.
 Steps to reproduce - The steps to reproduce the defect.
 Expected Result - The expected behavior from which the application is deviating
because of the defect.
 Actual Result- The current erroneous state of the application w.r.t. the defect.
 Defect Severity - Based on the criticality of the defect, this field can be set to minor,
medium, major or show stopper.
 Priority - Based on the urgency of the defect, this field can be set on a scale of P0 to
P3.

Ques.19. What are some of the bug or defect management tools?

Ans. Some of the most widely used Defect Management tools are - Jira, Bugzilla, Redmine,
Mantis, Quality Center etc.

Ques.20. What is defect density?

Ans. Defect density is the measure of density of the defects in the system. It can be
calculated by dividing number of defect identified by the total number of line of code(or
methods or classes) in the application or program.

Ques.21. What is defect priority?

Ans. A defect priority is the urgency of the fixing the defect. Normally the defect priority is
set on a scale of P0 to P3 with P0 defect having the most urgency to fix.

Ques.22. What is defect severity?

Ans. Defect severity is the severity of the defect impacting the functionality. Based on the
organisation, we can have different levels of defect severity ranging from minor to critical or
show stopper.

30
Ques.23. Give an example of Low priority-Low severity, Low priority-High severity, High
priority-Low severity, High priority-High severity defects.
Ans.

1. Low priority-Low severity - A spelling mistake in a page not frequently navigated by

users.
2. Low priority-High severity - Application crashing in some very corner case.
3. High priority-Low severity - Slight change in logo color or spelling mistake in company
name.
4. High priority-High severity - Issue with login functionality.

Ques.24. What is a blocker?

Ans. A blocker is a bug of high priority and high severity. It prevents or blocks testing of
some other major portion of the application as well.

Ques.25. What is a critical bug?

Ans. A critical bug is a bug that impacts a major functionality of the application and the
application cannot be delivered without fixing the bug. It is different from blocker bug as it
doesn't affect or blocks the testing of other part of the application.

Ques.26. Explain bug lifecycle or the different states of a bug.

Ans. A bug goes through the following phases in software development-

 New - A bug or defect when detected is in New state

 Assigned - The newly detected bug when assigned to the corresponding developer is
in Assigned state
 Open - When the developer works on the bug, the bug lies in Open state
 Rejected/Not a bug - A bug lies in rejected state in case the developer feels the bug is
not genuine
 Deferred - A deferred bug is one, fix of which is deferred for some time(for the next
releases) based on urgency and criticality of the bug
 Fixed - When a bug is resolved by the developer it is marked as fixed
 Test - When fixed the bug is assigned to the tester and during this time the bug is
marked as in Test
 Reopened - If the tester is not satisfied with issue resolution the bug is moved to
Reopened state
 Verified - After the Test phase if the tester feels bug is resolved, it is marked as
verified
 Closed - After the bug is verified, it is moved to Closed status.

Ques.28. Explain the different types of specification based test design technique?
Ans. Specification based test design techniques are also referred to as blackbox testing. It
involves testing based on the specification of the system under test without knowing its
internal architecture. The different types of specification based test design or black box
testing techniques are-

31
  Equivalence partitioning - Grouping test data into logical groups or equivalence
classes with the assumpation that all the data items lying in the classes will have
same effect on the application.
 Boundary value analysis - Testing using the boundary values of the equivalence
classes taken as the test input.
 Decision tables - Testing using decision tables showing application's behaviour based
on different combination of input values.
 Cause-effect graph - Testing using graphical representation of input i.e. cause and
output i.e. effect is used for test designing.
 State transition testing - Testing based on state machine model.
 Use case testing - Testing carried out using use cases.

Ques.29. Explain equivalence class partitioning.

Ans. Equivalence class partitioning is a specification based black box testing techniques. In
equivalence class partitioning, set of input data that defines different test conditions are
partitioned into logically similar groups such that using even a single test data from the
group for testing can be considered as similar to using all the other data in that group. E.g.
for testing a Square program(program that prints the square of a number- the equivalence
classes can be-
Set of Negative numbers, whole numbers, decimal numbers, set of large numbers etc.

Ques.30. What is boundary value analysis?

Ans. Boundary value analysis is a software testing technique for designing test cases wherein
the boundary values of the classes of the equivalence class partitioning are taken as input to
the test cases e.g. if the test data lies in the range of 0-100, the boundary value analysis will
include test data - 0,1, 99, 100.

Ques.38. What are the different levels of the testing?

Ans. Testing can be performed at different levels during the development process.
Performing testing activities at multiple levels help in early identification of bugs. The
different levels of testing are -

1. Unit Testing
2. Integration Testing
3. System Testing
4. Acceptance Testing

Ques.41. What are the different types of integration testing?

