3.1 Static Testing Basics (Quizzes I - III)

Quizzes I, II, and III for ISTQB Section 3.1

Which of the following work products are examinable by static testing?

c) Any tangible work product including code, specifications, designs, and documents

Which of the following is NOT a benefit of static testing?

d) Identification of all issues dynamic testing can find but earlier in the SDLC

Which of the following statements best describes a key difference between static testing and dynamic testing?

d) Static testing focuses on analyzing code and documents without executing the software, while dynamic testing involves executing the program to identify defects through actual execution

Which of the following would be considered a form of static analysis, as described in the text?

c) Using a tool to check for inconsistent variable naming conventions in the code

Decide which of the following statements (i-v) are true for dynamic testing and which are true for static testing

i. It can be used to measure non-functional quality characteristics

ii. It can be applied to both executable and non-executable work products

iii. Failures can be identified with this testing

iv. It can be applied to all test levels

v. Finding discrepancies from a coding standard is easier with this testing

b) i, ii, iv, v are true for static testing, i, iii, iv are true for dynamic testing

Which of the following is a list of the work products that can't be checked by static analysis?

d) COTS software intended for data encryption and security

Refer to the following statements about static and dynamic testing:

i. 3rd party executable code developed by COTS can be examined using static testing

ii. Static testing by identifying defects early in the SDLC reduces the cost associated with fixing defects at a later stage

iii. Mismatched numbers in interface specification are easier to find through static testing

iv. Static testing can be used to measure quality characteristics that are dependent on executing code

Which of the following is FALSE?

a) i, iv

Decide which of the following statements (i-v) are true for static testing.

i. It can identify potential security issues like hardcoded passwords or sensitive information leakage in source code.

ii. It is incapable of identifying any defects in testware

iii. It aids in the detection of failures by examining the software with static analysis tools

iv. It can be performed very early in the software development lifecycle, even before any code is executed

v. It offers a means to check for consistency and completeness in user story acceptance criteria

b) i, iv, v are true for static testing

What distinguishes static analysis from other forms of static testing?

c) Static analysis often utilizes tools to analyze the source code for potential defects

Which of the following statements accurately describes a key difference between static testing and dynamic testing?

a) Static testing directly identifies defects, while dynamic testing causes failures from which defects are analyzed afterward

The following is a list of the work products produced in the SDLC

i. Coverage items, test data requirements, and test environment requirements

ii. A JavaScript function implementing a sorting algorithm for use in a web application

iii. Data Flow Diagrams (DFD), Entity-Relationship Diagrams (ERD), and Business Process Model & Notation (BPMN) Diagrams

iv. Third-party custom firmware for network routers distributed by manufacturers without the source code

v. Integrated COTS Project Management Software in a Tech Startup

During a software audit, which of the following would NOT typically be subject to static testing due to its nature?

d) iv, v

Which of the following is the BEST summary of the key difference between static and dynamic testing?

a) Dynamic testing involves executing the software, while static testing does not

Which statement about static and dynamic testing is true?

a) Static testing may more easily detect defects that lie on paths through the code that are rarely executed or hard to reach using dynamic testing, such as unreachable or duplicated code

Which of the following best describes the purpose of a static analysis tool in software testing?

c) To analyze code or other software artifacts for potential defects, code compliance, and quality standards without executing the program

Decide which of the following statements (i-v) are true for dynamic testing and which are true for static testing

i. Identifying missed elements in the database structure is easier with this testing

ii. Finding variables that are declared but never used is easier with this testing

iii. Defects and failures can be identified with this testing

iv. The test objective is to identify defects as early as possible

v. Identifying insufficient response time of the external interface is easier with this testing

c) i, ii, iv are for static testing; iii, iv, v are true for dynamic testing

For which of the following would static testing be least effective due to the nature of the artifact?

i. A UML sequence diagram outlining the interaction between system components for a custom software project

ii. Encrypted third-party libraries

iii. A proprietary COTS ERP software package without access to its source code, used for managing company resources

iv Python code for a custom-developed data analysis tool intended for internal use

v. A flowchart outlining a business process re-engineering workflow

b) ii, iii

What is the primary objective of static testing?

c) To find defects early in the software development cycle

Which of the following statements is true regarding the timing of static testing and dynamic testing in the software development lifecycle (SDLC)?

