ISTQB Foundation – Practice Exam 1

ISTQB Practice Exam 1

This online ISTQB mock test with answers is aimed test your knowledge of Software Testing. The questions are related to the ISTQB Software Testing Foundation Syllabus.

Disclaimer: The result you get after completing the “ISTQB Software Testing Foundation Level” practice exam should not be taken as an indication for the result of the real exam!

This quiz contains 40 questions and you have 1 hour to complete the test.

Other ISTQB Mock Tests on

Agile Tester Certification Sample Exam (40 questions)

Selenium WebDriver Quiz

ISTQB Sample Exam Questions – Testing Fundamentals

ISTQB Sample Exam Questions – White Box Testing

ISTQB Sample Exam Questions – Test Management

ISTQB Foundation Practice Exam 2

26 Replies to “ISTQB Foundation – Practice Exam 1”

  1. question 31
    not sure if the answer is correct.

    Dead code can be detected by control flow analysis, and control flow analysis is a kind of static analysis.
    Static analysis is ideally performed before the types of formal review.

    So I chose ‘by static analysis tool’
    Why the answer is ‘code review’? any idea?

  2. Even I have the same question why ans for unreachable dead code question is….code review.

    The answer is E.plz read the following topic

    Types of Errors Static Analysis Tools Discover:

    Security flaws

    Buffer overruns – Buffer overruns occur when copying, moving, or concatenating information from one buffer to another. If the destination buffer is too small for the incoming data then an overrun will occur and unrelated bits of memory will become overwritten with bits of memory from the source buffer.

    Access Problems – errors concerning accessing resources.

    Least privileges – A process should always run with least privileges, this will ensure that if the code is exploited the undesirable code is given limited power.
    Time of Check vs. Time of Use – Many system resources within a multi-user environment are used by many different processes and threads and therefore it cannot be assumed to be in the same state from the time of declaration to the time of use
    Dangerous Functions – Some system functions may open your application to possible security flaws, these should be examined and replaced with more secure functions.
    DACL Problems – A NULL DACL gives no protection and is a warning sign that an object being used by the application is not as secure as it should be. Other DACL problems may occur if a developer is not careful to use least privileges.
    Encoding Problems – There are many different ways to represent a file, URL or device. A hacker may be able to gain access to a protected file by using alternate representations of the filename.
    Exception Handling – If an exception handler is not present the application’s exception can cause the application to terminate or to be left in an unpredictable state.
    Format String Problems – Functions such as printf, scanf, sprintf and others may open an application up for problems in which user input is interpreted as the format string.
    Input Validation – A hacker may be able to cause complete system compromise if improper input exposes a buffer overrun or format string bug.
    Ignored Return Values – Ignoring return values can result in a variety of reliability and security bugs that can be quite hard to debug and reproduce.
    Memory Leaks – Memory leaks are well known as the cause of reliability and robustness problems, but can also cause security bugs.
    Package Insertion – Package insertion can allow un-trusted code to run in the context of a trusted Java application and may therefore spoof or otherwise attack the user.
    SQL Injection – SQL injection is a technique used by hackers to probe databases, bypass authorization, execute multiple SQL statements and call built-in stored procedures.
    Unchecked Value Used for Buffer Access – If the value of the buffer access is not checked an attacker may be able to use it to peek at arbitrary memory values.
    Unchecked Value Used for Memory Allocation – If the size of a memory allocation can be controlled by data outside the running application process it is possible for an attacker to force a memory allocation bug.

    Functional Flaws

    Dependency walker – Reports missing libraries or other dependencies needed by the application.
    Cyclomatic complexity – This metric can show how complex an application is, this may show where complex functional bugs may be hidden.
    Coding standards – Coding standards help code to be easily updated and read by other developers.
    Interdependency – Interdependency can show the relationship of how each source file is dependent on others.
    Array out of bounds – If arrays are not properly checked they can cause both functional bugs and possible security bugs. Arbitrary memory locations may be read.
    Uninitialized variables – Uninitialized variables can cause many problems within the application including crashing and unnoticed bugs that my surface later as intermittent instability or miscalculations.
    Unused variables – Unused variables lessen the readability of the code and should be removed.
    Dead code – Dead code is orphaned and unreachable so it remains untested throughout the product cycle.
    Rounding errors – Rounding errors can cause mathematical errors as well as functional bugs resulting in crashes.