Ans. The different type of integration testing are-

1. Big bang Integration Testing - In big bang integration testing, testing starts only after
all the modules are integrated.
2. Top-down Integration Testing - In top down integration, testing/integration starts
from top modules to lower level modules.
3. Bottom-up Integration Testing - In bottom up integration, testing starts from lower
level modules to higher level module up in the heirarchy.
4. Hybrid Integration Testing - Hybrid integration testing is the combination of both Top-
down and bottom up integration testing. In this approach, the integration starts from
middle layer and testing is carried out in both the direction

For details check Integration testing.

32
Ques.42. What is stub?
Ans. In case of top-down integration testing, many a times lower level modules are not
developed while beginning testing/integration with top level modules. In those cases Stubs
or dummy modules are used that simulate the working of modules by providing hardcoded or
expected output based on the input values.

Ques.43. What is driver?

Ans. In case of bottom-up integration testing, drivers are used to simulate the working of top
level modules in order to test the related modules lower in the heirarchy.

Ques.44. What is a test harness? Why do we need a test harness?

Ans. A test harness is a collection of test scripts and test data usually associated with unit
and integration testing. It involves stubs and drivers that are required for testing software
modules and integrated components.

Ques.45. What is system testing?

Ans. System testing is the level of testing where the complete software is tested as a whole.
The conformance of the application with its business requirements is checked in system
testing.

Ques.46. What is acceptance testing?

Ans. Acceptance testing is a testing performed by the potential end user or customers to
check if the software conforms to the business requirements and can be accepted for use.

Ques.47. What is alpha testing?

Ans. Alpha testing is a type of acceptance testing that is performed end users at the
developer site.

Ques.48. What is beta testing?

Ans. Beta testing is the testing done by end users at end user's site. It allows users to
provide direct input about the software to the development company.

Ques.49. What is adhoc testing?

Ans. Adhoc testing is an unstructured way of testing that is performed without any formal
documentation or proper planning.

Ques.50. What is monkey testing?

Ans. Monkey testing is a type of testing that is performed randomly without any predefined
test cases or test inputs.

Ques.51. How is monkey testing different from adhoc testing?

Ans. In case of adhoc testing although there are no predefined or documented test cases still

33
testers have the understanding of the application. While in case of monkey testing testers
doesn't have any understanding of the application.

Ques.52. What is exploratory testing?

Ans. Exploratory testing is a type of testing in which new test cases are added and updated
while exploring the system or executing test cases. Unlike scripted testing, test design and
execution goes parallely in exploratory testing.

Ques.53. What is performance testing?

Ans. Performance testing is a type of non-functional testing in which the performance of the
system is evaluated under expected or higher load. The various performance parameters
evaluated during performance testing are - response time, reliability, resource usage,
scalabilty etc.

Ques.54. What is load testing?

Ans. Load testing is a type of performance testing which aims at finding application's
performance under expected workload. During load testing we evaluate the response time,
throughput, error rate etc parameters of the application.

Ques.55. What is stress testing?

Ans. Stress testing is a type of performance testing in which application's behaviour is
monitored under higher workload then expected. Stress testing is done to find memory leaks
and robustness of the application.

Ques.56. What is volume testing?

Ans. Volume testing is a type of performance testing in which the performance of application
is evaluated with large amount of data. It checks the scalability of the application and helps
in identification of bottleneck with high volume of data.

Ques.57. What is endurance testing or Soak testing?

Ans. Endurance testing is a type of performance testing which aims at finding issues like
memory leaks when an application is subjected to load test for a long period of time.

Ques.58. What is spike testing?

Ans. Spike testing is a type of performance testing in which the application's performance is
measured while suddenly increasing the number of active users during the load test.

Ques.59. What is usability testing?

Ans. Usability testing is the type of testing that aims at determining the ease of using the
application. It aims at uncovering the usability defects in the application.

Ques.60. What is Accessibility testing?

Ans. Accessibility is the type of testing which aims at determining the ease of use or
operation of the application specifically for people with disabilities.

34
Ques.96. Explain Agile methodology?
Ans. Agile methodology of software development is based on interative and incremental
approach. In this model, the application is broken down into smaller build on which different
cross functional team work together providing rapid delivery along with adapting to changing
needs at the same time.

Ques.97. What is scrum?

Ans. A scrum is a process for implementing Agile methodology. In scrum, time is divided into
sprints and on completion of sprints, a deliverable is shipped.

Ques.98. What are the different roles in scrum?

