Loading...
Menu

CISA Exam-Testing Concept-Testing in SDLC (Domain-3)

p<>{color:#000;}.

Domain-3

Testing Concept-Testing in SDLC

Hemang Doshi

CISA, ACA, DISA, FIII

Details about this E-Book:

The objective of this e-book is to ensure that CISA candidate get adequate knowledge on concept of ‘Testing in SDLC’. Concepts have been simplified for easy reference of CISA candidates.

Questions, Answers and Explanation (QAE) on concept are designed in accordance with CISA exam pattern.

 

 

 

Stages of Software Development Testing

 

 

 

 

 

 

 

Unit Testing

Unit testing involves testing of individual program or module.

Characteristics of unit testing:

(1)Testing is done by developer as and when individual program or module is ready. No need to wait till completion of full software.

(2)White box approach (i.e. testing of internal program logic) is applied in unit testing.

 

 

Integrated Testing/Interface Testing

Dictionary meaning of integrate is ‘to connect’. Integrated testing involves testing of connection of two or more module or components that pass information from one area to another.

 

 

 

System Testing

The primary reason for system testing is to evaluate the entire system functionality. System testing includes (i) Recovery testing (ii) Security testing (iii) Load testing (iv) Volume testing (v) Stress testing & (vi) Performance testing.

 

 

Final Acceptance Testing

Final Acceptance Testing includes (i) Quality Assurance Testing (QAT) & (ii) User Acceptance Testing (UAT)

 

 

 

Other Types of Testing:

 

 

Regression Testing

Dictionary meaning of regression is ‘act of going back’ or ’to return’. Thus in regression testing, testing done again to ensure that changes or corrections in a program have not introduced new errors.

 

Data used for regression testing should be same data as used in previous test. Regression testing ensures that changes or corrections in a program have not introduced new errors. Therefore, this would be achieved only if the data used for regression testing are the same as the data used in previous tests.

 

Sociability Testing

Dictionary meaning of sociability is ’ability to have companionship with others’. Sociability test is a test to ensure that new or modified system can work in the specified environment without adversely impacting existing system.

 

 

Pilot Testing

Pilot testing takes place first at one location to review the performance. The purpose is to see if the new system operates satisfactorily in one place before implementing it at other locations.

 

 

Parallel Testing

Parallel testing is the process of comparing results of the old and new system. The purpose of parallel testing is to ensure that the implementation of a new system meets user requirements.

 

 

White Box Testing vis-a-vis Black Box Testing

 

 

Alpha Testing vis-a-vis Beta Testing

 

 

Top-Down Approach vis-a-vis Bottom-Up Approach

 

 

Regression Testing vis-a-vis Sociability Testing

 

 

 

Unit Testing vis-a-vis Interface Testing/Integrate Testing

 

 

Point to remember for CISA Exam:

 

(1)ISACA will try to confuse us with three terms i.e. regression testing, sociability testing and interface testing. Please remember difference between the three. Regression (dictionary meaning- ‘to return’) is test to check again that changes/modifications have not introduced any new errors. Sociability (dictionary meaning- ‘’ability to have companionship with others’) is test to determine adoptability of new system to settle in existing environment. Integration (dictionary meaning-‘to connect’) is test to ensure flow of information between two or more system is correct and accurate.

 

(2)In any given scenario, for unit testing appropriate strategy is white box approach (as both involve testing of internal logic).

 

(3)In any given scenario, test data should be designed as per live workload for accurate test result.

 

(4)In any given scenario, test environment should always be used (i.e. test should not be conducted in live/production environment).

 

Question, Answer & Explanation on ‘Testing in SDLC’ Concept:

 

Below QAE are solely on the above mentioned concept. Questions have been designed as per CISA Exam pattern. Candidates are advised to attempt below questions multiple times. More emphasis to be given on explanation part for better understanding.

 

 

(1) A system is in development phase. Which of the following test is MOST likely to be conducted?