d) Static testing can occur earlier in the SDLC than dynamic testing

Which of the following statements CORRECTLY reflects the value of static testing?

d) Since we started using static analysis, we found coding defects that might have not been found by performing only dynamic testing

Which of the following statements is true regarding the application of static testing and dynamic testing to work products?

a) Dynamic testing can only be applied to executable work products, while static testing can be applied to both executable and non-executable work products

Which of the following software work products CAN be examined using static testing?

i. Test case

ii. Component's code

iii. Web pages

iv. Test procedure

v. User stories

b) i, ii, iii, iv, and v

Refer to the following statements about static and dynamic testing:

i. Test plans and test reports can be examined using static testing

ii. Static testing is an expensive alternative to dynamic testing

iii. Security vulnerabilities such as buffer overflows are easier to find through dynamic testing

iv. Static and dynamic testing (with analysis of failures) can both lead to the detection of defects

Which of the following is TRUE?

d) i, iv

Decide which of the following statements (i-v) are true for static testing.

i. It is best suited for identifying issues that only appear under specific runtime conditions.

ii. It can help in finding and fixing gaps in test-based coverage.

iii. It involves the execution of test cases to find defects.

iv. It is effective for detecting ambiguities and inconsistencies in requirements.

v. Deviations from coding standards are readily identified through this form of testing.

d) ii, iv, v are true for static testing

Which of the following statements is true about static analysis tools?

b) They can automatically detect some types of defects in the code without executing it

Which of the following types of defects would MOST likely be detected through dynamic testing rather than static testing?

b) A memory leak caused by improper resource deallocation

In the context of static testing, which of the following would be the most challenging to test?

d) Encrypted API keys in environment variables to secure application integrations and prevent unauthorized access

Which of the following is NOT an example of a static testing technique?

b) Unit testing

i. Lack of adherence to naming conventions in coding standards

ii. Security vulnerabilities such as buffer overflow susceptibility

iii. Insufficient maintainability of the code

iv. Slow system response time under load

v. Defects in the 3rd party interface behavior

a) i, ii, iii are easier to find using static testing; iv, v are easier to find using dynamic testing

Your team is implementing a new static code analysis tool. What is the PRIMARY benefit you expect to see from using this tool?

c) It will find defects early in the development lifecycle, reducing costs

Static testing and dynamic testing are both important in the QA process. Which of the following statements correctly contrasts these two types of testing?

c) Static testing may more easily detect defects in code paths that are rarely executed or difficult to reach with dynamic testing

Which of the following work products is least amenable to static testing?

b) A commerical off-the-shelf (COTS) graphical editing tool used for creating marketing materials

Static testing offers several benefits. Which of the following is NOT typically considered an advantage of static testing?

c) It can replace dynamic testing altogether

Why both static and dynamic testing are necessary?

b) Some types of defects can only be found by testing one method and not the other

Which statement does NOT reflect a recognized advantage of static testing?

a) It significantly increases the speed of the software development lifecycle by failure identification

Static testing does NOT directly help with which of the following?

b) Assessing the performance of code under load

Which of the following is NOT an objective of static testing?

a) To assess the software’s ability to handle large volumes of data

You are reviewing a system design document (SDD). Which of the following types of defects are you most likely to identify using static testing techniques?

d) Missing functionality

You are conducting a code review as part of static testing. Which of the following is NOT a potential defect you could identify during this review?

c) A memory leak in the code

Which of the following is least suitable for comprehensive static testing?

i Detailed UML class diagrams for a new system

ii. Pseudocode representing a complex algorithm

iii. Test progress report and test completion report

iv. Third-party JavaScript library with only the minified version available

v. Checking the structural integrity of an XML document

d) iv only

Which of the following statements best describes static testing?

b) It is performed without executing the code

Which of the following best describes the main difference between static testing and dynamic testing?

a) Static testing finds defects directly, while dynamic testing causes failures from which associated defects are determined through subsequent analysis