Ans. The different roles in scrum are -

1. Product Owner - The product owner owns the whole development of the product,
assign tasks to the team and act as an interface between the scrum
team(development team) and the stakeholders.
2. Scrum Master - The scrum master monitors that scrum rules get followed in the team
and conducts scrum meeting.
3. Scrum Team - A scrum team participate in the scrum meetings and perform the tasks
assigned.

Ques.99. What is a scrum meeting?

Ans. A scrum meeting is daily meeting in scrum process. This meeting is conducted by scrum
master and update of previous day's work along with next day's task and context is defined
in this meeting.

Ques.100. Explain TDD (Test Driven Development).

Ans. Test Driven Development is a software development methodology in which the
development of the software is driven by test cases created for the functionality to be
implemented. In TDD, first the test cases are created and then code to pass the tests is
written. Later the code is refactored as per the standards.

2.1.1.1 Q1). Explain the procedure for manual testing.

 Planning and Control

 Analysis and Design

 Implementation and Execution

 Evaluating exit criteria and Reporting

 Test Closure activities

2.1.1.2 Q3). Explain the tasks of test closure activities.

Test closure activities are endowed with the following major tasks:

35
 To see which strategic deliverable are really delivered and to safeguard that all incident

reports have been successfully resolved.

 To confirm and document the test ware such as writings, testing environments, etc. for

future reuse.

 To deliver the test ware to the maintenance team. They will give sustenance to the

software.

 To assess how the testing actually went and acquire lessons for upcoming releases and

ventures.
1. What is testing life cycle?
Answer: In general, software testing life cycle is a collection of various steps executed
to ensure that the final product can be of the acceptable quality. The general steps in
STLC include test planning, test analysis, test design, verification and validation and
testing after implementation of the final product. It's important to note that the exact
steps will vary from organisation to organisation because it's mostly defined by the
policies of the organisation related to quality assurance.

3. Explain SDLC and your involvement?

Answer: SDLC is an abbreviation of software development life cycle which is basically
the steps through which any software product goes through. It starts with
'requirements gathering' phase, analysis of requirements, design of the system,
implementation, testing and maintenance. Though 'testing' is listed as a separate
stage in the SDLC, it's important to note that testing is a continuous process that
begins at the time of first phase i.e. during requirements gathering and continues
until and after the system is deployed.

4. Tell us the process you follow in your organization?

Answer: This is a tricky question. You'll have to be fully aware of the various
processes that are followed in your organisation to carry out the testing activities. If
you're asked this question, you'll have to ask the interviewers (or tell them on your
own) about the specific task for which the processes were followed in your
organisation. For example, your organisation may have a process for the development
of the test plan or test cases documents. You'll have to inform them the same.

5. What is boundary value analysis?

Answer: Boundary value analysis is what the name suggests - analysis at the
boundary conditions. Let's say the username field in your application requires the
username not to exceed 10 characters. In such a case, the boundary value analysis

36
will be to test the field for usernames with 9 characters and 11 characters. If the test
passes, then you can be reasonably sure that there is no bug.

6. Explain Equivalent Partitioning?

Answer: Though the words look like it's kind of a rocket science, in reality it's just a
technique used to reduce the number of test cases. Basically, you partition the data
into sets of valid and invalid inputs. I found an excellent video that explains the
concept in simple language -

7. What is bug life cycle?

Answer: Bug Life Cycle, again is the various stages through which it goes after it's
discovered. So once the Quality Assurance Engineer discovers the bug, it's marked as
"New", then the concerned authority will assign it to the developer where the status
of the bug changes to 'Assigned', once the bug is assigned it's either 'fixed' or
'rejected'. In both the cases, the QAE will verify the bug and mark it as 'reopen' (if
not fixed properly) or 'closed' if it no longer exists.

37
Image Source: Bugzilla.

8. How to use QC?

Answer: QC is a short of Quality Center, a software testing related tool owned by HP.
If you've used this tool, you'll know how to answer.

9. What is severity and priority, explain the difference?

Answer: Severity is basically an indicator of 'how big is the impact of the discovered
bug/issue' on the software and 'priority' is how urgent it is to address (fix) it. A very
good example of this would be failure at the login window with valid username and
password. This type of bug is not only severe but also should be fixed on high priority.

10. When do you stop testing? ( I mean when do you say, testing is done?)
Answer: Software testing never stops and in fact, should be done as a continuous
process throughout the life of the software. However it's not practical. In reality, the

38
software testing stops when the software meets the defined quality criteria.

11. What do you write in a test plan?

Answer: A test plan is a strategy document that details the various approaches, steps
and procedures the software testing team will follow to ensure the product meets
desired quality. A comprehensive test plan will include (but not limited to) who will
test what, the resources team will use, risk strategy etc. along with a well defined
scheduled. You may refer to various test plan templates available on the Internet for
the details.

