MPSeDC GET Program 3.0 2026 – Exam-Oriented Software Testing MCQ Questions
BEGINNER LEVEL
Q1: Which of the following is the FIRST level of software testing?
A. Integration Testing
B. System Testing
C. Unit Testing
D. Acceptance Testing
Correct Answer: C
Explanation: Unit Testing is the first and lowest level of software testing. It tests individual components or modules of a software in isolation. Developers typically write unit tests to verify that each function/method works correctly. The testing levels go: Unit → Integration → System → Acceptance.
Exam Trick: UISA: Uncle Insists Sitting Alone — Unit, Integration, System, Acceptance (bottom to top).
Q2: What does ‘V&V’ stand for in software quality assurance?
A. Validation & Verification
B. Version & Validation
C. Verification & Vulnerability
D. Version & Vulnerability
Correct Answer: A
Explanation: V&V stands for Verification and Validation. Verification asks: ‘Are we building the product right?’ (process-oriented). Validation asks: ‘Are we building the right product?’ (product-oriented). Both are core pillars of Software Quality Assurance.
Exam Trick: V&V = ‘Right process, Right product’. Ver = process; Val = product.
Q3: Which testing is performed without executing the code?
A. Black Box Testing
B. White Box Testing
C. Static Testing
D. Dynamic Testing
Correct Answer: C
Explanation: Static Testing is performed without executing the code. It includes reviews, walkthroughs, inspections, and static analysis. In contrast, Dynamic Testing involves actual execution of the code. Static testing can find defects earlier and is often cheaper to fix.
Exam Trick: Static = Stationary code (no running). Like reading a book before printing.
Q4: In software testing, what is a ‘Test Case’?
A. A document listing all bugs found
B. A set of conditions to verify software behavior
C. A process of finding errors
D. A report submitted after testing
Correct Answer: B
Explanation: A Test Case is a set of conditions or variables under which a tester determines whether the software is working as expected. It includes: Test Case ID, Description, Preconditions, Test Steps, Expected Result, Actual Result, and Pass/Fail status.
Exam Trick: Test Case = ‘Recipe’ for testing — input + steps + expected output.
Q5: Which of the following is NOT a software testing level?
A. Unit Testing
B. Integration Testing
C. Regression Testing
D. System Testing
Correct Answer: C
Explanation: Regression Testing is a TYPE of testing, not a LEVEL. The four standard testing LEVELS are: (1) Unit Testing, (2) Integration Testing, (3) System Testing, (4) Acceptance Testing. Regression testing can be performed at any level.
Exam Trick: Levels = UISA. Regression is a type that ‘regresses’ to re-check old features.
Q6: What is the difference between Quality Assurance (QA) and Quality Control (QC)?
A. QA is product-oriented; QC is process-oriented
B. QA is process-oriented; QC is product-oriented
C. QA and QC are the same thing
D. QA is done after development; QC is done before
Correct Answer: B
Explanation: QA (Quality Assurance) is PROCESS-oriented — it focuses on preventing defects by improving the development process. QC (Quality Control) is PRODUCT-oriented — it focuses on identifying defects in the finished product through testing. QA is proactive; QC is reactive.
Exam Trick: QA = Quality of Activities (process). QC = Quality of Code/product. ‘A’ for Activity, ‘C’ for Checking.
Q7: Which testing approach requires knowledge of the internal code structure?
A. Black Box Testing
B. Grey Box Testing
C. White Box Testing
D. Acceptance Testing
Correct Answer: C
Explanation: White Box Testing (also called Glass Box, Clear Box, or Structural Testing) requires knowledge of the internal code structure, logic, and design. The tester can see inside the ‘box’ (code). It is typically done by developers. Examples: Statement coverage, Branch coverage, Path coverage.
Exam Trick: White Box = Transparent/Glass box — you can SEE the code. Black Box = Opaque — you cannot.
Q8: Acceptance Testing is performed by ____.
A. Developers
B. Testers
C. End users / Clients
D. Database Administrators
Correct Answer: C
Explanation: Acceptance Testing (also called UAT – User Acceptance Testing) is performed by end users or clients to verify whether the software meets business requirements and is ready for deployment. It is the final level of testing before release.
Exam Trick: Acceptance = ‘Accept’ the product — only the CLIENT can accept or reject it.
Q9: What is ‘Alpha Testing’?
A. Testing done by developers in a production environment
B. Testing done by internal staff before releasing to external users
C. Testing done by customers after purchase
D. Testing done to check performance under load
Correct Answer: B
Explanation: Alpha Testing is performed by internal employees (developers, QA team) of the organization at the developer’s site before releasing to external users. It is the first phase of user acceptance testing. After alpha comes Beta Testing (by external users).
Exam Trick: Alpha (α) comes before Beta (β) in the Greek alphabet — same order in testing.
Q10: Which of the following best describes ‘Regression Testing’?
A. Testing a new feature for the first time
B. Re-testing to ensure bug fixes haven’t broken existing features
C. Testing the software against requirements
D. Testing the software under peak load
Correct Answer: B
Explanation: Regression Testing is performed after code changes (bug fixes, new features, or enhancements) to ensure that existing functionality still works correctly. It ‘regresses’ back to verify old features. It is crucial in Agile/CI-CD environments.
Exam Trick: Regression = Re-check the ‘gression’ (progress). Did the fix break anything old?
Q11: Which model associates testing phases with development phases in a V-shape?
A. Waterfall Model
B. Spiral Model
C. V-Model
D. Agile Model
Correct Answer: C
Explanation: The V-Model (Verification and Validation Model) associates each development phase with a corresponding testing phase. Left side: Requirements → System Design → Architecture Design → Module Design → Coding. Right side (testing): Unit Test → Integration Test → System Test → Acceptance Test.
Exam Trick: V-Model = V shape. Left leg = Development, Right leg = Testing. Bottom = Coding.
Q12: Smoke Testing is also known as ____.
A. Sanity Testing
B. Build Verification Testing
C. Regression Testing
D. Exploratory Testing
Correct Answer: B
Explanation: Smoke Testing is also called Build Verification Testing (BVT). It is a shallow, wide test to check if the basic functions of the software work. If the software ‘smokes’ (crashes on basic tests), the build is rejected. It’s done before detailed functional testing.
Exam Trick: Smoke Test = ‘Does the power on?’ test. BVT = Build Verification Testing. Like turning on a car before a road trip.
Q13: Which of the following is an example of Black Box Testing technique?
A. Statement Coverage
B. Branch Coverage
C. Equivalence Partitioning
D. Path Coverage
Correct Answer: C
Explanation: Equivalence Partitioning is a Black Box Testing technique that divides input data into equivalent classes so that if one test case in a partition passes, all others are assumed to pass. Other black box techniques: Boundary Value Analysis, Decision Table Testing. The coverage techniques (Statement, Branch, Path) are White Box techniques.
Exam Trick: Black Box techniques: EP, BVA, Decision Table, State Transition. White Box: Coverage metrics.
Q14: What is the primary goal of software testing?
A. To prove that software has no bugs
B. To find as many bugs as possible before release
C. To verify that software meets requirements and find defects
D. To write test cases only
Correct Answer: C
Explanation: The primary goal of software testing is to verify that the software meets specified requirements and to find defects before release. Testing cannot prove the ABSENCE of bugs (as Dijkstra said: ‘Testing can show the presence of bugs, not their absence’). It aims to minimize risk.
Exam Trick: Testing goal: Find bugs BEFORE users do. ‘Test to break, not to pass.’
Q15: Which type of testing checks if the software works correctly with other systems/modules?
A. Unit Testing
B. Integration Testing
C. System Testing
D. Performance Testing
Correct Answer: B
Explanation: Integration Testing verifies that different modules or components work together correctly. It tests interfaces and interaction between integrated components. Approaches: Big Bang, Top-Down, Bottom-Up, Sandwich (Hybrid). It follows Unit Testing and precedes System Testing.
Exam Trick: Integration = combining parts. Like testing if LEGO pieces fit together after making each piece individually.
Q16: What is ‘Beta Testing’?
A. Testing done by testers inside the company
B. Testing done by real users in the actual environment before final release
C. Testing done by developers after coding
D. Testing done to check database connections
Correct Answer: B
Explanation: Beta Testing is performed by real (external) users in their actual environment before the final public release. It is the second phase of User Acceptance Testing (after Alpha). Users report bugs and provide feedback. Example: Google releasing a ‘Beta version’ of Chrome.