 

A. User acceptance test

B. Stress test

C. Regression test

D. Unit test

 

Answer: D. Unit test

 

Unit test involves testing of individual program or module. During the development stage, the development team should ensure that individual module or programs should be tested to ensure that code is working correctly. Stress test, regression test and acceptance test would normally occur later once system is developed and ready for implementation.

 

 

(2) Which of the following approach is applied during unit testing?

 

A. top-up

B. black box

C. bottom-up

D. white box

 

Answer: D. white box

 

Explanation:

In any given scenario, for unit testing appropriate strategy is white box approach (as both involves testing of internal logic).Unit testing involves testing of individual program or module. In white box testing, program logic is tested. It is applicable for unit testing and interface testing. White box testing examines the internal structure of a module.

In black box, only functionality is tested. Program logics are not tested and hence not relevant for unit testing.

 

Testing the network of two or more system for accurate flow of information between them is:

 

A. unit testing

B. interface testing

C. sociability testing

D. regression testing

 

Answer: B. interface testing

 

Explanation:

Interface testing is a hardware or software test that evaluates the connection of two or more components that pass information from one area to another.

 

 

(4) In several instances, system interface failures are occurred when corrections to previously detected

errors are resubmitted. This would indicate absence of which of the following types of testing?

 

A. Pilot testing

B. Integration testing

C. Parallel testing

D. Unit testing

 

Answer: B. Integration testing

 

Explanation:

Integration testing/interface testing is done to ensure flow of information between two or more system is correct and accurate. Integration testing aims at ensuring that the major components of the system interface correctly.

Pilot testing takes place first at one location to review the performance. The purpose is to see if the new system operates satisfactorily in one place before implementing it at other locations.

Parallel testing is the process of comparing results of the old and new system.

Unit test involves testing of individual program or module. During the development stage, the development team should ensure that individual module or programs should be tested to ensure that code is working correctly.

 

 

(5) Unit testing indicates that individual modules are operating correctly. The IS auditor should:

 

A. conclude that system as a whole can produce the desired results.

B. document the test result as a proof for system functionality.

C. review the findings of integrated test.

D. conduct the test again to confirm the findings.

 

Answer: C. review the findings of integrated test.

 

Explanation:

After unit testing, next stage is integrated test. Integrated testing involves testing of connection of two or more module or components that pass information from one area to another.

Modules that have been tested individually can have interface problems, causing adverse affects

on other modules. Therefore, the most appropriate action for the IS auditor is to review results of integrated test.

 

 

Purpose of regression testing is to determine if:

 

A. new or modified system can work without adversely impacting existing system.

B. flow of information between two or more system is correct and accurate.

C. new requirements have been met.

D. changes have not introduced any new errors in the unchanged code.

 

Answer: D. changes have not introduced any new errors in the unchanged code.

 

Explanation:

Regression testing is done to ensure that changes or corrections have not introduced new errors.

Sociability testing is done to ensure that new or modified system can work without adversely impacting existing system.

Integration testing is done to ensure flow of information between two or more system is correct and accurate.

 

 

(7) An organisation is conducting regression testing for rectified bugs in the system. What data should be used for regression testing?

 

A. Same data as used in previous test

B. Random data

C. Different data as used in previous test

D. Data produced by a test data generator

 

Answer: A. Same data as used in previous test

 

Explanation:

Dictionary meaning of regression is ‘act of going back’ or to ’return’. Regression testing ensures that changes or corrections in a program have not introduced new errors. Therefore, this would be achieved only if the data used for regression testing are the same as the data used in previous tests.

 

 

 

 

 

A new system has been added to client-server environment. Which of the following tests would confirm that modification in window registry will not impact performance of existing environment?

 

A. Regression testing

B. Parallel testing

C. White box testing

D. Sociability testing

 

Answer: D. Sociability testing

Explanation:

Sociability testing helps to ensure that new or modified system can work without adversely impacting existing system. When implementing a new system in an client-server environment, sociability testing

would confirm that the system can operate in the environment without adversely impacting other systems.

 

 

(9) An organization wants to evaluate whether a new or modified system can operate in its target environment without adversely impacting other existing systems. Which of the following testing would be relevant?