12. What is test strategy?

Answer: Test strategy is again a 'method' that needs to be followed to carry out
testing activity. It will clearly define team member's individual roles and
responsibilities, use of testing tools, deadlines to be followed, what needs to be
tested, the software testing environment required and schedule that the team needs
to stick to.

13. What is risk analysis?

Answer: Risk analysis is, in simpler words, the analysis of things that may go wrong
and coming up with preventive measures. For example, an important team member
falling sick just before the delivery would pose a bigger risk to the delivery. One
possible way to mitigate this risk would be to prepare team members to handle each
other's responsibilities so that the missing team member's work can be shared.

14. If you have ‘n’ requirements and you have less time how do you prioritize the
requirements?
Answer: In such a scenario, the most critical requirements need to be finalised with
discussion from the client. In testing, requirements aren't really 'finalised' by the
testing team.

15. What all types of testing you could perform on a web based application?
Answer: A typical web based application may undergo - Functionality, Usability,
Compatibility, Performance (load testing, stress testing), Security testing.

16. What is smoke testing and what is sanity?

Answer: What would happen if you turn on a newly brought TV and you get smoke
coming out of it? Smoke testing is basically to ensure that the basic functionality of
the product (in TV's case, it should be displaying video when turned on) works fine.
So you'll identify the most basic test cases you need to execute and perform them.

39
 Sanity testing is similar - which ensures that the system or product functions without
any logical errors. If you are testing a calculator app; you may multiply a number by
9 and check whether the sum of the digits of the answer is divisible by 9.

17. How do you find the regression scenarios if a defect is fixed?

Answer: Regression scenarios would be run on all the test cases that failed during
manual testing because of the bug in software. Checking history of the bug may help
identifying the regression scenarios.

18. What is the difference between bug, defect and a error?

Answer: There's actually no difference between 'bug' and 'defect'. It's basically an
unexpected behaviour of the software. 'Error' too would fall in the same category; but
many times errors are well defined. For example - 404 error in HTML pages.

2. What are Quality Assurance and Quality Control?

Quality Assurance: Quality Assurance involves in process-oriented activities. It ensures the

prevention of defects in the process used to make Software Application. So the defects don’t
arise when the Software Application is being developed.

Quality Control: Quality Control involves in product-oriented activities. It executes the

program or code to identify the defects in the Software Application.

26. What is Top-Down Approach?

Testing takes place from top to bottom. High-level modules are tested first and then low-
level modules and finally integrating the low-level modules to a high level to ensure the
system is working as intended. Stubs are used as a temporary module if a module is not
ready for integration testing.

27. What is Bottom-Up Approach?

It is a reciprocate of the Top-Down Approach. Testing takes place from bottom to up. Lowest
level modules are tested first and then high-level modules and finally integrating the high-
level modules to a low level to ensure the system is working as intended. Drivers are used
as a temporary module for integration testing.

28. What is End-To-End Testing?

Refer System Testing.

29. What is Functional Testing?

In simple words, what the system actually does is functional testing. To verify that each
function of the software application behaves as specified in the requirement document.
Testing all the functionalities by providing appropriate input to verify whether the actual

40
output is matching the expected output or not. It falls within the scope of black box testing
and the testers need not concern about the source code of the application.

30. What is Non-Functional Testing?

In simple words, how well the system performs is non-functionality testing. Non-functional
testing refers to various aspects of the software such as performance, load, stress,
scalability, security, compatibility etc., Main focus is to improve the user experience on how
fast the system responds to a request.

31. What is Acceptance Testing?

It is also known as pre-production testing. This is done by the end users along with the
testers to validate the functionality of the application. After successful acceptance
testing. Formal testing conducted to determine whether an application is developed as per
the requirement. It allows the customer to accept or reject the application. Types of
acceptance testing are Alpha, Beta & Gamma.

32. What is Alpha Testing?

Alpha testing is done by the in-house developers (who developed the software) and testers.
Sometimes alpha testing is done by the client or outsourcing team with the presence of
developers or testers.

33. What is Beta Testing?

Beta testing is done by a limited number of end users before delivery. Usually, it is done in
the client place.

34. What is Gamma Testing?

Gamma testing is done when the software is ready for release with specified requirements. It
is done at the client place. It is done directly by skipping all the in-house testing activities.

35. What is Smoke Testing?

Smoke Testing is done to make sure if the build we received from the development team is
testable or not. It is also called as “Day 0” check. It is done at the “build level”. It helps not
to waste the testing time to simply testing the whole application when the key features don’t
work or the key bugs have not been fixed yet.

