ISTQB Foundation Cert Practice - Example Exam

This article will cover my attempt to work through the a practice version of the ISTQB Foundation-level exam. It's a multiple choice format, so I will list each question, the answer options, and my reasoning for each option.

Legal notes, ISTQB is the author and owner of this practice exam, which can be found here.


1) Which of the following statements BEST describes one of the seven key principles of software testing?

a) Automated tests are better than manual tests for avoiding the 
Exhaustive Testing. -False, exhaustive testing is a method of choosing tests, not implementing them.
b) Exhaustive testing is, with sufficient effort and tool support, feasible for 
all software. -False, how would you exhaustively test a text editor, which has infinite possible states?
c) It is normally impossible to test all input / output combinations for a
software system. -True, and since all other answers were false this must be the correct answer.
d) The purpose of testing is to demonstrate the absence of defects. -False, testing can only show the presence of defects. It's always possible that a defect was outside of your (limited) coverage.


2) Which of the following statements is the MOST valid goal for a test team?

a) Determine whether enough component testing was executed. -Doesn't make sense, why was the testing done in the first place?
b) Cause as many failures as possible so that faults can be identified and
corrected. -Correct
c) Prove that all faults are identified. -Impossible to know all faults
d) Prove that any remaining faults will not cause any failures. -Impossible to know all faults


3) Which of these tasks would you expect to perform during Test Analysis and 

a) Setting or defining test objectives. -Objectives are defined beforehand. Analysis turns objectives into test cases.
b) Reviewing the test basis. -Correct answer
c) Creating test suites from test procedures. -This happens during implementation
d) Analyzing lessons learned for process improvement. -This happens after testing is done


4) Below is a list of problems that can be observed during testing or operation. 
Which is MOST likely a failure? 

a) The product crashed when the user selected an option in a dialog box. -Correct answer, a failure is a problem during execution.
b) One source code file included in the build was the wrong version. -Fault not failure
c) The computation algorithm used the wrong input variables. -Mistake not failure
d) The developer misinterpreted the requirement for the algorithm. -Mistake not failure


5) Which of the following, if observed in reviews and tests, would lead to 
problems (or conflict) within teams?

a) Testers and reviewers are not curious enough to find defects. -No personal conflict
b) Testers and reviewers are not qualified enough to find failures and 
faults. -No personal conflict
c) Testers and reviewers communicate defects as criticism against 
persons and not against the software product. -Correct answer, causes personal conflict between testers and the people they're criticizing.
d) Testers and reviewers expect that defects in the software product have
already been found and fixed by the developers. -No personal conflict


6) Which of the following statements are TRUE? 

A. Software testing may be required to meet legal or contractual 
requirements. -True, e.g. a contract may only be considered fulfilled if the product passes test X.
B. Software testing is mainly needed to improve the quality of the 
developer’s work. -There are many other reasons for testing, e.g. evaluation/acceptance
C. Rigorous testing and fixing of defects found can help reduce the risk of 
problems occurring in an operational environment. -True. It can reduce risk. Not always, and doesn't eliminate it.
D. Rigorous testing is sometimes used to prove that all failures have been 
found. -Impossible to find all failures

a) B and C are true; A and D are false. 
b) A and D are true; B and C are false. 
c) A and C are true, B and D are false. -This matches the analysis above
d) C and D are true, A and B are false. 



7) Which of the following statements BEST describes the difference between 
testing and debugging?

a) Testing pinpoints (identifies the source of) the defects. Debugging 
analyzes the faults and proposes prevention activities. -No, debugging does all of these
b) Dynamic testing shows failures caused by defects. Debugging finds,
analyzes, and removes the causes of failures in the software. -Correct
c) Testing removes faults. Debugging identifies the causes of failures. -No, faults are the cause of failures
d) Dynamic testing prevents causes of failures. Debugging removes the
failures. -Testing doesn't prevent anything


8) Which statement below BEST describes non-functional testing?

a) The process of testing an integrated system to verify that it meets 
specified requirements. -Too general, functional testing also does this.
b) The process of testing to determine the compliance of a system to 
coding standards. -This is only one kind of non-functional testing
c) Testing without reference to the internal structure of a system. -The above wouldn't be possible without reference to the internal structure.
d) Testing system attributes, such as usability, reliability or maintainability. -Correct, testing everything EXCEPT what actions the system performs.


