sqa a4 Flashcards
(5 cards)
Scenario:
You are the QA lead for a fintech mobile app project. The company prioritizes high security, strict deadlines, and full user trust. You’re asked to design and implement a comprehensive SQA workflow.
a. List and explain the six core SQA activities that you would implement from planning to testing, including their specific output.
(6 marks)
b. The project manager insists on skipping formal code reviews to “save time.” What are the risks of this decision, and why are code reviews critical even before testing?
(4 marks)
c. Give two tools and two techniques you would use to enhance code review efficiency and defect detection.
(5 marks)
a.
Quality Management Plan – outlines quality standards, responsibilities, metrics
Test Strategy – defines what will be tested, how, and by whom
Test Plan – schedules, entry/exit criteria, environment setup
Test Cases – input, steps, expected output
Test Execution – running tests, logging results, defect tracking
Code Reviews – peer-based analysis to catch defects early
b.
Skipping reviews can result in undetected logic bugs, security flaws, and poor code structure. Reviews improve quality early, reduce rework costs, and facilitate knowledge sharing.
c.
Tools: GitHub PRs, SonarQube
Techniques: Peer reviews, walkthroughs
a. Define a test strategy and explain three key components it should include for a sensitive application like online banking.
(4 marks)
b. Differentiate between a test plan and a test case. Support your answer with one example each.
(4 marks)
c. You are testing a login feature with multi-factor authentication. Write a simplified test case including: ID, objective, precondition, steps, and expected result.
(4 marks)
a.
A test strategy is a high-level document that outlines the testing philosophy.
Components:
Testing scope and methods (manual, automated)
Security emphasis (e.g., SQL injection, OWASP tests)
Resource allocation and team roles
b.
Test Plan: A document detailing what to test, when, and by whom.
E.g., testing login, funds transfer, statements
Test Case: A specific scenario with input, steps, and expected outcome.
E.g., enter correct username/password → expect login success
c.
ID: TC_Login_002
Objective: Validate multi-factor login
Precondition: User has MFA enabled
Steps:
Enter valid credentials
Enter valid OTP
Expected Result: User lands on dashboard
Scenario:
During a security audit, you discover that testing was carried out properly, but some security bugs were already in production. Your manager asks how that happened.
a. Explain the value of code reviews in catching issues that even test cases might miss.
(4 marks)
b. Describe the differences between formal inspections, walkthroughs, and tool-assisted reviews, stating when each is most suitable.
(6 marks)
c. Describe the role of record-keeping and reporting in SQA. What two key benefits does it provide during audit or future testing cycles?
(3 marks)
a.
Tests may miss hard-coded values, poor encryption, or logic flaws. Code reviews catch security bugs early by analyzing implementation directly, not just behavior.
b.
Formal inspection: Structured, meeting-based, ideal for critical modules
Walkthrough: Informal, explanatory, good for knowledge sharing
Tool-assisted: Automation tools check for common bugs or style violations, ideal for fast CI/CD pipelines
c.
Ensures traceability of quality processes; helps identify regression trends and supports continuous improvement and accountability.
a. The Quality Assurance team for a banking app wants to track whether “performance and security” are actually being met. What SQA documents and metrics should they use to track these goals from start to finish?
(5 marks)
b. How does an SQA Management Plan contribute to reducing project risk and aligning with stakeholder expectations?
(3 marks)
c. What is the entry and exit criteria in test planning, and why is it important?
(2 marks)
a.
Test Strategy: Declares focus areas like performance/security
Test Cases: Directly validate response times, encryption, etc.
Defect Reports: Log unresolved issues
Metrics: Load response times, vulnerability count, % tests passed
b.
Defines clear quality goals, maps them to stakeholders’ priorities, assigns responsibilities, and sets review schedules — aligning delivery with expectations.
c.
Entry: Conditions before testing starts (e.g., module completion)
Exit: When to stop testing (e.g., no critical bugs)
Ensures accountability and readiness checkpoints.
Scenario:
Your company skipped early QA activities on a small project to save time. Later, you discover major design flaws and are forced to rewrite key features.
a. Identify three SQA activities that, if performed early, could have prevented this scenario. Explain their role.
(6 marks)
b. Why is the SQA process iterative rather than linear, especially in agile development?
(4 marks)
a.
Quality Management Plan: Would’ve defined design expectations early
Code Review: Could’ve caught logic/design errors before testing
Test Strategy: Would’ve structured testing timelines and focus areas (e.g., integration)
b.
Software evolves during development; bugs and stakeholder needs change. Iterative QA ensures continuous feedback, faster detection, and adaptive testing strategies.