36. What is Sanity Testing?

Sanity Testing is done during the release phase to check for the main functionalities of the
application without going deeper. It is also called as a subset of Regression testing. It is done
at the “release level”. At times due to release time constraints rigorous regression testing
can’t be done to the build, sanity testing does that part by checking main functionalities.

37. What is Retesting?

41
To ensure that the defects which were found and posted in the earlier build were fixed or not
in the current build. Say, Build 1.0 was released. Test team found some defects (Defect Id
1.0.1, 1.0.2) and posted. Build 1.1 was released, now testing the defects 1.0.1 and 1.0.2 in
this build is retesting.

38. What is Regression Testing?

Repeated testing of an already tested program, after modification, to discover any defects
introduced or uncovered as a result of the changes in the software being tested or in another
related or unrelated software components.

Usually, we do regression testing in the following cases:

1. New functionalities are added to the application

2. Change Requirement (In organizations, we call it as CR)
3. Defect Fixing
4. Performance Issue Fix
5. Environment change (E.g., Updating the DB from MySQL to Oracle)

39. What is GUI Testing?

Graphical User Interface Testing is to test the interface between the application and the end
user.

40. What is Recovery Testing?

Recovery testing is performed in order to determine how quickly the system can recover
after the system crash or hardware failure. It comes under the type of non-functional testing.

44. What is Installation Testing?

It is to check whether the application is successfully installed and it is working as expected
after installation.

46. What is Risk Based Testing?

Identify the modules or functionalities which are most likely cause failures and then testing
those functionalities.

47. What is Compatibility Testing?

It is to deploy and check whether the application is working as expected in a different
combination of environmental components.

48. What is Exploratory Testing?

Usually, this process will be carried out by domain experts. They perform testing just by
exploring the functionalities of the application without having the knowledge of the
requirements.

49. What is Monkey Testing?

42
Perform abnormal action on the application deliberately in order to verify the stability of the
application.

50. What is Usability Testing?

To verify whether the application is user-friendly or not and was comfortably used by an end
user or not. The main focus in this testing is to check whether the end user can understand
and operate the application easily or not. An application should be self-exploratory and must
not require training to operate it.

51. What is Security Testing?

Security testing is a process to determine whether the system protects data and maintains
functionality as intended.

53. What is Performance Testing?

This type of testing determines or validates the speed, scalability, and/or stability
characteristics of the system or application under test. Performance is concerned with
achieving response times, throughput, and resource-utilization levels that meet the
performance objectives for the project or product.

54. What is Load Testing?

It is to verify that the system/application can handle the expected number of transactions
and to verify the system/application behavior under both normal and peak load conditions.

55. What is Volume Testing?

It is to verify that the system/application can handle a large amount of data

56. What is Stress Testing?

It is to verify the behavior of the system once the load increases more than its design
expectations.

57. What is Scalability Testing?

Scalability testing is a type of non-functional testing. It is to determine how the application

under test scales with increasing workload.

60. What is Adhoc Testing?

Ad-hoc testing is quite opposite to the formal testing. It is an informal testing type. In Adhoc
testing, testers randomly test the application without following any documents and test
design techniques. This testing is primarily performed if the knowledge of testers in the
application under test is very high. Testers randomly test the application without any test
cases or any business requirement document.

43
61. What is Interface Testing?

Interface testing is performed to evaluate whether two intended modules pass data and
communicate correctly to one another.

62. What is Reliability Testing?

Perform testing on the application continuously for long period of time in order to verify the
stability of the application

63. What is Bucket Testing?

Bucket testing is a method to compare two versions of an application against each other to
determine which one performs better.

67. What is Exhaustive Testing?

Testing all the functionalities using all valid and invalid inputs and preconditions is known as
Exhaustive testing.

68. What is Early Testing?

Defects detected in early phases of SDLC are less expensive to fix. So conducting early
testing reduces the cost of fixing defects.

69. What is Defect clustering?

Defect clustering in software testing means that a small module or functionality contains
most of the bugs or it has the most operational failures.

71. What is Walk Through?

A walkthrough is an informal meeting conducts to learn, gain understanding, and find

defects. The author leads the meeting and clarifies the queries raised by the peers in the
meeting.

72. What is Inspection?

Inspection is a formal meeting lead by a trained moderator, certainly not by the author. The
document under inspection is prepared and checked thoroughly by the reviewers before the
meeting. In the inspection meeting, the defects found are logged and shared with the author
for appropriate actions. Post inspection, a formal follow-up process is used to ensure a timely
and corrective action.

Test strategy is a high level document which defines the approach for software testing. It is
basically derived from the Business Requirement document. Test strategy is developed by
project manager or business analyst. It is kind of static document which sets the standards
for testing so not updated often.