9) What is important to do when working with software development models?

a) To adapt the models to the context of project and product 
characteristics. -Correct
b) To choose the waterfall model because it is the first and best proven
model. -No, the world is not so simple
c) To start with the V-model and then move to either iterative or 
incremental models. -No, as above
d) To only change the organization to fit the model and not vice versa. -Impractical


10) Which of the following characteristics of good testing apply to any software 
development life cycle model?

a) Acceptance testing is always the final test level to be applied. -Acceptance testing sometimes is not performed at all
b) All test levels are planned and completed for each developed feature. -Not every test level applies to every feature
c) Testers are involved as soon as the first piece of code can be executed. -Ideally they are involved before the first piece of code is written
d) For every development activity there is a corresponding testing activity. -Correct, testing wants to be involved every step of the way to catch problems before they start


11) For which of the following would maintenance testing be used? 

a) Correction of defects during the development phase. -Maintenance happens after delivery
b) Planned enhancements to an existing operational system. -Correct
c) Complaints about system quality during user acceptance testing. -Maintenance happens after delivery
d) Integrating functions during the development of a new system. -Maintenance happens after delivery


12) Which of the following statements are TRUE? 
A. Regression testing and acceptance testing are the same. -False, they are completely different
B. Regression tests show if all defects have been resolved. -False, impossible to know all defects
C. Regression tests are typically well-suited for test automation. -True, regressions run repeatedly so they benefit from the per-run benefits of automation
D. Regression tests are performed to find out if code changes have 
introduced or uncovered defects. -True
E. Regression tests should be performed in integration testing. -Arguable, but looking at the possible answers this must be false.

a) A, C and D and E are true; B is false. 
b) A, C and E are true; B and D are false. 
c) C and D are true; A, B and E are false. -Matches the above analysis 
d) B and E are true; A, C and D are false.


13) Which of the following comparisons of component testing and system testing 
are TRUE? 

a) Component testing verifies the functioning of software modules, 
program objects, and classes that are separately testable, whereas 
system testing verifies interfaces between components and interactions 
with different parts of the system. -First sentence is correct, the second sentence describes integration testing.
b) Test cases for component testing are usually derived from component 
specifications, design specifications, or data models, whereas test 
cases for system testing are usually derived from requirement 
specifications, functional specifications or use cases. -True
c) Component testing focuses on functional characteristics, whereas 
system testing focuses on functional and non-functional characteristics.-Component testing can include non-functional characteristics as well.
d) Component testing is the responsibility of the technical testers, whereas 
system testing typically is the responsibility of the users of the system. -Both are responsible for both


14) Which of the following are the main phases of a formal review?

a) Initiation, status, preparation, review meeting, rework, follow up. 
b) Planning, preparation, review meeting, rework, closure, follow up. 
c) Planning, kick off, individual preparation, review meeting, rework, follow 
up. -Correct, just from memory. These are very flexible terms, and any of the answers coudl be "correct" outside of an ISTQB exam.
d) Preparation, review meeting, rework, closure, follow up, root cause 



15) Which TWO of the review types below are the BEST fitted (most adequate) 
options to choose for reviewing safety critical components in a software 
project? Select 2 options. 

a) Informal review. -No, for critical components we want formality to ensure nothing is overlooked
b) Management review. -This isn't defined as a review type
c) Inspection. -This checks for errors, which we want
d) Walkthrough. -Walkthroughs are mostly for teaching, which is unrelated to the goal of safety.
e) Technical Review. -This checks for errors, which we want


16) Which of the following statements about static analysis is FALSE?

a) Static analysis can be used as a preventive measure with appropriate 
process in place. -True, finding faults in code and documentation before the code is executed
b) Static analysis can find defects that are not easily found by dynamic 
testing. -True, for example bad (but currently working) coding practices.
c) Static analysis can result in cost savings by finding defects early. -True, defects are cheaper to fix the earlier they are found
d) Static analysis is a good way to force failures into the software. -False, failures only come from execution, which static analysis does NOT do.