 

A. Regression testing

B. Sociability testing

C. Interface/integration testing

D Pilot testing

 

Answer: B. Sociability testing

 

Explanation:

Sociability testing is done to ensure that new or modified system can work without adversely impacting existing system..The purpose of sociability testing is to confirm that a new or modified system can operate in its target environment without adversely impacting existing systems.

Regression testing is done to ensure that changes or corrections have not introduced new errors.

Integration testing/interface testing is done to ensure flow of information between two or more system is correct and accurate.

Pilot testing takes place first at one location to review the performance. The purpose is to see if the new system operates satisfactorily in one place before implementing it at other locations.

 

 

(10) Which of the following characteristic of white box testing differentiates between white box testing and black box testing?

 

A. white-box testing involves IS auditor.

B. white-box testing involves testing of program’s logical structure.

C. white-box testing involves bottom-up approach.

D. white-box testing does not involve testing of program’s logical structure.

 

Answer: B. white-box testing involves testing of program’s logical structure.

 

Explanation:

In white-box testing, program logic is tested whereas in black-box testing only functionality is tested. In black-box testing, program logic is not tested. White box testing requires knowledge of the internals of the program or the module to be implemented/tested. Black box testing requires that the functionality of the program be known.

The IS auditor need not be involved in either testing method.

The bottom-up approach can be used in both tests.

 

 

An organisation implementing a new system adopted parallel testing. Which of the following is the PRIMARY purpose for conducting parallel testing?

 

A. To ensure cost is within the budget.

B. To document system functionality.

C. To highlight errors in the program logic.

D. To validate system functionality with user requirements.

 

Answer: D. To validate system functionality with user requirements.

 

Explanation:

Parallel testing is the process of comparing results of the old and new system. The purpose of parallel testing is to ensure that the implementation of a new system will meet user requirements.

Unit testing is used to validate program logic of individual module or system.

 

 

(12) An organisation is implementing bottom-up approach for software testing. An advantage in using a bottom-up as against a top-down approach is that:

 

A. errors in critical modules can be found early.

B. test can be performed only once all programs are complete.

C. errors in interface can be found early.

D. confidence in the system is achieved earlier.

 

Answer: A. errors in critical modules can be found early.

 

Explanation:

Bottom-Up Approach: Start with testing of individual units such as programs or modules and work upward until a complete system is tested. Advantages of bottom-up: (i) Test can be started even before all programs are complete (ii) Errors in critical modules can be found early.

Top-Down Approach: Opposite of bottom-up approach. Test starts from broader level and then gradually moves towards individual programs and modules. Advantages of top-down: (i) Interface error can be detected earlier (ii) confidence in the system is achieved earlier.

 

 

(13) An IS auditor is reviewing process of acceptance testing. What should be the IS auditor’s major concern?

 

A. Test objectives not documented.

B. Expected test results not documented by user.

C. Test problem log not updated.

D. unsolved major issues.

 

Answer: D. unsolved major issues.

 

Explanation:

All the options are concern for IS auditor reviewing process of acceptance testing. However major concern is option D i.e. major issues are still pending. The IS auditor should then determine the impact of the unresolved issues on system functionality and usability.

 

 

For a software development, an organization has planned following test. Failure in which stage can have the GREATEST adverse impact on cost and time budget?

 

A. Unit testing

B. Integration testing

C. System testing

D. Acceptance testing

 

Answer: D. Acceptance testing

 

First stage of testing is unit testing. Second stage is integrated testing. Third stage is system testing and fourth one is final acceptance testing. Acceptance testing is the final stage before the software is installed and is available for use. The greatest impact would occur if the software fails at the acceptance testing level, as this could result in delays and cost overruns. Unit, Integration and System testing is conducted by developer at different stages of development and impact of failure is comparatively less than acceptance testing.

 

 

(15) An organisation is conducting system testing for newly developed software. The primary purpose of a system test is to:

 

A. test efficiency of security controls built in the system.

B. determine appropriate documentation of system functionality.

C. evaluate the system functionality.

D. identify and document the benefit of new system.

 

Answer: C. evaluate the system functionality.