Test plan is derived from SRS (Software Requirement Specification) which is prepared by test
lead or manager. The main goal of test plan is to include all the details related to testing

44
such as what to test, when to test, how to test and who will be the tester. Test plan is often
not updated but if there is some new feature or change is introduced then it has to be
updated accordingly.

Now, let’s make a list of points which are included in both respectively.

3 Test strategy contains:

1. Scope and objective: The objective of the business and how much testing scope is
there is defined under test strategy.
2. Business Issues: How much is the budget of the project, how much time is required
for testing, how much resources are needed etc. are the part of business issues which
needs to be considered before the actual testing starts.
3. Testing approach: What type of testing is needed (performance, load, stress,
functional etc.) and whether the testing is only manual or automation or both are
some of the crucial points which defines the testing approach.
4. Test deliverables: What are the documents required from the testing team, how they
would keep the record of the testing cycles etc. will be included here.
5. Defect tracking approach: Which tool will be used for tracking the defects and how
will the testing team communicate with the development team and how the flow
would go for defects are decided at this point in test strategy.
6. Training: If there is some complex or new tool is introduced in the business then it is
helpful if the team members are given proper training. What type of training and the
responsible person to conduct such training is defined here.
7. Automation: If the project or business needs automation testing then the script
language, tool used, reporting and code maintained is planned in test strategy.
8. Risks: Nobody can anticipate all the risks beforehand but obvious risks can be
avoided and also solution (if risk occur) can be included in the document for future
help.

4 Test plan contains:

1. Test plan ID: This is a unique ID which defines the test plan. It can be a number or
name or mix of both, as per the convenience.
2. Test environment: This section defines what kind of environment is needed for the
testing to carry out. For e.g. in device testing, usually a virtual set up is made to test
emergency calling.
3. Features to be tested/Not tested: This will have all the details about the features which
tester needs to test and what are the feature which are not tested (may be because it
is not yet implemented or not tested for that particular release).
4. Entry/Exit criteria: These are the terms which define when to start or stop the
testing. Standards will be defined under test strategy and followed by testers in test
plan.
5. Status: Whether a test case is passed or failed or not tested, all these test results are
included in test plan with a proper reason.
6. Types of testing: The types of testing required such as regression, functional, non-
functional, stress etc. are defined and then executed by the respective tester.
7. Brief Intro: Brief introduction is also included sometimes so that if any new member
joins the team, he should get an idea how things work.

Basically, test plan is test strategy and test logistics (tools used, environment set up etc.).
Strategy defines what approach should be there for testing and plan has all the details how

45
those approach will be executed in a proper planned way. They both go hand in hand. Test
plan will have all the names of the testers who tested a particular script and also it maintains
cycle numbers so that if some feature fails in this cycle, previous cycle can be referred to see
if that particular feature was passed or failed, in this way it is easy to get the root of the
issue and hence becomes easy to resolve it.

As mentioned above. Test strategy should not be modified very often because it sets some
standards for test plan and if standards are modified frequently then it becomes difficult to
stick to a particular plan and changing plan frequently will affect the quality of the testing.
Sometimes when small requirements are changed, we only need to update the test plan but
test strategy remains the same.

Feel free to discuss your differences on Test Plan and Test Strategy in comments below.
Sharing your own testing experience, tips or testing secrets in comments below will definitely
make this article more interesting and helpful!!

4.1.1 What is Software Test Estimation?

Test Estimation is a management activity which approximates how long a Task would take
to complete. Estimating effort for the test is one of the major and important tasks in Test
Management.

4.2 Why Test Estimation?

Two questions you can expect from your clients when discussing potential test engagements
are

 How long will testing take place ?

 How much it will cost ?

4.3 What to Estimate?

 Resources: Resources are required to carry out any project tasks. They can be
people, equipment, facilities, funding, or anything else capable of definition required
for the completion of a project activity.
 Times : Time is the most valuable resource in a project. Every project has a deadline
to delivery.
 Human Skills : Human skills mean the knowledge and the experience of the Team
members. They affect to your estimation. For example, a team, whose members have
low testing skills, will take more time to finish the project than the one which has high
testing skills.
 Cost: Cost is the project budget. Generally speaking, it means how much money it
takes to finish the project.

46
4.4 How to estimate?

List of Software Test Estimation Techniques

 Work Breakdown Structure

 3-Point Software Testing Estimation Technique
 Wideband Delphi technique
 Function Point/Testing Point Analysis
 Use – Case Point Method
 Percentage distribution
 Ad-hoc method

Following is the 4 Step process to arrive at an estimate

You will learn how to combine these techniques to find the estimate for Guru99 Bank case
study.