Exam Trick: Beta comes after Alpha. Beta = ‘Better check with REAL users.’ External testing.
Q17: Which of the following is a STATIC testing technique?
A. Functional Testing
B. Code Review
C. Unit Testing
D. Regression Testing
Correct Answer: B
Explanation: Code Review is a Static Testing technique because it doesn’t involve executing the code. Other static testing techniques include: Walkthrough, Inspection, Technical Review, and Static Analysis tools. All dynamic testing techniques (Unit, Functional, Regression) involve code execution.
Exam Trick: STATIC = No execution. Reviews, Walkthroughs, Inspections = Static. Tests with ‘run’ = Dynamic.
Q18: System Testing is performed to test ____.
A. Individual modules only
B. Integration between two modules
C. The complete integrated system against requirements
D. User acceptance only
Correct Answer: C
Explanation: System Testing tests the COMPLETE integrated software system against the specified requirements. It is performed by the QA team in an environment similar to production. It covers functional, non-functional, and regression aspects at the system level.
Exam Trick: System Testing = Testing the WHOLE system. Like test-driving a complete car, not just engine.
Q19: What does ‘STLC’ stand for?
A. Software Testing Life Cycle
B. System Testing Level Check
C. Software Test Level Criteria
D. System Test Launch Control
Correct Answer: A
Explanation: STLC stands for Software Testing Life Cycle. It defines the phases of testing: 1) Requirement Analysis, 2) Test Planning, 3) Test Case Design, 4) Test Environment Setup, 5) Test Execution, 6) Test Cycle Closure. It is similar to SDLC but focused on testing activities.
Exam Trick: STLC = Software Testing Life Cycle. Parallel to SDLC but for QA team.
Q20: Which testing verifies that the software can handle the expected number of users?
A. Stress Testing
B. Load Testing
C. Volume Testing
D. Security Testing
Correct Answer: B
Explanation: Load Testing verifies that the software can handle the expected number of concurrent users or transactions under normal conditions. It establishes a performance baseline by simulating real-world expected usage. This differs from Stress Testing, which pushes the system beyond its expected load to find the breaking point.
Exam Trick: Load = Expected users (baseline check). Stress = Beyond the limit (breaking point check).
Q21: A ‘defect’ in software testing is also known as ____.
A. Feature
B. Bug / Fault
C. Test Case
D. Test Plan
Correct Answer: B
Explanation: A defect is commonly called a Bug or Fault. Terminology: ERROR (made by developer) → DEFECT/BUG (found in code) → FAILURE (observed when software runs). A ‘bug’ was coined when Grace Hopper found an actual moth in a relay of Harvard Mark II computer in 1947.
Exam Trick: Error → Defect/Bug → Failure. Think: Human Error causes Code Bug causes System Failure.
Q22: What is ‘Sanity Testing’?
A. A thorough test of all features
B. A narrow, deep test to check a specific bug fix without regression
C. Testing done by the client
D. Testing done to check performance
Correct Answer: B
Explanation: Sanity Testing is a narrow regression test to check a specific bug fix or new functionality. It checks ‘sanity’ — is this specific area working? It is a subset of regression testing, is unscripted, and done when there’s limited time. It’s different from Smoke Testing (broad/shallow).
Exam Trick: Smoke = Broad & Shallow (like checking all windows). Sanity = Narrow & Deep (like checking one broken window).
Q23: Which of the following is the LAST level of software testing?
A. Unit Testing
B. Integration Testing
C. System Testing
D. Acceptance Testing
Correct Answer: D
Explanation: Acceptance Testing is the LAST and highest level of software testing performed before releasing software to end users. It validates that the system meets business needs. Types: Alpha (internal), Beta (external), UAT (User Acceptance Testing), Contract Acceptance Testing.
Exam Trick: UISA pyramid: Unit (bottom) → Integration → System → Acceptance (top/last).
Q24: What is ‘Exploratory Testing’?
A. Testing with pre-written test cases
B. Simultaneous learning, test design, and execution without predefined scripts
C. Testing only boundary values
D. Testing done by automated tools
Correct Answer: B
Explanation: Exploratory Testing is a simultaneous approach where the tester learns about the software, designs tests, and executes them — all at the same time — without predefined test scripts. It relies on tester’s creativity, intuition, and domain knowledge. Proposed by Cem Kaner.
Exam Trick: Exploratory = ‘Explore as you go.’ No script. Like exploring a new city without a map.
Q25: Which testing is performed to check software behavior at extreme conditions beyond its limits?
A. Load Testing
B. Stress Testing
C. Volume Testing
D. Soak Testing
Correct Answer: B
Explanation: Stress Testing pushes the software beyond its maximum operational capacity to determine the breaking point and how it fails. It is performed to identify the system’s behavior under extreme conditions (high traffic, low memory, etc.). Key question: ‘When does it break and how?’
Exam Trick: Stress Testing = ‘Breaking point’ test. Like bending a metal rod until it snaps.
Q26: What is a ‘Test Plan’?
A. A list of bugs found during testing
B. A document describing scope, approach, resources, and schedule for testing
C. A set of test cases
D. An automated testing script
Correct Answer: B
Explanation: A Test Plan is a detailed document that describes the testing scope, objectives, approach, resources, schedule, and deliverables for a software project. It is created by the Test Manager/Lead. IEEE 829 standard defines the structure of a test plan. It’s the ‘blueprint’ for all testing activities.
Exam Trick: Test Plan = Testing ‘Strategy Document.’ Like a project plan but for QA.
Q27: Which of the following is a NON-functional type of testing?
A. Unit Testing
B. Integration Testing
C. Performance Testing
D. Regression Testing
Correct Answer: C
Explanation: Performance Testing is a NON-functional type of testing that checks system attributes like speed, scalability, stability, and responsiveness. Non-functional testing tests ‘how well’ the system works, not ‘what’ it does. Other non-functional types: Security, Usability, Reliability, Load, Stress.
Exam Trick: Functional = WHAT the system does. Non-functional = HOW WELL it does it (speed, security, usability).
Q28: Testing performed to check the user interface of an application is known as ____.
A. API Testing
B. GUI Testing
C. Unit Testing
D. White Box Testing
Correct Answer: B
Explanation: GUI Testing (Graphical User Interface Testing) is performed to check the visual elements of the application — buttons, forms, menus, navigation, etc. It ensures the UI meets the design specifications and is user-friendly. Tools: Selenium, QTP/UFT, Appium.
Exam Trick: GUI = Graphics/Visuals. GUI Testing = ‘Does it look and work right for the user?’
Q29: Which of the following is true about ‘Quality Assurance’?
A. QA is reactive and focused on finding bugs after development
B. QA is proactive and focuses on preventing defects through process improvement
C. QA is only performed by testers
D. QA is same as testing
Correct Answer: B
Explanation: QA is PROACTIVE and focuses on preventing defects by improving and defining the processes used to develop software. It ensures the right processes are followed (standards, audits, process definitions). QA is everyone’s responsibility, not just testers. Testing is just one part of QA.
Exam Trick: QA = PREVENT (process). QC = DETECT (product). QA is upstream; QC is downstream.
Q30: In the context of software testing, what is ‘Boundary Value Analysis’ (BVA)?
A. Testing all possible input values
B. Testing values at the boundaries and just inside/outside the valid range
C. Testing only invalid values
D. Testing the internal code paths
Correct Answer: B
Explanation: Boundary Value Analysis (BVA) is a Black Box testing technique that tests values at the boundaries of valid input ranges. For a range [a, b], test: a-1 (invalid), a (boundary), a+1 (just inside), b-1 (just inside), b (boundary), b+1 (invalid). Most bugs occur at boundaries. Complements Equivalence Partitioning.
Exam Trick: BVA: Test the EDGES. Like checking if a gate opens at exactly 18 kg, 17 kg, and 19 kg (limit is 18 kg).
INTERMEDIATE LEVEL
Q31: In Integration Testing, which approach tests from lower-level modules to higher-level modules using stubs?
A. Top-Down Integration
B. Bottom-Up Integration
C. Big Bang Integration
D. Sandwich Integration
Correct Answer: A
Explanation: Top-Down Integration testing starts from the top-level (main) module and progresses to lower-level modules. It uses STUBS (dummy modules) to replace the lower-level modules not yet integrated. Conversely, Bottom-Up uses DRIVERS (dummy main programs). Remember: Top-Down = Stubs; Bottom-Up = Drivers.