 

Explanation:

System testing includes (i) Recovery testing (ii) Security testing (iii) Load testing (iv) Volume testing (v) Stress testing & (vi) Performance testing .The primary reason why a system is tested is to evaluate the entire system functionality.

 

(16) A major vulnerability was observed in a application by IS team. To mitigate risk, a patch was applied to a significant number of modules. Which of the following tests should an IS auditor recommend?

 

A. Security testing

B. load testing

C. System testing

D. Interface testing

 

Answer: C. System testing

 

Explanation:

System testing includes (i) Recovery testing (ii) Security testing (iii) Load testing (iv) Volume testing (v) Stress testing & (vi) Performance testing. Given the extensiveness of the patch system testing is most

appropriate. Interface testing is not enough, and security and load testing are part of system testing.

 

 

(17) An organisation has implemented prototyping approach for development of system. Which of the following testing methods is MOST effective during the initial phases of prototyping?

 

A. bottom-up

B. parallel

C. volume

D. top-down

 

Answer: D.top-down

 

Explanation:

In top-down, test starts from broader level and then gradually moves towards individual programs and modules. Advantages of top-down approach are (i) Interface error can be detected earlier (ii) confidence in the system is achieved earlier. A prototype is an early sample, model, or release of a product built to test a concept or process or to act as a thing to be replicated or learned from. The initial emphasis when using prototyping is to create screens and reports, thus shaping most of the proposed system’s features in a short period. Top-down testing method is most effective for prototype development.

 

 

(18) Best approach for conducting stress testing is:

 

A. using test data and in test environment.

B. using live data and in production environment.

C. using live data and in test environment.

D. using test data and in production environment.

 

Answer: C. using live data and in test environment.

 

Explanation:

Stress testing is carried out to determine maximum number of concurrent users/services the application can process. A test environment should always be used to avoid damaging the production environment. Test data may not cover the entire scenario in accordance with live workload and hence live data gives accurate result for stress testing.

 

 

In final acceptance testing, QAT and UAT were combined. The MAJOR concern will be:

 

A. increase in cost of testing.

B. inadequate documentation.

C. insufficient functional testing.

D. delays in test results.

 

Answer: C. insufficient functional testing.

 

Explanation:

The major concern of combining quality assurance testing and user acceptance testing is that

functional testing may not be sufficient for accurate result. Other options are not as important.

 

 

 

(20) When creating data for testing the logic in a new system, which of the following is MOST critical?

 

A. quantity of the data.

B. data designed as per expected live processing.

C. sample of actual data

D. completing the test as per schedule.

 

Answer: B. data designed as per expected live processing.

 

Explanation:

Data designed as per expected live processing gives accurate result.

Quality is more important than quantity. Sample of actual data may not cover all the scenarios in the live environment.

 

[* Other CISA Exam- Study Material *]

 

Domain 1

 

Steps of Risk Assessment

 

https://www.youtube.com/watch?v=F2j8xhPaFTg

 

https://www.Shakespir.com/books/view/622303

 

Types of Risk

 

https://www.youtube.com/watch?v=FvuvARXcjss

 

 

Compliance & Substantive Testing

https://youtu.be/3-u2mpIZzW8

 

https://www.Shakespir.com/books/view/625599

 

 

Difference between Inherent Risk & Residual Risk

 

https://www.youtube.com/watch?v=72kv6yOpXEI

 

Difference between Vulnerability & Threat

 

https://www.youtube.com/watch?v=6KxEbth2Ziw

 

Audit Charter

 

https://www.youtube.com/watch?v=rbCJ3ceDuso

 

https://www.Shakespir.com/books/view/633923

 

COBIT-5

 

https://youtu.be/WfwjpDdBqr4

 

Internal Controls

 

https://youtu.be/RuX2hLnm3vY

 

Control Self Assessment (CSA)

 

https://youtu.be/cGcMmt-03as

 

https://www.Shakespir.com/books/view/658967

 