47
4.4.1

4.4.2 Step1) Divide the whole project task into subtasks

Task is a piece of work that has been given to someone. To do this, you can use the Work
Breakdown Structure technique.
In this technique, a complex project is divided into modules. The modules are divided into
sub-modules. Each sub-module is further divided into functionality. It means divide the
whole project task into the smallest tasks.

Use the Work Break Down structure to break out the Guru99 Bank project into 5 smaller
tasks-

After that, you can break out each task to the subtask. The purpose of this activity is create
task as detailed as possible.

Task Sub task

Investigate the soft requirement specs

48
 Analyze software requirement Interview with the developer & other stakeholders to know more abou
specification the website

Create the Test Specification Design test scenarios

Create test cases

Review and revise test cases

Execute the test cases Build up the test environment

Execute the test cases

Review test execution results

Report the defects

Create the Defect reports

Report the defects

4.4.3 Step 2) Allocate each task to team member

In this step, each task is assigned to the appropriate member in the project team. You can
assigned task as follows

Task Members

Analyze software requirement All the members

specification

Create the test specification Tester/Test Analyst

Build up the test environment Test Administrator

49
 Execute the test cases Tester, Test Administrator

Report defects Tester

4.4.4 Step 3) Effort Estimation For Tasks

There are 2 techniques which you can apply to estimate the effort for tasks

1. Functional Point Method

2. Three Point Estimation

4.4.5 Method 1) Function Point Method

In this method, the Test Manager estimates Size, Duration, and Cost for the tasks

Step A) Estimate size for the task

In Step 1, you already have broken the whole project task into small task by using WBS
method. Now you estimate the size of those tasks. Let’s practice with a particular task
“Create the test specification”
The size of this task depends on the functional size of the system under test. The functional
size reflects the amount of functionality that is relevant to the user. The more number of
functionality, the more complex system is.
Prior to start actual estimating tasks effort, functional points are divided into three groups
like Complex, Medium Simple as following:

50
Based on the complex of software functions, the Test Manger has to give
enough weightage to each functional point. For example

Group Weightage

Complex 5

Medium 3

Simple 1

Let’s take a simple example exercise to get clearer:

Take a look the software specification of website Guru99 Bank over here, the software
engineer have already described the software modules in detail, can you determine
the complexity of website’s features by giving the weightage for each modules?
More complex the function point, more is the effort to test it is. The website is divided
into 12 function points, you can determine the complexity of each function points as
follows-

No. Module ApplicableRoles Description Weighta

Name

1. Balance Manager Customer:A customer can have multiple bank 3

Enquiry Customer accounts. He can view balance of his accounts
only
Manager: A manager can view balance of all
the customers who come under his supervision

51
2. Fund Transfer Manager Customer:A customer can have transfer funds 5
Customer from his “own” account to any destination
account.
Manager: A manager can transfer funds from
any source bank account to destination
account

3. Mini Manager A Mini statement will show last 5 transactions 3

Statement Customer of an account
Customer:A customer can see mini-statement
of only his “own” accounts
Manager: A manager can see mini-statement
of any account

4. Customized Manager A customized statement allows you to filter 5

Statement Customer and display transactions in an account based
on date, transaction value
Customer:A customer can see Customized-
statement of only his “own” accounts
Manager: A manager can see Customized -
statement of any account

5. Change Manager Customer:A customer can change password 1

Password Customer of only his account.
Manager: A manager can change password of
only his account. He cannot change passwords
of his customers

6. New Customer Manager Manager: A manager can add a new 3

customer.
Manager: A manager can edit details like
address, email, telephone of a customer.

7. New Account Manager Currently system provides 2 types of accounts 5

 Saving
 Current

A customer can have multiple saving accounts

(one in his name, other in a joint name etc).
He can have multiple current accounts for
different companies he owns.

52
 Or he can have a multiple current and saving
accounts.
Manager: A manager can add a new account
for an existing customer.

8. Edit Account Manager Manager: A manager can add an edit account 1

details for an existing account

9. Delete Account Manager Manager: A manager can add a delete an 1

account for a customer.

10. Delete Manager A customer can be deleted only if he/she 1

Customer has no active current or saving accounts
Manager: A manager can delete a customer.

11. Deposit Manager Manager: A manager can deposit money into 3

any account. Usually done when cash is
deposited at a bank branch.

12. Withdrawal Manager Manager: A manager can withdraw money 3

from any account. Usually done when cash is
withdrawn at a bank branch.
STEP B) Estimate duration for the task
After classifying the complexity of the function points, you have to estimate
the duration to test them. Duration means how much time needs to finish the task.