Exam Trick: Top-Down uses STUBS (substitutes below). Bottom-Up uses DRIVERS (drives from below). T-S, B-D.
Q32: Which of the following CORRECTLY distinguishes between Verification and Validation?
A. Verification: ‘Are we building the right product?’ Validation: ‘Are we building the product right?’
B. Verification: ‘Are we building the product right?’ Validation: ‘Are we building the right product?’
C. Both Verification and Validation check if the product meets customer needs
D. Verification involves code execution; Validation does not
Correct Answer: B
Explanation: Verification = ‘Are we building the product RIGHT?’ — checks if the product conforms to specifications (internal process). Validation = ‘Are we building the RIGHT product?’ — checks if the product meets customer needs (external evaluation). Verification is static; Validation is dynamic (involves execution).
Exam Trick: VERification = VERify the process/specs. VALidation = VALue to the customer/user.
Q33: A tester has found that adding a feature for password reset has broken the login functionality. What type of testing should have been performed after the feature addition?
A. Unit Testing
B. Smoke Testing
C. Regression Testing
D. Performance Testing
Correct Answer: C
Explanation: Regression Testing should be performed after any change (new feature, bug fix) to ensure that existing functionality (like login) hasn’t been broken. This is a classic regression bug scenario. Automated regression suites are used in CI/CD pipelines to detect such issues quickly.
Exam Trick: New change broke old feature = Regression bug. Regression Testing = ‘Did my fix break something else?’
Q34: Which testing technique is used when the tester has PARTIAL knowledge of the internal code?
A. Black Box Testing
B. White Box Testing
C. Grey Box Testing
D. Static Testing
Correct Answer: C
Explanation: Grey Box Testing is a combination of Black Box and White Box testing. The tester has PARTIAL knowledge of the internal structure (e.g., database schema, algorithms) but tests from the user’s perspective. It is used for integration testing and web application testing.
Exam Trick: Grey = Mix of Black and White. Partial knowledge. Grey Box is used in security/penetration testing.
Q35: Which of the following is the correct order of testing levels in the V-Model from BOTTOM to TOP (coding to acceptance)?
A. Unit → Integration → System → Acceptance
B. Acceptance → System → Integration → Unit
C. Unit → System → Integration → Acceptance
D. Integration → Unit → System → Acceptance
Correct Answer: A
Explanation: In the V-Model, testing levels from bottom to top are: Unit Testing (corresponds to module/component design) → Integration Testing (corresponds to architecture design) → System Testing (corresponds to system design/requirements) → Acceptance Testing (corresponds to business requirements). The V-shape shows the relationship.
Exam Trick: UISA order is ALWAYS: Unit → Integration → System → Acceptance. Never changes.
Q36: What is ‘Mutation Testing’ and what is its primary purpose?
A. Testing by mutating/changing the requirements document
B. Checking if test cases can detect artificially introduced bugs in the code
C. Testing the software by changing the database schema
D. Testing software in different operating environments
Correct Answer: B
Explanation: Mutation Testing evaluates the QUALITY of test cases by introducing small changes (mutations) into the source code (e.g., changing ‘+’ to ‘-‘, ‘>’ to ‘>=’) and checking if the existing test cases detect these mutations. If a test case ‘kills’ the mutant (detects the change), it’s a good test. Mutation Score = (killed mutants / total mutants) × 100.
Exam Trick: Mutation Testing = Testing the TESTS. ‘Can your tests find these deliberate bugs?’
Q37: A banking application needs to be tested with 10,000 simultaneous users. Which type of testing is most appropriate?
A. Stress Testing
B. Load Testing
C. Unit Testing
D. Sanity Testing
Correct Answer: B
Explanation: Load Testing is most appropriate when testing a specific expected number of concurrent users (like 10,000). It verifies whether the system can handle the EXPECTED load. Stress Testing would push BEYOND 10,000 to find the breaking point. Load testing establishes a performance baseline.
Exam Trick: Load = Expected users (10,000). Stress = Beyond limit (15,000+). Load tests normal; Stress tests limits.
Q38: Which White Box testing coverage criterion requires every BRANCH (both true and false) of each decision to be executed?
A. Statement Coverage
B. Branch Coverage
C. Path Coverage
D. Condition Coverage
Correct Answer: B
Explanation: Branch Coverage (also called Decision Coverage) requires every branch (true and false) of each decision point to be executed at least once. It is stronger than Statement Coverage. Example: for an if-else, both the if-branch AND the else-branch must be tested. 100% branch coverage implies 100% statement coverage.
Exam Trick: Branch = Every if/else ARM must be taken. Branch > Statement coverage.
Q39: Which of the following is the CORRECT definition of ‘Equivalence Partitioning’?
A. Dividing output data into equal groups for testing
B. Dividing input data into partitions where all values in a partition are expected to behave the same way
C. Testing each input value exactly once
D. Testing boundary values of each input range
Correct Answer: B
Explanation: Equivalence Partitioning divides the input domain into equivalence classes (partitions) where all values within a class are expected to be processed the same way. Testing one representative value from each partition is sufficient. This reduces the total number of test cases while maximizing coverage. Includes valid and invalid partitions.
Exam Trick: EP = Representative sampling. If one value in a class passes/fails, all others will too. Saves test effort.
Q40: What is ‘Usability Testing’?
A. Testing the performance of the software under load
B. Testing the security vulnerabilities of the software
C. Testing how easy and intuitive the software is to use for end users
D. Testing whether all features work correctly
Correct Answer: C
Explanation: Usability Testing evaluates how easy, intuitive, and user-friendly an application is for its intended users. It focuses on user experience (UX), navigation, learnability, and efficiency. Real users perform tasks while observers note difficulties. It is a non-functional type of testing.
Exam Trick: Usability = Can users USE it easily? Think: grandma using an ATM — can she figure it out?
Q41: What is the difference between ‘Error’, ‘Defect’, ‘Bug’, and ‘Failure’ in software testing?
A. All four terms mean the same thing
B. Error is a human mistake; Defect/Bug is in code; Failure is observed when software runs
C. Failure is a human mistake; Error is in code
D. Bug is the most severe while Error is less severe
Correct Answer: B
Explanation: Precise definitions: ERROR = A human mistake made by developer (wrong logic, typo). DEFECT/BUG = An imperfection in code resulting from an error. FAULT = Another word for defect. FAILURE = When the defect is executed and the system deviates from expected behavior. Chain: Human Error → Code Defect → System Failure.
Exam Trick: E→D→F chain: Error (person) → Defect (code) → Failure (system). Like: Typo → Wrong code → App crashes.
Q42: Which testing approach verifies that a software system complies with specific standards and regulations?
A. Compliance Testing
B. Regression Testing
C. Mutation Testing
D. Exploratory Testing
Correct Answer: A
Explanation: Compliance Testing (also called Conformance Testing) verifies that software adheres to specific standards, regulations, or legal requirements. Examples: GDPR compliance, HIPAA compliance (healthcare), PCI-DSS (payment systems), ISO standards. It ensures the software is legally and regulatory compliant.
Exam Trick: Compliance = Comply with RULES. Regulatory, legal, standard adherence testing.
Q43: Which of the following statements is TRUE about 100% code coverage?
A. 100% code coverage guarantees the software is bug-free
B. 100% code coverage means all requirements are validated
C. 100% code coverage means all code lines are executed, but bugs may still exist
D. 100% code coverage is impossible to achieve
Correct Answer: C
Explanation: 100% code coverage means every line of code has been executed during testing, but it does NOT guarantee the absence of bugs. Missing requirements, incorrect logic that executes, or edge cases in valid paths might still cause failures. Coverage is a necessary but not sufficient condition for quality. Dijkstra: ‘Testing shows presence, not absence of bugs.’
Exam Trick: Coverage ≠ Correctness. You can run all code with wrong expected outputs and still have bugs.
Q44: In the context of QA vs QC, which of the following activity belongs to QA?
A. Finding bugs in code
B. Executing test cases
C. Process audits and defining standards
D. Reporting defects
Correct Answer: C
Explanation: Process audits and defining standards are QA activities. QA Activities: Process audits, defining coding standards, process improvement, configuration management, training. QC Activities: Test execution, defect reporting, test case design, code review for bugs. QA is upstream (process); QC is downstream (product verification).
Exam Trick: QA = Process (Audit, Standards, CMM, CMMI). QC = Product (Test, Find Bugs, Report).
Q45: What is ‘Positive Testing’ in software testing?
