SQA Final Exam UPDATED ACTUAL Exam Questions and
CORRECT Answers
Control Flow - Users can make unexpected changes to the flow of control Ex: Back buttons,
refreshing, caching, forward button, URL hacking
Dynamic Integration - the process of integrating different software components or systems
during runtime, rather than at compile time. Wont know what will be called by what because
things change during runtime
Bypass testing - constructs tests to intentionally violate constraints
4 things bypass testing does - Eases test automation
Validates input validation
Checks robustness
Evaluates security
Fuzz testing - negative software testing method that feeds malformed and unexpected input data
to a program, device, or system with the purpose of finding security-related defects, or any
critical flaws leading to denial of service, degradation of service, or other undesired behavior
Fuzzing approaches - 1. Generic
2. Pattern-based
3. Intelligent
4. Large-volume
5. Exploit variant
Generic - crude, random corruption of valid data without any regard to the data format.
CORRECT Answers
Control Flow - Users can make unexpected changes to the flow of control Ex: Back buttons,
refreshing, caching, forward button, URL hacking
Dynamic Integration - the process of integrating different software components or systems
during runtime, rather than at compile time. Wont know what will be called by what because
things change during runtime
Bypass testing - constructs tests to intentionally violate constraints
4 things bypass testing does - Eases test automation
Validates input validation
Checks robustness
Evaluates security
Fuzz testing - negative software testing method that feeds malformed and unexpected input data
to a program, device, or system with the purpose of finding security-related defects, or any
critical flaws leading to denial of service, degradation of service, or other undesired behavior
Fuzzing approaches - 1. Generic
2. Pattern-based
3. Intelligent
4. Large-volume
5. Exploit variant
Generic - crude, random corruption of valid data without any regard to the data format.
