QUESTION 1

A Functional Specification document states: 2.2.2 USER LOGIN PAGE The web-application will be accessed using a login page. Fields will be provided for a user to enter username and password credentials. A login button will be used to validate the login data entered by users. Successful validation will grant the user access to the webapplication. Here is a mock-up of the screen.

a. Write the manual test scripts necessary to test the functionality described. Please include test procedure and expected result in your answer format. [10] b. List any questions you have or assumptions you have made as a tester. [5]

2009 www.The-Software-Tester.com

SPECIMEN ANSWER a) Manual Test Scripts

Test Name Test Steps Expected Result

Good Login with ACME Market Data

1) 2) Password text should be masked 3) 4) Application message tells user they have successfully logged in with ACME market data privileges Good Login 1) with no 2) Password text should be masked ACME 3) Market Data 4) Application message tells user they have successfully logged in but have no ACME market data privileges No 1) Enter valid password in 1) Password text should be masked Username password field 2) 2) Tick the bottom checkbox 3) Application displays message to 3) Click Login button user that no username was entered need to retry. No 1) Enter valid username in 1) Password text should be masked password username field 2) 2) Tick the bottom checkbox 3) Application displays message to 3) Click Login button user that no password was entered need to retry. Invalid entry 1) Enter <script = vbscript> in 1) in Username the username field 2) Password text should be masked field 2) Enter valid password 3) 3) Tick the top checkbox 4) Application should detect 4) Click Login button potential malicious input in username field and display warning message to user and try again. Invalid entry 1) Enter valid username in 1) in Password username field 2) Password text should be masked field 2) Enter OR 1 = 1 in password 3) field 4) Application should detect 3) Tick the bottom checkbox potential malicious input in password 4) Click Login button field and display warning message to user and try again. Click 1) Do not enter any data into 1) Contact any field 2) Email window should open with Button 2) Click Contact button email address populated with contact@fsl.com, subject line = Contact Request Keyboard 1) Repeat Test Good Login 1) It should be possible to login Operation with ACME Market Data but successfully using only the keyboard
2009 www.The-Software-Tester.com

1) Enter valid username in username field 2) Enter valid password in password field 3) Tick the top checkbox 4) Click Login button 1) Enter valid username in username field 2) Enter valid password in password field 3) Tick the bottom checkbox 4) Click Login button

Test Name

Test Steps

Expected Result

Tooltips

only use the keyboard to navigate to and use all form controls 1) Hover mouse over username field 2) Hover mouse over password field 3) Hover mouse over top checkbox 4) Hover mouse over bottom checkbox 1) Repeat Test Good Login with ACME Market Data but at step 3 check BOTH checkboxes.

to drive the applications GUI. 1) Tooltip text displays Enter username 2) Tooltip text displays Enter password 3) Tooltip text displays Tick if you are licensed for ACME market data 4) Tooltip text displays Tick if you are NOT licensed for ACME market data 1) The application should not log the user in. A message is displayed stating to try again with only one checkbox ticked.

Both checkboxes ticked

b) Questions and Assumptions

What is the Contact button supposed to do? Why are both buttons so far to the bottomright of the screen? Would be better to locate next to input fields. Why do fields have no labels? Would be good UI practice to do this. Should not have checkbox controls where a single choice is required radio buttons should be used better UI. Why does the user have to tell the application they have ACME market data privileges? This is weakness in the design. Better to lookup clients licensing credentials from a secure database as part of the login validation and role profiling. Have made an assumption that an email window opens when the user clicks the Contact button.

2009 www.The-Software-Tester.com

QUESTION 2
a. Describe any software development lifecycle. Include any diagrammatic representations if necessary. [6] b. Name two disadvantages and two advantages from a testing perspective of this model. [4]

2009 www.The-Software-Tester.com

SPECIMEN ANSWER a) Description

The V-Model is a commonly used lifecycle development model which emphasises testing as a key part of the development process. Development and test design activities are placed on the left stalk of the vee and verification activities are placed on the right stalk of the vee. Actual coding takes place at the vertex of the vee.

b) Advantages and Disadvantages

Advantages: (i) test planning starts at the beginning of the specification of requirements, (ii) traceability to requirements is emphasised, (iii) splits SDLC into distinct development and test activities, (iv) the model links between each test phase and its development phase. Disadvantages: (i) wrong requirements may still not be detected until the end, (ii) customer only involved at beginning and end.

2009 www.The-Software-Tester.com

QUESTION 3
a. Name any three standards relevant to software testing. [3] b. When would it be appropriate to use these standards? [3]

2009 www.The-Software-Tester.com

SPECIMEN ANSWER a) Relevant Standards:

BS 7925, IEEE 829 and ISO 9126.

b) When to use:
BS 7925 Pt.2 for use in planning and designing of Software Component Testing (not integration, UAT, non-functional., etc.) IEEE 829 Test preparation: Test Plan: Plan how the testing will proceed. Test Design Specification: Decide what needs to be tested. Test Case Specification: Create the tests to be run. Test Procedure: Describe how the tests are run. Test Item Transmittal Report: Specify the items released for testing. Test running: Test Log: Record the details of tests in time order. Test Incident Report: Record details of events that need to be investigated. Test completion: Test Summary Report: Summarise and evaluate tests. ISO 9126 Software Quality Characteristics & Definition when planning software metrics as part of improving quality in the underlying SDLC

2009 www.The-Software-Tester.com

QUESTION 4
Name two dynamic and two static test techniques. [4]

2009 www.The-Software-Tester.com

SPECIMEN ANSWER
Dynamic: Boundary Value Analysis Equivalence partitioning Functional test Static: Syntax checking Compiling Peer review

2009 www.The-Software-Tester.com

QUESTION 5
The following issue was extracted by a test manager from a defect management system during the functional test phase of a new web application. List the problems (or potential problems) plus any omissions you can see in this report. [10]

2009 www.The-Software-Tester.com

SPECIMEN ANSWER
Potential Problems/Omissions: No date as to when raised No keywords (E.G. screen name, module name, etc.) so that searches can be performed preventing duplication of fault logs No status of the log (opened/fixed/closed/cleared etc.) No owner of the log who is holding the ball now? Has priority but no severity (i.e. impact to the customer) No version number of the system being tested it is very likely that the testers are on a different version to development and that it was a fault but has been inadvertently fixed on this latest software Query the priority of this log (should it be a 3? What is a 3 scale of 1 to 5 or 1 to 10? Is 1 low or high priority?) No actual error message on the log this may give some clue to the developer about the nature of the fault. No log entries or debug traces provided. Response seems to be leading to a dialogue if we are not careful this fault will never be fixed! Tester should talk to the developer rather than sending another message via the fault log. The response by the developer points to another part of the system (security) this may be an indication of developers trying to quickly close the issue without performing sufficient investigation. It could however be because the tester has not spent enough time documenting the problem. The tone of language between test and development could be more polite and constructive.

2009 www.The-Software-Tester.com

QUESTION 6
A screen-grab from part of an application is shown below. The application collates student details for processing eligibility for cash hardship funds. Only students aged 16 and above are eligible. Those aged over 50 are entitled to extra top-up cash. State what age values would you use to ensure complete test coverage and the reason why for each value? [9]

2009 www.The-Software-Tester.com

SPECIMEN ANSWER
-1 0 15,16 35 50, 51 85 200 (negative numbers should be disallowed) (lower destructive test value) (lower boundary 15 not eligible, 16 is) (sample partition value) (upper boundary 50 not eligible for top-up, 51 is) (upper partition value) (upper destructive test value)

2009 www.The-Software-Tester.com