Consider you are a security tester for a new web application. You identify a potential vulnerability that allows for data injection into the system. What type of vulnerability have you likely found?
- Buffer Overflow
- Cross-site Scripting (XSS)
- Distributed Denial of Service (DDoS)
- SQL Injection
SQL Injection is a type of vulnerability that allows attackers to inject malicious SQL code into an application, thereby gaining unauthorized access to a database and fetching/altering its contents. While XSS and Buffer Overflows are vulnerabilities, they aren't typically associated with direct data injection into databases.
Imagine you've implemented CI/CD in your project, and the build breaks often, causing delays. What steps can be taken to minimize the build breakages and ensure seamless integration?
- Adopt a trunk-based development approach
- Increase manual testing efforts
- Limit the frequency of commits
- Prioritize fixing broken builds
Prioritizing fixing broken builds ensures that whenever a build breaks, it becomes the top priority for the team to address. By resolving build issues immediately, it reduces the chances of compounded issues later on. This practice creates a culture of accountability and immediate feedback, ensuring that the CI/CD process remains smooth and that broken builds are addressed promptly.
While automated tests are excellent for repetitive tasks, _______ testing is often needed for exploratory and usability checks.
- black-box
- load
- manual
- white-box
While automated tests can efficiently handle repetitive tasks, manual testing is indispensable for exploratory testing (where testers actively explore the application to identify issues) and usability checks to ensure a user-friendly experience.
The bug status that signifies that the bug is currently being worked upon to be resolved is termed as _______.
- Assigned
- Closed
- Open
- Verified
The "Assigned" bug status signifies that the bug has been assigned to a developer and is currently being addressed. "Open" means the bug has been recognized but might not be attended to yet. "Closed" denotes that the bug has been resolved. "Verified" signifies that the tester has verified the fix.
How does cyclomatic complexity assist in white-box testing?
- Assesses risk in code logic
- Counts number of defects
- Determines code coverage needs
- Measures code readability
Cyclomatic complexity, introduced by Thomas McCabe, quantifies the complexity of a program by calculating the number of linearly independent paths through the source code. A higher cyclomatic value indicates a complex program with many branches, which may require more extensive testing to ensure each path is evaluated. It aids testers in assessing risks associated with the intricate logic of the code.
As a network administrator, you receive a report from your vulnerability scanner that a certain service is running on an open port which shouldn't be. What immediate action should be considered?
- Disable the service
- Increase firewall settings
- Monitor network traffic
- Run a malware scan
Disabling the service is the immediate action to consider when an unauthorized service is running on an open port. This will prevent potential exploitation while the situation is further assessed. Running a malware scan is important, but the immediate threat is mitigated by stopping the service.
Functional testing for mobile apps often includes validating the app's _______ to ensure they produce the desired outcomes.
- colors
- developers
- features
- sizes
Functional testing aims to validate the app's features by ensuring they function according to specified requirements. It verifies each function of the software application by feeding them input and examining the output.
In Selenium, to automate browser interactions, testers use the _______ to write test scripts.
- JUnit
- Maven
- TestNG
- WebDriver
Selenium provides a tool named WebDriver, which allows testers to write scripts that can automate browser interactions. WebDriver provides a simple API to interact with browsers, making it easier for testers to create automation scripts for web applications without having to know intricate browser details.
When assessing the colors, fonts, and images in an application to ensure a positive user experience, which type of testing are you most likely conducting?
- Compatibility Testing
- GUI Testing
- Load Testing
- Security Testing
GUI (Graphical User Interface) Testing primarily focuses on the visual aspects of an application, ensuring that the colors, fonts, images, and other UI elements are presented correctly and provide a positive and consistent user experience. This helps in making the application visually appealing and user-friendly.
Which advanced black-box testing technique involves testing the application by understanding its functionality and without knowing its internal structures?
- Equivalence Partitioning
- Exploratory Testing
- Functional Testing
- Gray Box Testing
Gray Box Testing is an advanced testing method where the tester has partial knowledge of an application's internal workings. The tester understands the application's functionality but doesn't delve deep into its internal structures, making it a blend of black and white-box testing.