QUESTION 1

A Functional Specification document states:

2.2.2 USER LOGIN PAGE
The web-application will be accessed using a login page.
Fields will be provided for a user to enter username and
password credentials. A login button will be used to
validate the login data entered by users. Successful
validation will grant the user access to the webapplication.
Here is a mock-up of the screen.

a. Write the manual test scripts necessary to test the functionality described.
Please include test procedure and expected result in your answer format. [10]
b. List any questions you have or assumptions you have made as a tester. [5]

2009 www.The-Software-Tester.com

SPECIMEN ANSWER
a) Manual Test Scripts
Test Name

Test Steps

Good Login 1) Enter valid username in

with ACME username field
Market Data 2) Enter valid password in
password field
3) Tick the top checkbox
4) Click Login button
Good Login 1) Enter valid username in
with no
username field
ACME
2) Enter valid password in
Market Data password field
3) Tick the bottom checkbox
4) Click Login button
No
Username

1) Enter valid password in

password field
2) Tick the bottom checkbox
3) Click Login button

No
password

1) Enter valid username in

username field
2) Tick the bottom checkbox
3) Click Login button

Invalid
entry in
Username
field

1) Enter <script = vbscript> in

the username field
2) Enter valid password
3) Tick the top checkbox
4) Click Login button

Invalid
entry in
Password
field

1) Enter valid username in

username field
2) Enter OR 1 = 1 in
password field
3) Tick the bottom checkbox
4) Click Login button

Click
Contact
Button

1) Do not enter any data into

any field
2) Click Contact button

Keyboard
Operation

1) Repeat Test Good Login

with ACME Market Data but

2009 www.The-Software-Tester.com

Expected Result

1)
2) Password text should be masked
3)
4) Application message tells user
they have successfully logged in
with ACME market data privileges
1)
2) Password text should be masked
3)
4) Application message tells user
they have successfully logged in but
have no ACME market data
privileges
1) Password text should be masked
2)
3) Application displays message to
user that no username was entered
need to retry.
1) Password text should be masked
2)
3) Application displays message to
user that no password was entered
need to retry.
1)
2) Password text should be masked
3)
4) Application should detect
potential malicious input in
username field and display warning
message to user and try again.
1)
2) Password text should be masked
3)
4) Application should detect
potential malicious input in
password field and display warning
message to user and try again.
1)
2) Email window should open with
email address populated with
contact@fsl.com, subject line =
Contact Request
1) It should be possible to login
successfully using only the

Test Name

Tooltips

Both
checkboxes
ticked

Test Steps

Expected Result

only use the keyboard to

navigate to and use all form
controls
1) Hover mouse over username
field
2) Hover mouse over password
field
3) Hover mouse over top
checkbox
4) Hover mouse over bottom
checkbox

keyboard to drive the applications

GUI.

1) Repeat Test Good Login

with ACME Market Data but
at step 3 check BOTH
checkboxes.

1) Tooltip text displays Enter

username
2) Tooltip text displays Enter
password
3) Tooltip text displays Tick if you
are licensed for ACME market data
4) Tooltip text displays Tick if you
are NOT licensed for ACME
market data
1) The application should not log
the user in. A message is displayed
stating to try again with only one
checkbox ticked.

b) Questions and Assumptions

What is the Contact button supposed to do? Why are both buttons so far to the
bottom-right of the screen? Would be better to locate next to input fields. Why do
fields have no labels? Would be good UI practice to do this. Should not have
checkbox controls where a single choice is required radio buttons should be used
better UI. Why does the user have to tell the application they have ACME market
data privileges? This is weakness in the design. Better to lookup clients licensing
credentials from a secure database as part of the login validation and role profiling.
Have made an assumption that an email window opens when the user clicks the
Contact button.