17) One of the test goals for the project is to have 100% decision coverage. The 
following three tests have been executed for the control flow graph shown 

Test A covers path: A, B, D, E, G. 
Test B covers path: A, B, D, E, F, G. 
Test C covers path: A, C, F, C, F, C, F, G.
Which of the following statements related to the decision coverage goal is 

a) Decision D has not been tested completely. -True, only D-E was covered, not D-F
b) 100% decision coverage has been achieved. -False, see above
c) Decision E has not been tested completely. -False, both of E's branches are covered.
d) Decision F has not been tested completely. -False, both of F's branches are covered.


18) A defect was found during testing. When the network got disconnected while 
receiving data from a server, the system crashed. The defect was fixed by 
correcting the code that checked the network availability during data transfer. 
The existing test cases covered 100% of all statements of the corresponding 
module. To verify the fix and ensure more extensive coverage, some new 
tests were designed and added to the test suite. 
What types of testing are mentioned above? 
A. Functional testing. -Network disconnection was a functional test
B. Structural testing. -Establishing statement coverage requires analysis of the internal structure of the code, ie structural testing.
C. Re-testing. -By elimination this must be true, but the scenario never actually says that the fix was retested. Tests to cover it do exist, but it doesn't actually say they were executed.
D. Performance testing. -None

a) A, B and D. 
b) A and C. 
c) A, B and C. -Only this option matches the above analysis
d) A, C and D


19) Which of the following statements about the given state table is TRUE? 

a) The state table can be used to derive both valid and invalid transitions. -Arguably you can derive that anything NOT in the table is invalid. But not as clearly true as b)
b) The state table represents all possible single transitions. -True, there is a test case for each transition line in the diagram
c) The state table represents only some of all possible single transitions. -False, see above
d) The state table represents sequential pairs of transitions. -False, each table entry only covers one transition


20) Which of the following statements are true for the equivalence partitioning test 
A. Divides possible inputs into classes that have the same behaviour. -True
B. Uses both valid and invalid partitions. -Correct. "Invalid" here means "unexpected by the program." You might test invalid partitions to verify the program's error-handling ability.
C. Makes use only of valid partitions. -False, contradicts B.
D. Must include at least two values from every equivalence partition. -False
E. Can be used only for testing equivalence partitions inputs from a 
Graphical User Interface. -False, any input can be partitioned

a) A, B and E are true; C and D are false. 
b) A, C and D are true; B and E are false. 
c) A and E are true; B, C and D are false. 
d) A and B are true; C, D and E are false. -Only this option matches the analysis above


21) Which TWO of the following solutions below lists techniques that can all be 
categorized as Black Box design techniques? 
Select 2 options. 

a) Equivalence Partitioning, decision tables, state transition, and boundary 
value. -True
b) Equivalence Partitioning, decision tables, use case. -True
c) Equivalence Partitioning, decision tables, checklist based, statement 
coverage, use case. -False, statement coverage depends on code knowledge, which is white-box
d) Equivalence Partitioning, cause-effect graph, checklist based, decision 
coverage, use case. -False. Unlike a) this has "decision coverage," which requires knowing all decision-points within the code, whereas decision tables only need the inputs.
e) Equivalence Partitioning, cause-effect graph, checklist based, decision 
coverage and boundary value. -False, see d)


22) An employee’s bonus is to be calculated. It cannot become negative, but it 
can be calculated to zero. The bonus is based on the duration of the 
employment. An employee can be employed for less than or equal to 2 years, 
more than 2 years but less than 5 years, 5 to 10 years, or longer than 10 
years. Depending on this period of employment, an employee will get either 
no bonus or a bonus of 10%, 25% or 35%. 
How many equivalence partitions are needed to test the calculation of the 

a) 3. 
b) 5. 
c) 2. 
d) 4. -There are four partitions: 0-2, 2<-<5, 5-10, and 10<. 


23) Which of the following statements about the benefits of deriving test cases 
from use cases are most likely to be true? 
A. Deriving test cases from use cases is helpful for system and 
acceptance testing. -True, use-cases describe final whole-system functionality, which is what you care about in system and acceptance testing.
B. Deriving test cases from use cases is helpful only for automated 
testing. -No connection
C. Deriving test cases from use cases is helpful for component testing. -No connection
D. Deriving test cases from use cases is helpful for testing the interaction 
between different components of the system. -No connection

a) A and D are true; B and C are false. 
b) A is true; B, C and D are false. -Matches the above analysis
c) A and B are true; C and D are false. 
d) C is true; A, B and D are false. 