Sampling

 

https://youtu.be/Ynif7SqvkvM

 

https://www.Shakespir.com/books/view/661847

 

 

Domain 2

 

Outsourcing Functions

 

https://youtu.be/vQsX6ZQSDXk

 

IT Strategy Committee & IT Steering Committee

 

https://youtu.be/Za9VMrSe094

 

IT Alignment with Business Objectives

 

https://www.youtube.com/watch?v=FEsP2LXSF9U

 

https://www.Shakespir.com/books/view/633047

 

IT Balanced Score Card

 

https://youtu.be/tvNAvAL9ZIg

 

https://www.Shakespir.com/books/view/639816

 

Roles of various functions of IT

 

https://youtu.be/UMDZrfp1W2Q

 

https://www.Shakespir.com/books/view/645822

 

 

 

Domain 3

 

Online Auditing Techniques

 

https://www.youtube.com/watch?v=HmGFIJlLu-4

 

https://www.Shakespir.com/books/view/637926

 

Parity-Checksum-CRC

 

https://youtu.be/Y14jVvOKqaU

 

https://www.Shakespir.com/books/view/656262

 

Check Digit

 

https://youtu.be/VH2yd3A6bMc

 

https://www.Shakespir.com/books/view/656262

 

PERT-CPM-Gantt Chart-FPA-EVA-Timebox

 

https://youtu.be/zYZYvcr_-3M

 

https://www.Shakespir.com/books/view/666753

 

Domain 4

 

Recovery Time Objective (RTO) and Recovery Point Objective (RPO)

 

https://youtu.be/2rDusGnW9qw

 

https://www.Shakespir.com/books/view/646456

 

 

Alternate Recovery Site

 

https://youtu.be/jCpcqaazkY4

 

https://www.Shakespir.com/books/view/647476

 

Domain 5

 

Digital Signature

 

https://youtu.be/_N3jisd1Vis

 

https://www.Shakespir.com/books/view/648923

 

Wireless (Wi-Fi)Security

 

https://youtu.be/csbd_V9PknI

 

https://www.Shakespir.com/books/view/651918

 

Firewall Types

 

https://youtu.be/x650kcv6Mfk

 

https://www.Shakespir.com/books/view/654726

 

Firewall Implementation

 

https://youtu.be/lltKNTdjg4Y

 

https://www.Shakespir.com/books/view/654726

 

Logical Access

 

https://www.Shakespir.com/books/view/630325

 

Classification of Information Assets

 

https://youtu.be/z7MwD8_ayCs

 

https://www.Shakespir.com/books/view/669437

 

 

Asymmetric Encryption

 

https://www.Shakespir.com/books/view/674900

 

https://youtu.be/mCM6dyQ_KmQ

 

 

Elements of Public Key Infrastructure

 

https://www.Shakespir.com/books/view/679445

 

https://youtu.be/ZqVciCzS3ng

 

Biometrics

 

https://www.Shakespir.com/books/view/685250

 

https://youtu.be/EmTOytQv4yM

 

 

 


CISA Exam-Testing Concept-Testing in SDLC (Domain-3)

Point to remember for CISA Exam: (1)ISACA will try to confuse us with three terms i.e. regression testing, sociability testing and interface testing. Please remember difference between the three. Regression (dictionary meaning- ‘to return’) is test to check again that changes/modifications have not introduced any new errors. Sociability (dictionary meaning- ‘’ability to have companionship with others’) is test to determine adoptability of new system to settle in existing environment. Integration (dictionary meaning-‘to connect’) is test to ensure flow of information between two or more system is correct and accurate. (2)In any given scenario, for unit testing appropriate strategy is white box approach (as both involve testing of internal logic). (3)In any given scenario, test data should be designed as per live workload for accurate test result. (4)In any given scenario, test environment should always be used (i.e. test should not be conducted in live/production environment).

  • Author: Hemang Doshi
  • Published: 2016-12-03 12:50:12
  • Words: 2975
CISA Exam-Testing Concept-Testing in SDLC (Domain-3) CISA Exam-Testing Concept-Testing in SDLC (Domain-3)