A. Testing with invalid inputs to find bugs
B. Testing with valid inputs to verify the software works as expected
C. Testing to confirm all bugs are fixed
D. Testing performed with optimistic assumptions
Correct Answer: B
Explanation: Positive Testing (Happy Path Testing) verifies that the application works correctly with VALID inputs and expected conditions. It tests the normal flow. Negative Testing uses INVALID inputs to ensure the system handles them gracefully (shows error messages, doesn’t crash). Both are needed for thorough testing.
Exam Trick: Positive = Valid input → Expected output. Negative = Invalid input → Graceful error handling.
Q46: A company deploys a mobile app update. To verify the update didn’t break existing functionality, which type of testing is MOST appropriate?
A. Smoke Testing
B. Regression Testing
C. Performance Testing
D. Security Testing
Correct Answer: B
Explanation: Regression Testing is most appropriate after any update/deployment to ensure existing features still work. In mobile app testing, automated regression suites (using Appium, XCUITest, Espresso) are run after every update. This is critical in CI/CD pipelines.
Exam Trick: After any CODE CHANGE → Run Regression. ‘Did we break what was working?’ = Regression question.
Q47: What is the ‘Test Pyramid’ concept in agile testing?
A. A pyramid showing the hierarchy of testing team roles
B. A model suggesting more unit tests, fewer integration tests, and even fewer UI/E2E tests
C. A model showing that UI testing is most important
D. A model for organizing test documentation
Correct Answer: B
Explanation: The Test Pyramid (by Mike Cohn) suggests: Bottom layer = Many Unit Tests (fast, cheap, isolated); Middle layer = Fewer Integration Tests; Top layer = Even Fewer UI/E2E tests (slow, expensive, brittle). This structure ensures fast feedback loops and cost-effective testing. Anti-pattern: ‘Ice Cream Cone’ (more UI tests, fewer unit tests).
Exam Trick: Pyramid: Wide base (Unit) → Narrow top (UI). More unit = faster, cheaper. More UI = slower, costly.
Q48: Which of the following best describes ‘Ad-hoc Testing’?
A. Formal structured testing with test cases
B. Informal testing without test cases or documentation, based on tester’s intuition
C. Automated testing using testing frameworks
D. Testing done only after system deployment
Correct Answer: B
Explanation: Ad-hoc Testing is informal testing without any formal test plan, test cases, or documentation. It is done randomly based on the tester’s knowledge and intuition. Also called ‘random testing.’ Variants include: Buddy Testing (developer + tester pair) and Pair Testing (two testers). It’s useful for quickly finding bugs.
Exam Trick: Ad-hoc = ‘On the fly.’ No plan, no script. Just test freely. Latin: ad hoc = ‘for this purpose.’
Q49: Which testing approach is used specifically to check that the software can recover from failures gracefully?
A. Stress Testing
B. Recovery Testing
C. Fault Injection Testing
D. Disaster Recovery Testing
Correct Answer: B
Explanation: Recovery Testing checks how well a system recovers from crashes, hardware failures, or other problems. It validates the system’s ability to recover from failures and resume operation within a specified time. Fault Injection Testing is a related technique where failures are deliberately induced to test recovery mechanisms.
Exam Trick: Recovery Testing = ‘Bounce back’ test. Does the system recover after a crash? Backup & restore verification.
Q50: Which is NOT a valid difference between Smoke Testing and Sanity Testing?
A. Smoke testing is broad; Sanity testing is narrow
B. Smoke testing is done before Sanity testing
C. Smoke testing is always automated; Sanity testing is always manual
D. Smoke testing checks basic functionality; Sanity testing checks specific bug fixes
Correct Answer: C
Explanation: Statement C is NOT a valid difference. Both Smoke and Sanity testing can be manual OR automated. Smoke testing IS typically done before sanity (you verify the build works first, then check specific fixes). The real differences: Smoke=broad/shallow; Sanity=narrow/deep. Smoke checks build stability; Sanity checks specific functionality.
Exam Trick: Tricky! Both can be manual or automated. Don’t confuse automation with the type of testing.
Q51: What is ‘Path Coverage’ in White Box Testing?
A. Testing all edges in the control flow graph
B. Testing all independent paths through the code at least once
C. Testing all conditional statements
D. Testing only the main execution path
Correct Answer: B
Explanation: Path Coverage (Basis Path Testing) requires every independent path through the code to be executed at least once. It is the most thorough (and most expensive) white box coverage. McCabe’s Cyclomatic Complexity formula determines the number of independent paths: V(G) = E – N + 2P (E=edges, N=nodes, P=connected components). Path > Branch > Statement coverage.
Exam Trick: Coverage strength: Path > Branch > Statement. Path = Most thorough. Cyclomatic Complexity = number of paths.
Q52: In software testing, what is ‘Defect Density’?
A. Total number of defects found during testing
B. Number of defects per unit size of software (e.g., per KLOC)
C. Severity of defects found
D. Rate at which defects are being fixed
Correct Answer: B
Explanation: Defect Density = Number of Defects / Size of Software. Typically measured as defects per KLOC (Kilo Lines of Code) or per Function Point. It is a key quality metric. Lower defect density = higher quality. Example: If 50 defects are found in 10,000 lines of code, Defect Density = 50/10 = 5 defects/KLOC.
Exam Trick: Defect Density = Bugs per KLOC. Like potholes per kilometer of road. Lower = Better road/software.
Q53: What is ‘Test-Driven Development’ (TDD)?
A. Writing tests after the code is complete
B. Writing test cases before writing the actual code, then writing code to pass those tests
C. Testing only the critical modules
D. Using automation tools to drive testing
Correct Answer: B
Explanation: TDD is a development approach where you write TESTS before writing the actual code. Cycle: Red (write a failing test) → Green (write minimal code to pass the test) → Refactor (improve code). TDD ensures that code is testable, requirements are clear, and results in high code coverage. Popularized by Kent Beck (XP).
Exam Trick: TDD = Test First, Code Second. Red-Green-Refactor cycle. ‘Tests drive the development.’
Q54: Which type of testing ensures the software works correctly on different Operating Systems, browsers, and hardware?
A. Compatibility Testing
B. Portability Testing
C. Cross-browser Testing
D. Configuration Testing
Correct Answer: A
Explanation: Compatibility Testing verifies that software works correctly across different environments: OSes (Windows, Linux, macOS), browsers (Chrome, Firefox, Safari), devices (mobile, tablet, desktop), databases, and networks. Cross-browser testing is a subset of compatibility testing focused specifically on browsers.
Exam Trick: Compatibility = Can it work on DIFFERENT environments? Like checking if a plug fits different sockets.
Q55: A healthcare application stores patient records. What type of testing is CRITICAL to perform to ensure data protection?
A. Performance Testing
B. Security Testing
C. Usability Testing
D. Regression Testing
Correct Answer: B
Explanation: Security Testing is critical for healthcare applications to ensure patient data is protected against unauthorized access, data breaches, SQL injection, XSS, and other vulnerabilities. It must also ensure compliance with HIPAA regulations. Security testing includes: Vulnerability Assessment, Penetration Testing, and Security Audits.
Exam Trick: Sensitive data + regulations = Security Testing mandatory. Healthcare=HIPAA, Finance=PCI-DSS.
Q56: What is ‘Soak Testing’ (Endurance Testing)?
A. Testing the system under peak load for a short time
B. Testing the system under expected load for a long duration to detect memory leaks
C. Testing system recovery after failures
D. Testing system at extreme temperature conditions
Correct Answer: B
Explanation: Soak Testing (Endurance Testing) involves running the system under expected load for a long period to detect issues like memory leaks, database connection pool exhaustion, or performance degradation over time. Question: ‘Does performance degrade over time?’ It tests long-term reliability.
Exam Trick: Soak = Sustained load over LONG time. Like soaking fabric — watch for gradual degradation. Memory leaks!
Q57: Which statement about ‘Big Bang Integration Testing’ is TRUE?
A. All modules are integrated and tested one at a time
B. All modules are integrated simultaneously and tested as a whole
C. Testing starts from the top-most module
D. Testing starts from the bottom-most module
Correct Answer: B
Explanation: In Big Bang Integration Testing, ALL modules are combined and tested at once without incremental integration. Advantage: Simple for small systems. Disadvantages: Hard to locate bugs, no early testing possible, all modules must be complete before testing. Best for small/simple systems. Name inspired by the Big Bang theory (everything at once).