24) Which of the below would be the best basis for fault attack testing?

a) Experience, defect and failure data, knowledge about software failures. -Correct, these are all critical factors for fault attack testing
b) Risk analysis performed at the beginning of the project. -Fault attacking requires you to know what specific failures you want to cause, and plan around them. Risk only tells you a general area to focus on.
c) Use Cases derived from the business flows by domain experts. -See b)
d) Expected results from comparison with an existing system. -Not wrong, but a) is more complete


25) Which of the following would be the best test approach when there are poor 
specifications and time pressures?

a) Use Case Testing. -Requires good specification to write tests from
b) Condition Coverage. -Requires good specification to write tests from
c) Exploratory Testing. -Correct, exploratory doesn't rely on specification and can produce (some) results very quickly
d) Path Testing. -Requires good specification to write tests from



26) Which one of the following techniques is structure-based?

a) Decision testing. -Correct answer, decision testing is always white-box/structure-based
b) Boundary value analysis. -Black-box
c) Equivalence partitioning. -Black-box
d) State transition testing. -Arguable, but ISTQB says this is black-box


27) You have started specification-based testing of a program. It calculates the 
greatest common divisor (GCD) of two integers (A and B) greater than zero. 

calcGCD (A, B); 

The following test cases (TC) have been specified. 

Which test technique has been applied in order to determine test cases 1 through 6? 

a) Boundary value analysis. -Correct answer. 0 and 1 check the lower boundary of integer, INT_MAX and INT_MAX+1 check the upper boundary.
b) State transition testing. -We don't know the states
c) Equivalence partitioning. -If this were equivalence partitioning, test cases 3 and 4 would be make eachother redundant.
d) Decision table testing -These are not boolean inputs, they cannot be used in a decision table.


28) Consider the following state transition diagram and test case table: 

Which of the following statements are TRUE? 

A. The test case table exercises the shortest number of transitions. -Shortest relative to what? If they mean "shortest possible number of transitions per testcase" then false, because there are 2 per testcase where there could instead be 1.
B. The test case gives only the valid state transitions. -True, there are no invalid transitions
C. The test case gives only the invalid state transitions. -False, there are no invalid transitions
D. The test case exercises the longest number of transitions. -Again, longest relative to what? The states are cyclical, a testcase could approach infinite transitions if that's what they're asking.

a) Only A is true; B, C and D are false. 
b) Only B is true; A, C and D are false. -This must be the answer since B is definitely true. A and D are unclear.
c) A and D are true; B, C are false. 
d) Only C is true; A, B and D are false. 


29) Which of the following best describes the task partition between test manager 
and tester?

a) The test manager plans testing activities and chooses the standards to 
be followed, while the tester chooses the tools and controls to be used. -Manager would probably have the final say on tool choice
b) The test manager plans, organizes and controls the testing activities, 
while the tester specifies, automates and executes tests. -Correct answer
c) The test manager plans, monitors and controls the testing activities, 
while the tester designs tests. -Tester also executes and monitors tests.
d) The test manager plans and organizes the testing and specifies the test
cases, while the tester prioritizes and executes the tests. -Manager would prioritize tests.


30) Which of the following can be categorized as product risks?

a) Low quality of requirements, design, code and tests. -Project risk
b) Political problems and delays in especially complex areas in the 
product. -Project risk
c) Error-prone areas, potential harm to the user, poor product 
characteristics. -Correct answer
d) Problems in defining the right requirements, potential failure areas in the 
software or system. -Project risk


31) Which of the following are typical test exit criteria?

a) Thoroughness measures, reliability measures, test cost, schedule, state 
of defect correction and residual risks. -Correct answer, but all others are arguable depending how you interpret them
b) Thoroughness measures, reliability measures, degree of tester 
independence and product completeness.
c) Thoroughness measures, reliability measures, test cost, time to market 
and product completeness, availability of testable code. 
d) Time to market, residual defects, tester qualification, degree of tester 
independence, thoroughness measures and test cost. 


32) As a Test Manager you have the following requirements to be tested: 
Requirements to test: 
R1 - Process Anomalies – High Complexity 
R2 - Remote Services – Medium Complexity 
R3 – Synchronization – Medium Complexity 
R4 – Confirmation – Medium Complexity 
R5 - Process closures – Low Complexity 
R6 – Issues – Low Complexity 
R7 - Financial Data – Low Complexity 
R8 - Diagram Data – Low Complexity 
R9 - Changes on user profile – Medium Complexity 
Requirements logical dependencies (A -> B means that B is dependent on A): 

How would you structure the test execution schedule according to the requirement dependencies? 