  3. Practice Exam 1 – Question 2:
    When a new testing tool is purchased, it should be used first by:

    Answer A is accepted as correct, however B should be (according ISTQB)

    A: Everyone who may eventually have some use for the tool
    B: A small team to establish the best way to use the tool

  4. In quiz one and two you ask the same question “When a new testing tool is purchased, it should be used first by:”
    I selected the same answer in both quizzes but was told I was correct in quz one but incorrect in quiz two? I am not sure how reliable this is now.

  5. When a new testing tool is purchased, it should be used first by: in this question asked in Both the practice Exam 1 and 2…….. but in Exam 1 the Ans is (Everyone who may eventually have some use for the tool)…. in Exam 2 the Ans is (A small team to establish the best way to use the tool) Kindly go-through this question and answer……………

  6. Question 22 asks “A tool that supports traceability, recording of incidents or scheduling of tests is called…”
    I answered “a test management tool”, but the results claim that the correct answer is “a configuration management tool”.
    Are you sure about it? This looks like the description of a test management tool. A CM system is a totally different thing.

  7. I am appearing for ISTQB foundation level exam soon and i have been checking multiple websites for quizzes and study materials. But what’s confusing is some questions have different correct answers on different websites.

  8. Thank you for the resource – that being said, I found issues with 5 of the questions, and have documented them below for your review:

    2. Question
    A tool that supports traceability, recording of incidents or scheduling of tests is called:
    Answer: a configuration management tool

    Defect: Per ISTQB Glossary, a configuration management tool is “A tool that provides support for the identification and control of configuration items, their status over changes and versions, and the release of baselines consisting of configuration items.”

    Also per the glossary, a test management tool is “A tool that provides support to the test management and control part of a test process. It often has several capabilities, such as testware management, scheduling of tests, the logging of results, progress tracking, incident management and test reporting.”

    Solution: A test management tool is the correct answer.

    13. Question
    Unreachable code would best be found using:
    Answer: code reviews

    Defect: Code reviews and code inspections are both types of static analysis, and systematic static analysis tools CAN find unreachable code as well.

    Solution: Reword possible answers, as multiple options are arguable correct, or change the question to have fewer feasible answers.

    19. Question
    Consider the following statements about early test design:
    i. early test design can prevent fault multiplication
    ii. faults found during early test design are more expensive to fix
    iii. early test design can find faults
    iv. early test design can cause changes to the requirements
    v. early test design takes more effort

    Answer: i, iii & iv are true. ii & v are false

    Defect: Early test design takes more effort in the TEST DESIGN process. Sure, in the long run it pays off well in other phases of the development process, but the earlier you design your test, the more ambiguity is likely to exist, and the higher your maintenance costs.

    Solution: Word the question clearly if you intend it to address the WHOLE development life cycle, or adjust the answers if you only intend it to mean the design portion of testing.

    31. Question
    Consider the following statements
    i. an incident may be closed without being fixed
    ii. incidents may not be raised against documentation
    iii. the final stage of incident tracking is fixing
    iv. the incident record does not include information on test environments
    v. incidents should be raised when someone other than the author of the software performs the test

    Answer: i and v are true, ii, iii and iv are false

    Defect: The author of the software is not prohibited from reporting defects on their own software. Certainly, they aren’t the ideal person to execute the test, but that doesn’t eliminate them from being capable of finding issues during a formal testing iteration.

    Solution: Reword the question/answers

    37. Question
    Test managers should not:

    Answer: re-allocate resource to meet original plans

    Defect: For one, poor grammar. Also, why shouldn’t the test manager be able to reallocate resources if that’s what is necessary to execute on a key project?

    Solution: Reword the answer for clarity/find a better answer

Leave a Reply