Refer to the following statements about static and dynamic testing:

i. Dynamic testing can only be applied to both non-executable work products and executable work products

ii. Static can cause failures in the code like variables with undefined values, undeclared variables, unreachable or duplicated code

iii. Static testing may more easily detect defects that lay on paths through the code that are rarely

executed or hard to reach using dynamic testing

iv. UML (Unified Modeling Language) Diagrams, ER (Entity-Relationship) Diagrams, BPMN (Business Process Model and Notation) Diagrams, and Data Flow Diagrams (DFD) can be examined using static testing

Which of the following is FALSE?

a) i, ii

Which of the following best describes a type of defect that static testing can effectively uncover, relating to interface specifications?

b) Mismatched number, type, or order of parameters in interface specifications

Among the work products produced in the SDLC, the following is a list:

i. Test cases and test plan

ii. Schedules and budget

iii. Module and module interface code

iv. Encrypted third-party libraries

v. Database diagram

Which of these can be reviewed?

d) i, ii, iii, v can be reviewed; iv cannot

What is the key benefit of verifying documented requirements through static testing?

c) Stakeholders can ensure the requirements accurately reflect their actual needs

Which of the following best exemplifies dynamic testing?

b) Executing test cases to validate the software’s functionality against the requirements

What is an essential characteristic of static testing regarding test execution?

c) It does not require the software to be executed to examine and evaluate work products

Consider the following statements (I to V) about types of testing:

i. Can detect inconsistencies or ambiguities in specifications.

ii. Primarily focused on verifying functionality against requirements.

iii. Can analyze code complexity.

iv. Uncovers failures triggered by specific input conditions.

v. May find defects without ever running the software.

Which ONE of the following options is the list that characterizes static tests the BEST?

a) Statements i, iii, and v

Which of the following would NOT be considered an appropriate target for static testing?

i. A COTS project management software suite, without provided source code, utilized for organizing tasks and resources across multiple teams

ii. User manual documentation for a COTS accounting software used in the finance department

iii. Encrypted source code repositories safeguarding proprietary algorithms and intellectual property with secure access protocols

iv. UML state machine diagrams modeling system behavior

v. A Swagger document defining the RESTful API endpoints for a cloud-based service

b) i, iii

Which of the following is a direct benefit of enforcing coding standards through static analysis tools?

c) It makes code easier to understand and maintain over time

You are reading a user story in the product backlog to prepare for a meeting with the product owner and a developer, noting potential defects as you go. Which of the following statements is true about this activity?

c) It is a static test because static testing does not involve the execution of a test object

Refer to the following statements about static and dynamic testing:

i. Static testing can identify gaps or inaccuracies in test-basis coverage

ii. Static and dynamic testing can both lead to the detection of failures

iii. Dynamic testing can only be applied to executable work products

iv. Inefficient database structures and poor modularization are easier to find through dynamic testing

Which of the following is TRUE?

c) i, iii

Consider the following statements (I to V) about types of testing:

i. Can highlight deviations from coding standards.

ii. Typically involves the execution of code.

iii. Can evaluate compliance with documented requirements.

iv. May uncover defects in infrequently used code paths.

v. Measures quality characteristics dependent on execution.

Which ONE of the following options is the list that characterizes static tests the BEST?

b) Statements i, iii, and iv

Which of the following artifacts is not typically reviewed during static testing because it does not contain textual or code-based content?

i. A network diagram showing security zones and firewall configurations

ii. A compiled third-party library for image processing

iii. The format and syntax of a JSON configuration file

iv. Test cases and test suites

v. Evaluating the usability of a graphical user interface (GUI)

b) ii only

What is the main objective of a static analysis tool?

b) To identify defects in the code without executing it

A software tester is tasked with performing static testing. Which of these would be a suitable task?

b) Conducting a technical review of a design document

You're a tester on an Agile team that thoroughly reviews user stories with the product owner and developers. Which benefit of static testing is the PRIMARY contributor to this improvement?

c) Improves clarity of requirements, minimizing rework

During a code review, you discover a variable declared but never initialized. This defect is most likely to be found using which type of testing?

c) Static analysis

The following is a list of the work products produced in the SDLC

i. Whether the code conforms to industry security guidelines

ii. The consistency of a UML state machine diagram

iii. A payroll processing COTS system for your business

iv. The clarity and completeness of a test plan

v. Encrypted source code provided by a vendor

Which of the following is unlikely to be subjected to static testing due to its nature?

d) iii, v