Exam Trick: Big Bang = All at once, like the universe starting! Hard to find where bugs are. Small systems only.
Q58: What does ‘CMMI’ stand for and what is its primary purpose?
A. Code Management and Monitoring Initiative — for code version control
B. Capability Maturity Model Integration — for process improvement in software development
C. Computer Maintenance and Management Interface — for IT infrastructure
D. Configuration Management and Measurement Index — for testing metrics
Correct Answer: B
Explanation: CMMI (Capability Maturity Model Integration) is a process improvement framework developed by SEI (Software Engineering Institute). It has 5 maturity levels: Level 1 (Initial/Chaotic), Level 2 (Managed), Level 3 (Defined), Level 4 (Quantitatively Managed), Level 5 (Optimizing). It is used by organizations to improve their software development processes.
Exam Trick: CMMI Levels: 1-Initial, 2-Managed, 3-Defined, 4-Quantified, 5-Optimizing. ‘I Make Decisions Quietly Often.’
Q59: What is the purpose of ‘Configuration Testing’?
A. Testing software with different hardware/software configurations
B. Testing the configuration management system
C. Testing version control processes
D. Testing database configurations only
Correct Answer: A
Explanation: Configuration Testing verifies that the software works correctly under various hardware and software configurations. It tests with different hardware specs (RAM, CPU), OS versions, database versions, network settings, and third-party software. It ensures the software is compatible with different configurations.
Exam Trick: Config Testing = Different settings, same software. Like checking if a game runs on min-spec AND max-spec computers.
Q60: What is ‘Gorilla Testing’?
A. Automated testing using AI tools
B. Repeatedly and rigorously testing a specific module/feature to find all possible bugs
C. Testing performed by a large team simultaneously
D. Testing done without any tools or documentation
Correct Answer: B
Explanation: Gorilla Testing involves repeatedly and exhaustively testing a specific module by testing it over and over with a variety of inputs. It is the most thorough (and brute-force) approach to find all defects in a particular area. Named for the gorilla’s intense focus and strength. Often used for critical or high-risk modules.
Exam Trick: Gorilla = Brute force, intense focus on ONE area. Test it AGAIN and AGAIN. No mercy!
Q61: What is ‘ISO/IEC 25010’ in the context of software quality?
A. A standard for software project management
B. A quality model defining product quality characteristics (functionality, reliability, usability, etc.)
C. A standard for software testing tools
D. A model for software development processes
Correct Answer: B
Explanation: ISO/IEC 25010 (SQuaRE – Systems and Software Quality Requirements and Evaluation) defines a software product quality model with 8 characteristics: Functional Suitability, Reliability, Usability, Performance Efficiency, Security, Compatibility, Maintainability, and Portability. It replaced ISO 9126.
Exam Trick: ISO 25010 = 8 quality chars: FR-UP-SC-MP. Functional, Reliability, Usability, Performance, Security, Compatibility, Maintainability, Portability.
Q62: A test case has Expected Result = ‘Display error message’ and Actual Result = ‘Display error message’. What is the test result?
A. Pass
B. Fail
C. Blocked
D. Not Executed
Correct Answer: A
Explanation: If Expected Result equals Actual Result, the test case PASSES. This is a tricky question because many students assume error messages mean failures. A test case PASSES when the software behaves EXACTLY as expected, even if that expected behavior is showing an error (negative testing). The test case validates error handling.
Exam Trick: PASS = Actual matches Expected. Even if expected = ‘error message’, it’s a PASS if actual = ‘error message’.
Q63: What is ‘Maintainability’ in the context of software quality?
A. Ability of the software to maintain user sessions
B. Ease with which software can be modified, corrected, or enhanced
C. Ability to maintain database connections
D. Software’s ability to maintain performance under load
Correct Answer: B
Explanation: Maintainability (ISO 25010) is the degree of effectiveness with which software can be modified to fix defects, improve performance, or adapt to environmental changes. Sub-characteristics: Modularity, Reusability, Analysability, Modifiability, Testability. Highly maintainable code is easy to understand, modify, and test.
Exam Trick: Maintainability = ‘How easy to FIX or CHANGE?’ Clean code, good docs, modularity = high maintainability.
Q64: Which of the following is the CORRECT definition of ‘Cyclomatic Complexity’?
A. A measure of the complexity of a test case
B. A quantitative measure of the number of linearly independent paths in source code
C. A metric for measuring test coverage percentage
D. A measure of the number of defects per KLOC
Correct Answer: B
Explanation: Cyclomatic Complexity (V(G)) measures the number of linearly independent paths through a program’s source code. Formula: V(G) = E – N + 2 (for a single connected graph, where E = edges, N = nodes). Or: V(G) = Number of decision points + 1. Higher complexity = harder to test and maintain. Threshold: V(G) ≤ 10 is considered manageable.
Exam Trick: Cyclomatic Complexity = Decision points + 1. Or V(G) = E – N + 2. Higher = More paths = More test cases needed.
Q65: What is ‘Decision Table Testing’?
A. Testing the decision-making algorithms in code
B. A Black Box technique using tables to model complex business rules with multiple conditions/actions
C. Testing management decisions about software scope
D. A technique for testing database queries
Correct Answer: B
Explanation: Decision Table Testing is a Black Box technique used when software has complex combinations of conditions. A decision table lists all possible combinations of conditions (inputs) and their corresponding actions (outputs). It ensures all combinations of business rules are tested. Useful for: login logic, insurance calculations, tax computations.
Exam Trick: Decision Table = Truth table for complex business rules. If all conditions then what action? Covers all combos.
Q66: An e-commerce website works fine in Chrome but not in Firefox. What type of testing should be performed to address this?
A. Regression Testing
B. Cross-browser/Compatibility Testing
C. Unit Testing
D. Stress Testing
Correct Answer: B
Explanation: Cross-browser Testing (a subset of Compatibility Testing) verifies that the website functions correctly across different browsers (Chrome, Firefox, Safari, Edge) and their versions. This is critical for web applications since different browsers have different rendering engines (Blink for Chrome, Gecko for Firefox, WebKit for Safari).
Exam Trick: Works in Chrome, not Firefox = Browser compatibility issue = Cross-browser Testing needed.
Q67: What is the difference between ‘Functional Testing’ and ‘Non-Functional Testing’?
A. Functional testing tests ‘what’ the system does; Non-functional tests ‘how well’ it does it
B. Functional testing is performed by developers; Non-functional by testers
C. Non-functional testing always comes before functional testing
D. Functional testing is automated; Non-functional is manual
Correct Answer: A
Explanation: Functional Testing: Tests WHAT the system does — verifies each function/feature against requirements. Examples: Unit, Integration, System, UAT, Regression, Smoke. Non-Functional Testing: Tests HOW WELL the system performs. Examples: Performance, Load, Stress, Security, Usability, Reliability, Portability. Both are essential.
Exam Trick: Functional = Features working? Non-Functional = Fast? Secure? Usable? The ‘ilities’ are non-functional.
Q68: In software testing, what is a ‘Test Suite’?
A. The room where testing is performed
B. A collection of test cases designed to test a specific aspect of the software
C. A testing tool used for automation
D. A report generated after testing
Correct Answer: B
Explanation: A Test Suite is a collection of test cases that are grouped together for a specific testing objective or module. For example, ‘Login Test Suite’ contains all test cases for the login functionality. Test suites help organize testing, allow execution in batches, and track overall test coverage for a feature/module.
Exam Trick: Test Suite = Collection of related Test Cases. Like a playlist of songs (but for tests).
Q69: Which testing is performed to verify that previously fixed bugs have NOT been reintroduced?
A. Smoke Testing
B. Re-testing
C. Regression Testing
D. Sanity Testing
Correct Answer: C
Explanation: Regression Testing verifies that previously fixed bugs haven’t been re-introduced after code changes. Note the difference: RE-TESTING tests a specific bug that was fixed (confirming it’s fixed). REGRESSION TESTING tests the ENTIRE existing functionality to ensure nothing else broke. Both are done after bug fixes, but for different purposes.
Exam Trick: Re-testing = Did THIS bug get fixed? Regression = Did THIS bug fix break OTHER things? Important distinction!
ADVANCED LEVEL
Q70: What is ‘Six Sigma’ in the context of quality management?