 Total Effort: The effort to completely test all the functions of the website
 Total Function Points: Total modules of the website
 Estimate defined per Function Points: The average effort to complete one
function points. This value depends on the productivity of the member who will take
in charge this task.

Suppose your project team has estimated defined per Function Points of 5 hours/points.
You can estimate the total effort to test all the features of website Guru99 Bank as follows:

Weightage # of Function Points Total

Complex 5 3 15

Medium 3 5 15

53
 Simple 1 4 4

Function Total Points 34

Estimate define per point 5

Total Estimated Effort (Person Hours) 170

So the total effort to complete the task “Create the test specification” of Guru99 Bank is
around 170 man-hours
Once you understand the effort that is required, you can assign resources to determine how
long the task will take (duration), and then you can estimate labor and non-labor costs.
Above example also shows the importance of the member in your team. If you
have talented and experienced members, you can finish the assigned task in
the small time, and your project will finish at the deadline or sooner.
STEP C) Estimate the cost for the tasks
This step helps you to answer the last question of customer “How much does it cost?”
Suppose, on average your team salary is $5 per hour. The time required for “Create Test
Specs” task is 170 hours. Accordingly, the cost for the task is 5*170= $850. Now you can
calculate budget for other activities in WBS and arrive at overall budget for the project.
As a project manager, you have to decide how to get the most return for your company’s
investment. The more accurate your estimate of project cost is, the better able you will be
to manage your project’s budget.

4.4.6 METHOD 2) Three Point Estimation

Three-Point estimation is one of the techniques that could be used to estimate a task. The
simplicity of the Three-point estimation makes it a very useful tool for a Project Manager that
who wants to estimate.
In three-point estimation, three values are produced initially for every task based on prior
experience or best-guesses as follows

54
When estimating a task, the Test Manager needs to provide three values, as specified above.
The three values identified, estimate what happens in an optimal state, what is the most
likely, or what we think it would be the worst case scenario.
Let’s see how to use the above three values in the following example
For the task “Create the test specification”, can you estimate the test effort? Remember
that you have to cover all the modules of the Guru99 Bank website as done in Function
Point Method
You can estimate as following

 The best case to complete this task is 120 man-hours (around 15 days). In this
case, you have a talented team, they can finish the task in smallest time.
 The most likely case to complete this task is 170 man-hours (around 21 days). This
is a normal case, you have enough resource and ability to complete the task
 The worst case to complete this task is 200 man-hours (around 25 days). You need
to perform much more work because your team members are not experienced.

Now, assign the value to each parameter as below

The effort to complete the task can be calculated using double-triangular

distribution formula as follows-

In the above formula, parameter E is known as Weighted Average. It is the estimation

of the task “Create the test specification”.
But your boss may ask you

In the above estimation, you just determine a possible and not a certain value, we must
know about the probability that the estimation is correct. You can use the other formula:

55
In above formula, the SD mean Standard Deviation, this value could give you the information
about the probability that the estimation is correct.
Now you can conclude the estimation for the task “Create the test specification”
To complete the task “Create the test specification” of Guru99 Bank website, you need 166.6
± 13.33 Man-hour (153.33 to 179.99 man-hour)

4.4.7 Step 4) Validate the estimation

Once you create an aggregate estimate for all the tasks mentioned in the WBS, you need to
forward it to the management board, who will review and approve it.

The member of management board could comprise of the CEO, Project Manager & other
stakeholders.
The management board will review and discuss your estimation plan with you. You may
explain them your estimation logically and reasonably so that they can approve your
estimation plan.

Manifesto for Agile Software Development

Individuals and interactions over processes and tools

Working software over comprehensive documentation
Customer collaboration over contract negotiation
Responding to change over following a plan

The following principles are based on the Agile Manifesto.

1 Our highest priority is to satisfy the customer through early and continuous delivery of
valuable software.

2 Welcome changing requirements, even late in development. Agile processes harness

change for the customer's competitive advantage.

3 Deliver working software frequently, from a couple of weeks to a couple of months, with a
preference to the shorter timescale.

4 Business people and developers must work together daily throughout the project.

5 Build projects around motivated individuals. Give them the environment and support they
need, and trust them to get the job done.

6 The most efficient and effective method of conveying information to and within a
development team is face-to-face conversation.

7 Working software is the primary measure of progress.

8 Agile processes promote sustainable development. The sponsors, developers, and users
should be able to maintain a constant pace indefinitely.

9 Continuous attention to technical excellence and good design enhances agility.

10 Simplicity--the art of maximizing the amount of work not done--is essential.

11 The best architectures, requirements, and designs emerge from self-organizing teams.

56
12 At regular intervals, the team reflects on how to become more effective, then tunes and
adjusts its behavior accordingly.

57