ASQ Certified Software Quality Engineer CSQE Exam Practice Test

Answer : A

Software security is designed to protect systems and data from various types of communication threats. These threats can be categorized as:

Intentional Attacks: These are deliberate actions taken by malicious individuals or groups aiming to exploit software vulnerabilities for gain, disruption, or espionage. Examples include hacking, phishing, and malware attacks.

Unintentional Attacks: These are accidental events that can cause security breaches, such as user errors or software bugs.

Physical Attacks: These involve physical actions against hardware that can affect software, like theft or damage.

Natural Disasters: Events such as earthquakes or floods that can physically damage systems and cause software failures.

Among these, software security primarily addresses intentional attacks. The focus is on preventing unauthorized access, data breaches, and other forms of cyber attacks.

'Software Security: Building Security In' by Gary McGraw

NIST Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations

Answer : C

Version management, also known as version control, is a capability of a configuration management system that deals with tracking and managing changes to software code. It involves creating and maintaining different versions of the software as it is developed and updated. Constructing a specific build of the software relies on selecting the correct versions of the code and other artifacts that are part of that build. Version management ensures that all the changes are properly recorded, and the appropriate versions can be retrieved for constructing specific builds. This capability is essential for reproducibility and consistency in the software development process. Reference:

Sommerville, Ian. 'Software Engineering.' 10th Edition, Addison-Wesley, 2015.

IEEE Std 828-2012, IEEE Standard for Configuration Management in Systems and Software Engineering.

Answer : B

Each software development process should have a clearly defined set of inputs, activities, outputs, and entry exit criteria. These criteria specify what conditions must be met to enter a particular phase of the development process and what conditions must be met to exit that phase. This ensures that each phase is properly completed before moving on to the next, thereby maintaining the quality and integrity of the development process.

Sommerville, I. (2011). Software Engineering (9th Edition).

IEEE Standard for Software and System Test Documentation (IEEE 829-2008).

Answer : A

A management practice that will provide business continuity involves creating and documenting a business continuity plan. This includes:

Risk Assessment: Identifying potential risks and their impact on business operations.

Strategy Development: Developing strategies to mitigate identified risks and ensure continuity of critical business functions.

Documentation: Documenting the continuity plan, including detailed procedures and guidelines for response and recovery.

Training and Testing: Training employees on the plan and regularly testing the plan to ensure its effectiveness.

A well-documented business continuity plan ensures that an organization can maintain or quickly resume its critical functions during and after a disruption.

'Business Continuity and Disaster Recovery Planning for IT Professionals' by Susan Snedaker

ISO 22301:2019, Security and resilience -- Business continuity management systems -- Requirements

Answer : C

In a Scrum project, the responsibility for determining time estimates falls on the project team as a whole. This process occurs during the sprint planning meetings where the team collaboratively estimates the effort required for each task or user story. The Scrum Master facilitates this process, but the actual estimation is performed by the team members who will be doing the work. This collective approach ensures that estimates are realistic and based on the team's understanding and agreement.

Schwaber, K., & Sutherland, J. (2020). The Scrum Guide.

Cohn, M. (2005). Agile Estimating and Planning.

Answer : D

A code coverage monitor measures the extent to which the source code of a program is executed during testing. The primary output from a code coverage monitor is an indication of which lines of code, branches, or paths have been executed. This helps in identifying untested parts of a codebase, ensuring more comprehensive testing, and improving overall software quality.

'Effective Software Testing: 50 Specific Ways to Improve Your Testing' by Elfriede Dustin

IEEE Standard 829-2008 for Software and System Test Documentation

Answer : A

Negative testing, also known as failure testing, aims to ensure that a system can handle invalid input or unexpected user behavior gracefully. The testing design used to evaluate this includes:

Fault Insertion: This involves deliberately inserting faults into the system to check how it behaves under erroneous conditions. The goal is to verify that the system can detect, handle, and recover from faults effectively.

Software Testing and Quality Assurance by Kshirasagar Naik and Priyadarshi Tripathy

ISTQB (International Software Testing Qualifications Board) guidelines