A. A software testing framework
B. A methodology aiming for 3.4 defects per million opportunities to achieve near-perfection
C. A coding standard developed by IEEE
D. A project management methodology
Correct Answer: B
Explanation: Six Sigma is a data-driven quality management methodology that aims to reduce defects to 3.4 per million opportunities (DPMO), representing 99.99966% quality. Developed at Motorola (1986), popularized by GE. Uses DMAIC cycle (Define, Measure, Analyze, Improve, Control) for process improvement. Sigma levels measure process capability.
Exam Trick: Six Sigma = 3.4 DPMO = 99.99966% quality. DMAIC cycle. ‘Six’ refers to 6 standard deviations from mean.
Q71: Given a program with the following control flow: IF condition1 THEN action1 ELSE IF condition2 THEN action2 ELSE action3. What is the Cyclomatic Complexity?
A. 2
B. 3
C. 4
D. 5
Correct Answer: B
Explanation: Cyclomatic Complexity = Number of decision points + 1. Decision points: condition1 (1) + condition2 (1) = 2. V(G) = 2 + 1 = 3. Alternatively: Draw the flow graph and count: E – N + 2. This code has 3 independent paths: (1) condition1 true→action1, (2) condition1 false, condition2 true→action2, (3) both false→action3.
Exam Trick: Count IF, WHILE, FOR, CASE, AND, OR = decision points. Add 1. Here: 2 IFs + 1 = 3.
Q72: What is ‘Model-Based Testing’ (MBT) and what is its key advantage?
A. Testing using UML diagrams only
B. Automatically generating test cases from formal models of the system
C. Testing using machine learning models
D. Testing based on data models from databases
Correct Answer: B
Explanation: Model-Based Testing (MBT) uses formal models (state machines, UML, Markov chains, decision tables) to automatically GENERATE test cases. Key advantages: Reduces manual test design effort, provides systematic coverage, can detect requirement inconsistencies early. Used in safety-critical systems (avionics, automotive). Tools: Conformiq, GraphWalker, TestOptimal.
Exam Trick: MBT = Model → Auto-generate Tests. No manual test writing. Models are the blueprint; tests are auto-derived.
Q73: A critical financial system must be tested for data integrity and transaction accuracy. Which combination of testing is MOST comprehensive?
A. Unit Testing + Smoke Testing
B. System Testing + UAT only
C. Unit Testing + Integration Testing + System Testing + UAT + Security Testing + Performance Testing
D. Only Regression Testing
Correct Answer: C
Explanation: For a critical financial system, a comprehensive testing approach requires ALL levels (Unit, Integration, System, UAT) plus specialized types: Security Testing (SQL injection, data encryption), Performance Testing (transaction throughput), Compliance Testing (SOX, PCI-DSS regulations). No single level or type is sufficient for financial systems.
Exam Trick: Financial system = ALL levels + Security + Performance + Compliance. Critical systems need comprehensive coverage.
Q74: What is ‘Fuzz Testing’ (Fuzzing)?
A. Testing with blurry UI elements
B. Providing unexpected, random, or malformed inputs to find vulnerabilities/crashes
C. Testing with fuzzy logic algorithms
D. Testing software in undefined/fuzzy requirements scenarios
Correct Answer: B
Explanation: Fuzz Testing (Fuzzing) is an automated technique that provides unexpected, random, invalid, or malformed inputs to a program to find security vulnerabilities, crashes, and buffer overflows. Types: Black-box fuzzing (no source knowledge), White-box fuzzing (uses code analysis), Coverage-guided fuzzing (AFL, libFuzzer). Used heavily in security testing.
Exam Trick: Fuzzing = Feed garbage to the system and see what breaks. Security testing technique. Tools: AFL, libFuzzer.
Q75: In software quality, what does ‘MTTR’ stand for and what does it measure?
A. Mean Time To Release — time between software releases
B. Mean Time To Repair — average time to fix a failure after detection
C. Maximum Time To Respond — SLA response time
D. Mean Time To Retest — average regression testing time
Correct Answer: B
Explanation: MTTR (Mean Time To Repair/Restore) is the average time required to repair a failed system and restore it to operational status. Formula: MTTR = Total Downtime / Number of Failures. Related metrics: MTBF (Mean Time Between Failures) = reliability measure; MTTF (Mean Time To Failure) = for non-repairable systems. MTTR + MTTF = MTBF.
Exam Trick: MTTR = Fix time. MTBF = Between failures. MTTF = Until first failure. R=Repair, B=Between, F=Failure.
Q76: What is ‘Shift-Left Testing’ and why is it important in modern DevOps practices?
A. Moving testing to left side of the office
B. Performing testing earlier in the SDLC to find bugs sooner and reduce cost of fixing
C. Testing only the left side of the user interface
D. Shifting testing responsibility from QA to developers only
Correct Answer: B
Explanation: Shift-Left Testing means moving testing activities EARLIER in the SDLC (to the ‘left’ on a timeline). Instead of testing only after development, tests are written and run during requirements, design, and coding phases. Benefits: Earlier bug detection (10x-100x cheaper to fix), faster feedback, TDD/BDD support, CI/CD integration. Contrast: Shift-Right = testing in production (A/B testing, canary deployments).
Exam Trick: Shift-Left = Test EARLY = Cheaper fixes. Rule of thumb: Bug costs 1x in design, 10x in testing, 100x in production.
Q77: What is ‘Behavior-Driven Development’ (BDD) and which language is commonly used to write BDD tests?
A. Testing framework using Python; Tests written in Python syntax
B. A TDD extension where tests are written in natural language using Gherkin (Given-When-Then)
C. A framework for testing UI behavior using JavaScript
D. A methodology where behavior is tested through mutation testing
Correct Answer: B
Explanation: BDD (Behavior-Driven Development) extends TDD by writing tests in natural language that business stakeholders can understand. Uses GHERKIN syntax: Given (precondition) → When (action) → Then (expected outcome). Tools: Cucumber, SpecFlow, JBehave, Behave (Python). Bridges communication between developers, QA, and business stakeholders.
Exam Trick: BDD = TDD + Natural Language. Given-When-Then. Cucumber uses Gherkin. Stakeholders can READ tests.
Q78: A software module has Cyclomatic Complexity of 15. What does this indicate?
A. The module is very simple and needs only 15 test cases
B. The module is complex, hard to maintain, and has high risk — refactoring recommended
C. The module has exactly 15 bugs
D. The module passes all 15 test cases
Correct Answer: B
Explanation: Cyclomatic Complexity (CC) threshold: 1-10 = Simple, good. 11-20 = Complex, moderate risk. 21-50 = Very complex, high risk. >50 = Untestable, extremely high risk. CC=15 indicates a complex module that needs refactoring. More paths = more test cases needed = harder to maintain. McCabe’s recommendation: CC ≤ 10.
Exam Trick: CC scale: 1-10 Good, 11-20 Complex, 21-50 High Risk, >50 Untestable. CC=15 is already in the danger zone.
Q79: What is ‘Chaos Engineering’ and which company pioneered it?
A. Testing under chaotic requirements; pioneered by Microsoft
B. Deliberately injecting failures into production to build confidence in system resilience; pioneered by Netflix
C. Random testing approach; pioneered by Google
D. Stress testing methodology; pioneered by Amazon
Correct Answer: B
Explanation: Chaos Engineering is the discipline of experimenting on distributed systems by deliberately introducing failures (killing servers, injecting latency, network partitions) in PRODUCTION to build confidence in system resilience. Pioneered by Netflix with the ‘Chaos Monkey’ tool (2011). Principles defined by Netflix: Chaos Monkey, Chaos Gorilla, Chaos Kong.
Exam Trick: Chaos Engineering = Netflix + Chaos Monkey = Break things in PRODUCTION intentionally to find weaknesses first.
Q80: What is ‘Contract Testing’ in microservices architecture?
A. Testing based on legal contract with the client
B. Verifying that service-to-service communication adheres to agreed-upon API contracts/interfaces
C. Testing contract management software
D. Testing all endpoints defined in API documentation
Correct Answer: B
Explanation: Contract Testing verifies that microservices communicate correctly according to agreed-upon API contracts. It tests the consumer-provider contract: the consumer defines what it expects, the provider verifies it can fulfill those expectations. Tool: PACT (Consumer-Driven Contract Testing). Eliminates need for expensive end-to-end testing of microservice interactions.
Exam Trick: Contract Testing = API ‘promise’ testing in microservices. Consumer defines contract; Provider must honor it. PACT tool.
Q81: What is the ‘pesticide paradox’ in software testing (Beizer’s principle)?