R1 and R2 must happen first since all other components depend on them. R4 and R5 must happen next, because all remaining components depend on them. R3, R7 and R8 next, same reason. Lastly R6 and R9.

a) R4 > R5 > R1 > R2 > R3 > R7 > R8 > R6 > R9. 
b) R1 > R2 > R3 > R4 > R5 > R7 > R8 > R6 > R9. 
c) R1 > R2 > R4 > R5 > R3 > R7 > R8 > R6 > R9. -Correct answer, matches above analysis.
d) R1 > R2 > R3 > R7 > R8 > R4 > R5 > R6 > R9. 


33) What is the benefit of independent testing?

a) More work gets done because testers do not disturb the developers all 
the time. -False, testers may need support from developers
b) Independent testers tend to be unbiased and find different defects than 
the developers. - Correct
c) Independent testers do not need extra education and training. -Why wouldn't they need training?
d) Independent testers reduce the bottleneck in the incident management
process. -How would they reduce it?


34) Which of the following would be categorized as project risks?

a) Skill and staff shortages. -Correct
b) Poor software characteristics. -Product risk
c) Failure-prone software delivered. -Product risk
d) Possible reliability defect (bug).-Product risk


35) As a test manager you are asked for a test summary report. Concerning test 
activities and according to IEEE 829 Standard, what should you consider in 
your report?

a) The number of test cases using Black Box techniques. 
b) A summary of the major testing activities, events and its status in 
respect of meeting goals. -Cannot remember the IEEE standard, but this seems like the most useful information for non-testers to receive about testing efforts.
c) Overall evaluation of each development work item. 
d) Training taken by members of the test team to support the test effort. 



36) You are a tester in a safety-critical software development project. During 
execution of a test, you find out that one of your expected results was not 
achieved. You write an incident report about it. What do you consider to be 
the most important information to include according to the IEEE Std. 829? 

a) Impact, incident description, date and time, your name. -According to the ISTQB (but not according to the IEEE standard) this is the correct answer. Either name/date/time are more important than expected results, or "incident description" actually includes expected results and answer d) is written incorrectly. 
b) Unique id for the report, special requirements needed. 
c) Transmitted items, your name and you’re feeling about the defect 
d) Incident description, environment, expected results.


37) From the list below, select the recommended principles for introducing a 
chosen test tool in an organization? 
1. Roll the tool out to the entire organization at the same time. 
2. Start with a pilot project. 
3. Adapt and improve processes to fit the use of the tool. 
4. Provide training and coaching for new users. 
5. Let each team decide their own standard ways of using the tool. 
6. Monitor that costs do not exceed initial acquisition cost. 
7. Gather lessons learned from all teams. 

a) 1, 2, 3, 5. 
b) 1, 4, 6, 7. 
c) 2, 3, 4, 7. -Correct answer. Principles 1 and 5 would be detrimental, and 6 is arbitrary/irrelevant
d) 3, 4, 5, 6. 


38) Which one of the following best describes a characteristic of a keyword-driven test execution tool?

a) A table with test input data, action words, and expected results,
controls execution of the system under test. -Correct answer
b) Actions of testers recorded in a script that is rerun several times.
c) Actions of testers recorded in a script that is run with several sets of 
test input data. 
d) The ability to log test results and compare them against the expected 
results, stored in a text file. 


39) Which of the following is NOT a goal of a Pilot Project for tool evaluation?

a) To evaluate how the tool fits with existing processes and practices. 
b) To determine use, management, storage, and maintenance of the tool 
and test assets. 
c) To assess whether the benefits will be achieved at reasonable cost. 
d) To reduce the defect rate in the Pilot Project -The tool isn't necessarily for defect reduction, and the project isn't intended to produce a useful product anyways.


40) Below is a list of test efficiency improvement goals a software development 
and test organization would like to achieve. Which of these goals would best be supported by a test management tool? 

a) To build traceability between requirements, tests, and bugs. -Correct answer, test management is about bringing test pieces together, not changing or executing them
b) To optimize the ability of tests to identify failures
c) To resolve defects faster. 
d) To automate selection of test cases for execution.