QUESTION 2
a. Describe any software development lifecycle. Include any diagrammatic
representations if necessary. [6]
b. Name two disadvantages and two advantages from a testing perspective of this
model. [4]

SPECIMEN ANSWER
a) Description
The V-Model is a commonly used lifecycle development model which emphasises
testing as a key part of the development process. Development and test design
activities are placed on the left stalk of the vee and verification activities are placed on
the right stalk of the vee. Actual coding takes place at the vertex of the vee.

2009 www.The-Software-Tester.com

b) Advantages and Disadvantages

Advantages: (i) test planning starts at the beginning of the specification of
requirements, (ii) traceability to requirements is emphasised, (iii) splits SDLC into
distinct development and test activities, (iv) the model links between each test phase
and its development phase.
Disadvantages: (i) wrong requirements may still not be detected until the end, (ii)
customer only involved at beginning and end.

QUESTION 3
a. Name any three standards relevant to software testing. [3]
b. When would it be appropriate to use these standards? [3]

SPECIMEN ANSWER
a) Relevant Standards:
BS 7925, IEEE 829 and ISO 9126.

b) When to use:
BS 7925 Pt.2 for use in planning and designing of Software Component Testing (not
integration, UAT, non-functional., etc.)
IEEE 829
Test preparation:
Test Plan: Plan how the testing will proceed.
Test Design Specification: Decide what needs to be tested.
Test Case Specification: Create the tests to be run.
Test Procedure: Describe how the tests are run.
Test Item Transmittal Report: Specify the items released for testing.
Test running:
Test Log: Record the details of tests in time order.
Test Incident Report: Record details of events that need to be investigated.
Test completion:

2009 www.The-Software-Tester.com

Test Summary Report: Summarise and evaluate tests.

ISO 9126 Software Quality Characteristics & Definition when planning software
metrics as part of improving quality in the underlying SDLC

QUESTION 4
Name two dynamic and two static test techniques. [4]

SPECIMEN ANSWER
Dynamic:
Boundary Value Analysis
Equivalence partitioning
Functional test
Static:
Syntax checking
Compiling
Peer review

QUESTION 5
The following issue was extracted by a test manager from a defect management
system during the functional test phase of a new web application. List the problems
(or potential problems) plus any omissions you can see in this report. [10]

SPE
CIMEN ANSWER
Potential Problems/Omissions:
No date as to when raised
No keywords (E.G. screen name, module name, etc.) so that searches can be
performed preventing duplication of fault logs
No status of the log (opened/fixed/closed/cleared etc.)
No owner of the log who is holding the ball now?
2009 www.The-Software-Tester.com

Has priority but no severity (i.e. impact to the customer)

No version number of the system being tested it is very likely that the testers are on
a different version to development and that it was a fault but has been inadvertently
fixed on this latest software
Query the priority of this log (should it be a 3? What is a 3 scale of 1 to 5 or 1 to
10? Is 1 low or high priority?)
No actual error message on the log this may give some clue to the developer about
the nature of the fault. No log entries or debug traces provided.
Response seems to be leading to a dialogue if we are not careful this fault will never
be fixed! Tester should talk to the developer rather than sending another message via
the fault log.
The response by the developer points to another part of the system (security) this
may be an indication of developers trying to quickly close the issue without
performing sufficient investigation. It could however be because the tester has not
spent enough time documenting the problem.
The tone of language between test and development could be more polite and
constructive.
QUESTION 6
A screen-grab from part of an application is shown below. The application collates
student details for processing eligibility for cash hardship funds. Only students aged
16 and above are eligible. Those aged over 50 are entitled to extra top-up cash. State
what age values would you use to ensure complete test coverage and the reason why
for each value? [9]

SPECIMEN ANSWER
-1
0
15,16
35
50, 51
85
200

(negative numbers should be disallowed)

(lower destructive test value)
(lower boundary 15 not eligible, 16 is)
(sample partition value)
(upper boundary 50 not eligible for top-up, 51 is)
(upper partition value)
(upper destructive test value)

2009 www.The-Software-Tester.com