A. Too many testers make the testing process inefficient
B. If the same test cases are run repeatedly, they stop finding new bugs over time
C. Automated tests eventually kill all bugs like pesticides
D. Testing eliminates bugs just like pesticides eliminate pests
Correct Answer: B
Explanation: The Pesticide Paradox (Boris Beizer’s 7 testing principles): Just as insects develop immunity to pesticides over time, software bugs ‘become immune’ to the same test cases. If the same tests are run repeatedly, they stop finding new defects. Solution: Regularly review and revise test cases, add new ones, and use exploratory testing.
Exam Trick: Pesticide Paradox = Same tests → Same bugs found (or none). Need NEW tests to find NEW bugs. Rotate/update tests!
Q82: A team is testing an embedded system in an automotive vehicle’s braking system. Which testing standard/approach is MOST relevant?
A. ISO 25010 (SQuaRE)
B. IEEE 829 (Test Documentation)
C. ISO 26262 (Functional Safety for Road Vehicles) with HARA analysis
D. CMMI Level 3
Correct Answer: C
Explanation: ISO 26262 is the functional safety standard for road vehicles covering automotive software. It includes HARA (Hazard Analysis and Risk Assessment), ASIL (Automotive Safety Integrity Level) ratings from A (lowest) to D (highest), and specific V&V requirements. Braking systems are ASIL-D (highest safety requirement). Critical for embedded/automotive testing.
Exam Trick: Automotive safety = ISO 26262. ASIL-D = Highest safety. Aviation = DO-178C. Medical = IEC 62304.
Q83: In software quality metrics, what is the ‘Defect Removal Efficiency’ (DRE)?
A. Percentage of defects found during testing vs. total defects
B. Number of defects removed per hour of testing
C. Percentage of defects found BEFORE release vs. total defects (including those found after release)
D. Speed at which the development team fixes defects
Correct Answer: C
Explanation: Defect Removal Efficiency (DRE) = (Defects found before release / Total defects including post-release) × 100%. A DRE of 90% means 90% of defects were caught before the software reached the customer. Higher DRE = better QA process. World-class organizations achieve DRE > 95%. Formula: DRE = Pre-release defects / (Pre-release + Post-release defects) × 100.
Exam Trick: DRE = Pre-release bugs / Total bugs × 100. Higher = Better. World class > 95%. 90%+ is good.
Q84: What is ‘Property-Based Testing’ and which Python library is commonly used for it?
A. Testing properties of UI elements; using Selenium
B. Automatically generating test inputs to verify that code properties hold for all valid inputs; using Hypothesis
C. Testing software properties like reliability; using JUnit
D. Testing CSS properties; using Jest
Correct Answer: B
Explanation: Property-Based Testing automatically generates hundreds/thousands of random test inputs to verify that certain properties (invariants) hold for ALL valid inputs. Instead of writing specific examples, you define PROPERTIES. Example: ‘sorting a list should always produce a list of the same length.’ Python library: Hypothesis. Haskell: QuickCheck (original). Finds edge cases humans miss.
Exam Trick: Property-Based = Define RULES, let tool generate inputs. Hypothesis (Python) / QuickCheck (Haskell). Generative testing.
Q85: What is ‘Risk-Based Testing’ and what is its primary benefit?
A. Testing risky code written by junior developers only
B. Prioritizing testing activities based on risk (probability × impact) to optimize test coverage
C. Identifying security risks in code through penetration testing
D. Testing only high-risk business features
Correct Answer: B
Explanation: Risk-Based Testing prioritizes testing efforts based on RISK = Probability of failure × Impact of failure. High-risk features get more testing time. Process: 1) Identify risks, 2) Assess probability and impact, 3) Prioritize testing based on risk score, 4) Allocate testing resources accordingly. Benefit: Optimizes limited testing time/resources for maximum risk reduction.
Exam Trick: Risk-Based = Risk Score = Probability × Impact. Focus testing where it MATTERS MOST. Triage approach.
Q86: Which of the following BEST describes the ‘Seven Principles of Software Testing’ (ISTQB)?
A. Testing proves software is bug-free; exhaustive testing is possible; automated testing is always better
B. Testing shows presence of defects; exhaustive testing is impossible; early testing saves cost; defect clustering; pesticide paradox; testing is context-dependent; absence-of-errors fallacy
C. Testing should only be done at the end; defects cluster in 20% of modules; testers must also code
D. Testing is a phase; bugs are always critical; testing is automated
Correct Answer: B
Explanation: ISTQB’s 7 Testing Principles: 1) Testing shows presence of defects (not absence). 2) Exhaustive testing is impossible. 3) Early testing saves cost (Shift-Left). 4) Defect clustering (80-20 rule: 80% bugs in 20% modules). 5) Pesticide paradox. 6) Testing is context-dependent. 7) Absence-of-errors fallacy (bugless software may still not meet needs).
Exam Trick: 7 Principles: Show-Exhaust-Early-Cluster-Pesticide-Context-Absence. ‘SEECPA?’ mnemonic.
Q87: Which statement correctly describes the relationship between ‘Reliability’ and ‘Availability’ in software quality?
A. Reliability and Availability are the same concept
B. Reliability = how long system runs without failure; Availability = percentage of time system is operational
C. Availability is always higher than Reliability
D. Reliability is measured as a percentage; Availability in hours
Correct Answer: B
Explanation: Reliability: Probability that a system performs correctly over a specified time period (measured by MTBF). Availability: Percentage of time the system is operational = MTBF / (MTBF + MTTR) × 100%. A system can have high availability but low reliability (frequent failures but quick repairs). ‘5 nines’ availability = 99.999% = ~5 minutes downtime/year.
Exam Trick: Reliability = No failures over time (MTBF). Availability = % uptime = MTBF/(MTBF+MTTR). 99.999% = ‘5 nines’.
Q88: A team is implementing Continuous Integration. Which testing strategy ensures FAST feedback in the CI pipeline?
A. Run all tests including long-running E2E tests on every commit
B. Run unit tests on every commit, integration tests on merge, E2E tests nightly
C. Run only manual tests on every commit
D. Run only smoke tests and skip all other tests for speed
Correct Answer: B
Explanation: Optimal CI testing strategy: On every COMMIT: Run fast unit tests (seconds). On every MERGE/PR: Run integration tests (minutes). NIGHTLY/Scheduled: Run slow E2E tests (hours). This balances feedback speed with coverage. The Test Pyramid ensures most tests are at the unit level (fastest). Full E2E on every commit would make CI too slow.
Exam Trick: CI strategy: Commit→Unit, Merge→Integration, Nightly→E2E. Pyramid principle in CI: Fast tests first.
Q89: What is ‘Test Oracles’ in software testing?
A. Oracle database used for test data management
B. A mechanism to determine whether the actual outcome of a test matches the expected outcome
C. An automated testing tool by Oracle Corporation
D. A group of expert testers who review test cases
Correct Answer: B
Explanation: A Test Oracle is a mechanism (human, document, specification, algorithm, or reference implementation) that determines the EXPECTED output for a given test input so results can be evaluated. Types: Specified oracle (from requirements doc), Statistical oracle (historical data), Derived oracle (from another version), Implicit oracle (system shouldn’t crash). The ‘Oracle Problem’: defining correct expected outputs is hard.
Exam Trick: Oracle = ‘What SHOULD happen?’ source. Without oracle, you can’t determine PASS or FAIL. Requirements doc = common oracle.
Q90: What is the ‘Testing Quadrants’ framework (by Brian Marick, expanded by Lisa Crispin)?
A. A 2×2 grid dividing testing into four types based on automation level
B. A 2×2 grid categorizing tests along ‘technology-facing vs business-facing’ and ‘supporting team vs critiquing product’ axes
C. A framework for prioritizing test cases in four quarters
D. A model for distributing testing responsibilities across four teams
Correct Answer: B
Explanation: Agile Testing Quadrants (Marick/Crispin): Q1 (Technology-facing, support team): Unit & Component tests. Q2 (Business-facing, support team): Functional, Story, Prototype tests. Q3 (Business-facing, critique product): Exploratory, Usability, UAT. Q4 (Technology-facing, critique product): Performance, Security, ‘-ility’ tests. Helps plan what testing to do in Agile.
Exam Trick: 4 Quadrants: Q1=Unit, Q2=Functional, Q3=Exploratory/UAT, Q4=Performance/Security. Business vs Tech × Support vs Critique.
Q91: In the context of software testing standards, what does ‘IEEE 829’ define?
A. Standard for software quality metrics
B. Standard for software test documentation (test plan, test case, test report formats)
C. Standard for software development processes
D. Standard for software configuration management
Correct Answer: B
Explanation: IEEE 829 (now superseded by ISO/IEC/IEEE 29119) is the standard for Software Test Documentation. It defines formats and contents for: Test Plan, Test Design Specification, Test Case Specification, Test Procedure Specification, Test Item Transmittal Report, Test Incident Report, and Test Summary Report. Essential knowledge for formal software testing.
Exam Trick: IEEE 829 = Test Documentation standard. 8 documents. Now replaced by ISO/IEC/IEEE 29119.
Q92: A program has the following code: for(i=1; i<=10; i++) { if(i%2==0) print(‘Even’); else print(‘Odd’); } What is the minimum number of test cases for 100% branch coverage?
A. 1
B. 2
C. 10
D. 20
Correct Answer: B
Explanation: For 100% Branch Coverage, you need to execute every branch (true/false) of each decision. The only decision here is i%2==0. You need: ONE run where i is even (to take the ‘Even’ branch) and ONE run where i is odd (to take the ‘Odd’ branch). Since the for loop runs both even and odd numbers (1-10), a SINGLE run covers both branches. But theoretically, minimum test cases = 2 (one even, one odd input). Answer: 2 logically, but 1 run of the code covers both.
Exam Trick: Branch coverage = Cover every true/false. One decision = 2 branches. Minimum = 2 test cases to isolate. Single run with range covers both.
Q93: What is ‘Orthogonal Array Testing’ (OAT)?
A. Testing at 90-degree angles to find orthogonal bugs
B. A statistical technique to test a selection of combinations that covers all pairs of parameters efficiently
C. Testing using mathematical matrices for performance
D. Testing all possible parameter combinations exhaustively
Correct Answer: B
Explanation: Orthogonal Array Testing (OAT) uses statistical orthogonal arrays to select a MINIMUM set of test cases that covers ALL PAIRS of parameter values (pairwise testing). Instead of testing all N^k combinations, OAT dramatically reduces the number while maintaining good coverage. Also called ‘All-Pairs Testing.’ Tool: ACTS (Automated Combinatorial Testing for Software). Extremely useful when parameters have many values.
Exam Trick: OAT = Statistical sampling. All-Pairs coverage with MINIMUM test cases. Like a Latin Square in statistics.
Q94: Which of the following is CORRECT about ‘Equivalence Class Partitioning’ for a field that accepts ages 18-60?
A. Valid class: 18-60; One invalid class: <18
B. Valid class: 18-60; Invalid classes: <18 and >60; Total: 3 classes
C. Valid class: 18-60; Invalid class: 61-100
D. Only boundary values need to be tested
Correct Answer: B
Explanation: For age 18-60: Valid Equivalence Class: [18-60] (one class). Invalid Classes: (<18) AND (>60) = Two invalid classes. Total: 3 equivalence classes. Test case selection: One from valid class (e.g., 30), one from each invalid class (e.g., 10, 70). This gives 3 test cases instead of testing all possible ages. ECP reduces test effort.
Exam Trick: ECP always: 1 valid class + N invalid classes. Age 18-60: Valid=[18-60], Invalid=[<18], Invalid=[>60]. 3 classes, 3 test cases.
Q95: What is ‘Accessibility Testing’ and which standard guides it?
A. Testing if the software can be accessed from different networks; guided by IEEE 802
B. Testing if software can be used by people with disabilities; guided by WCAG (Web Content Accessibility Guidelines)
C. Testing software access control mechanisms; guided by OWASP
D. Testing if software is accessible offline; guided by W3C
Correct Answer: B
Explanation: Accessibility Testing ensures software can be used by people with disabilities (visual, auditory, motor, cognitive impairments). WCAG (Web Content Accessibility Guidelines) by W3C defines 4 principles (POUR): Perceivable, Operable, Understandable, Robust. WCAG 2.1 has 3 conformance levels: A, AA, AAA. Tools: WAVE, axe, NVDA screen reader. Legally required in many countries (ADA, Section 508 in USA).
Exam Trick: Accessibility = POUR (Perceivable, Operable, Understandable, Robust). WCAG standard. A→AA→AAA levels.
Q96: A tester reports: ‘Expected: System should display an error when user enters age=200. Actual: System accepts age=200 and creates account.’ What is the severity and type of this bug?
A. Low severity; Cosmetic bug
B. High severity; Functional/Validation bug with data integrity impact
C. Medium severity; Performance bug
D. Low severity; Documentation bug
Correct Answer: B
Explanation: This is a HIGH SEVERITY functional/validation bug. The system is accepting invalid input (age=200) which means: (1) Input validation is broken, (2) Data integrity is compromised (invalid data in database), (3) Business rules are violated. Severity is High because it can cause incorrect data processing, reporting errors, and compliance issues. It’s a Boundary Value Analysis failure.
Exam Trick: Severity: Blocker>Critical>High>Medium>Low. Invalid data accepted = High/Critical severity = Business impact.
Q97: In software testing, what is ‘Pairwise Testing’ and its theoretical basis?
A. Testing with pairs of testers for better bug detection
B. A combinatorial testing technique ensuring all pairs of parameter values are tested at least once
C. Testing two versions of software simultaneously
D. A technique where test cases are always written in pairs (positive/negative)
Correct Answer: B
Explanation: Pairwise Testing (All-Pairs Testing) is based on the empirical observation that most software faults are triggered by interactions between 2 parameters (not 3 or more). Instead of testing all N^k combinations, it tests all PAIRS of values. Reduces combinatorial explosion: 4 parameters × 3 values each = 81 combinations reduced to ~9 test cases. Based on orthogonal arrays and combinatorial design theory.
Exam Trick: Pairwise = 75% bugs from 2-way interactions. 81 combos → ~9 tests. Combinatorial math reduces effort hugely.
Q98: What is ‘Service Virtualization’ and how does it help in testing?
A. Testing virtual machines and cloud services
B. Simulating dependencies (APIs, databases, third-party services) that are unavailable during testing
C. Creating virtual test environments using containers
D. Virtualizing hardware for performance testing
Correct Answer: B
Explanation: Service Virtualization simulates the behavior of external services (third-party APIs, databases, mainframes, payment gateways) that are unavailable, costly, or unreliable during testing. It creates ‘virtual services’ that mimic real services. Benefits: Test in parallel without real service dependencies, simulate edge cases, reduce costs. Tools: WireMock, Mountebank, CA Service Virtualization, Hoverfly.
Exam Trick: Service Virtualization = Mock/Stub for entire services. ‘Fake it till you make it’ for external dependencies.
Q99: Which of the following is a CORRECT statement about the ‘absence-of-errors fallacy’?
A. If testing finds no errors, the software is ready to ship
B. Finding and fixing many bugs guarantees customer satisfaction
C. A software with few/no bugs may still fail if it doesn’t meet the user’s actual needs
D. Absence of errors proves the testing was comprehensive
Correct Answer: C
Explanation: The ‘Absence-of-Errors Fallacy’ (ISTQB 7th principle) states that finding and fixing all bugs is useless if the built software doesn’t meet the user’s actual needs and expectations. A technically ‘bug-free’ software can still be a product failure if it solves the wrong problem. This reinforces the need for validation (building the RIGHT product) alongside verification.
Exam Trick: No bugs ≠ Success. Wrong product without bugs = Still failure. Validate requirements FIRST, then verify implementation.
Q100: MPSeDC GET style: Which of the following CORRECTLY describes the relationship between SDLC and STLC?
A. STLC is a subset of SDLC; testing only happens after coding in SDLC
B. STLC runs in parallel with SDLC; testing activities start from requirements phase, not just after coding
C. SDLC and STLC are completely independent and unrelated
D. STLC is completed before SDLC begins
Correct Answer: B
Explanation: STLC (Software Testing Life Cycle) runs PARALLEL to SDLC (Software Development Life Cycle), not just at the end. Testing activities (requirement analysis, test planning, test design) start from the requirements phase. Modern approach (Shift-Left): Requirement Review → Test Planning → Test Design → Environment Setup → Test Execution → Test Closure. V-Model shows this explicitly: each SDLC phase has a corresponding STLC phase.
Exam Trick: STLC is NOT just ‘testing after coding.’ It’s parallel to SDLC. Shift-Left = Start testing FROM requirements.