University of Colombo School of Computing
Degree of Bachelor of Information Technology (External) — 3rd Year, Semester 6
IT6206 — Software Quality Assurance
Model Question & Answer Paper | All 14 Modules Covered
Questions: 14 (one per module) Style: Structured (2022–2024 past papers) Format: Tap a question to reveal its answer
Instructions: Each question covers key examinable points from one module. Use the "Show Answer" button per question, or use "Show All Answers" above for revision mode. Individual sub-part answers can also be toggled independently. Total marks per question indicated in brackets.
Jump to: T1T2T3 T4T5T6 T7T8T9 T10T11T12 T13T14
Q1
Topic 1 — Introduction to SQA & Testing
Software Quality, Error–Fault–Failure Chain, Causes of Errors & SQA Standards
25 Marks 4 parts (a–d)
a (06 marks)

According to IEEE and ISO definitions, briefly explain the term Software. Differentiate between Quality Control (QC) and Quality Assurance (QA) by stating the main objective of each and stating whether Testing is a QC or QA activity.

✓ Model Answer

Software (IEEE): Computer programs, procedures, and possibly associated documentation and data pertaining to operation of a computer system.

Software (ISO, 4 components): Computer Programs | Procedures | Documentation | Data necessary for operating the system.

AspectQuality Control (QC)Quality Assurance (QA)
ObjectiveEvaluate quality of a developed product; withhold non-qualifying productsDetect & prevent causes of errors; reduce cost of guaranteeing quality
FocusThe productThe process

Relationship: QC is a subset of QA. Testing is a Quality Control activity (not QA directly — QA supports good testing).

b (06 marks)

Briefly explain the terms Software Error, Software Fault, and Software Failure with an example to illustrate the chain between them.

✓ Model Answer
TermDefinition
ErrorA human mistake — grammatical error in code OR logical error in carrying out client requirements.
Fault / DefectAn error that causes improper system functioning. NOT ALL errors become faults — some are corrected/neutralised by later code lines.
FailureA software fault triggered during execution under the right conditions → unexpected behaviour. NOT ALL faults become failures.

Example chain: Developer writes if (age > 18) instead of if (age >= 18) (Error) → the age check module now incorrectly rejects 18-year-olds (Fault) → when an 18-year-old registers, they are wrongly blocked (Failure).

Key statistic: Example — 17 errors → 8 faults → 3 failures.

c (09 marks)

List and briefly describe any six (6) of D. Galin's nine (9) classified causes of software errors, stating the SDLC stage each relates to.

✓ Model Answer (any 6 of 9 — 1.5 marks each)
#CauseKey Details
1Faulty Requirements DefinitionErroneous definitions; absence of key requirements; incomplete or unnecessary requirements
2Client-Developer Communication FailuresMisunderstanding client instructions, requirement changes, or design responses
3Deliberate DeviationsReusing modules without analysis; omitting functionality due to time/budget; unapproved improvements
4Logical Design ErrorsErroneous algorithms; sequencing errors; omission of required system states
5Coding ErrorsMisunderstanding design; linguistic errors; CASE-tool errors; wrong data selection
6Non-Compliance with StandardsViolates unit's coding/documentation standards; affects design, implementation, testing & maintenance
7Shortcomings of Testing ProcessIncomplete test plans; failure to document errors; incomplete correction under time pressure
8Procedure ErrorsProcedures direct user through steps; critical in complex systems; misinterpreted requirements
9Documentation ErrorsIn design docs & software-body docs; cause implementation, maintenance & user manual errors
d (04 marks)

Briefly describe two (2) SQA models or standards used in industry and state one key benefit of obtaining SQA certification.

✓ Model Answer

ISO 9000-3: Based on 8 quality management principles (Customer Focus, Leadership, Involvement of People, Process Approach, Continual Improvement etc.). Certification involves: (1) Develop SQA system → (2) Implement system → (3) Undergo certification audit.

CMM / CMMI: Carnegie Mellon initiative (1986); 5 maturity levels: Initial → Managed → Defined → Quantitatively Managed → Optimising. CMMI adds Agile principles; improves dev process, configuration management & quality management.

Bootstrap: Alternative — measures maturity on 31 quality attributes across 3 classes: Process, Organisation, Technology.

Benefit of certification: Ability to obtain independent professional quality audits; demonstrates commitment to quality to customers and stakeholders; opens doors to contracts requiring ISO certification.

Q2
Topic 2 — Software Testing Process
Test Activities, Work Products, Traceability, V-Model & Testing Types
25 Marks4 parts (a–d)
a(07 marks)

What is meant by "Software Test Work Products"? There are seven categories listed below. Select the correct work product for each using the numbered list and write the number in the box provided. (1×7 = 07 marks)

Categories
□ Test Planning work products
□ Test Monitoring & Control work products
□ Test Analysis work products
□ Test Design work products
□ Test Implementation work products
□ Test Execution work products
□ Test Completion work product
Work Products List
1 Test Cases
2 Test Plans
3 Test Execution Schedule
4 Test Reports
5 Defect Reports
6 Test Conditions
7 Test Summary Reports
✓ Model Answer

Work products is the generic name given to any form of documentation, informal communication or artefact used in testing.

CategoryWork ProductNo.
Test PlanningTest Plans2
Test Monitoring & ControlTest Reports4
Test AnalysisTest Conditions6
Test DesignTest Cases1
Test ImplementationTest Execution Schedule3
Test ExecutionDefect Reports5
Test CompletionTest Summary Reports7
b(06 marks)

What is Traceability in the context of software testing? List three (3) benefits of maintaining good bi-directional traceability between test basis and test work products.

✓ Model Answer

Traceability: The degree to which a relationship can be established between two or more work products. Bi-directional traceability links requirements ↔ test conditions ↔ test cases ↔ test results.

Benefits (any 3):

  • Analysing the impact of changes in requirements or design
  • Making testing auditable and measuring test coverage
  • Meeting IT governance criteria
  • Improving coherence of progress/summary reports to stakeholders
  • Relating technical aspects to stakeholders in understandable terms
  • Assessing product quality & project progress vs business goals
c(06 marks)

Briefly compare testing in the V-Model versus testing in Agile/Scrum software development methodology. State two advantages and one challenge of testing in Agile.

✓ Model Answer
AspectV-ModelAgile / Scrum
Test timingEach dev phase has a directly associated test phase; starts earlyTesting integrated throughout each sprint; concurrent
FormalityClear entry/exit criteria per levelFEWER formal criteria; lightweight
4 test levelsUnit → Integration → System → AcceptanceAll levels present but often blended
RegressionManageableEXTREMELY important; critical after each sprint

Agile Advantages: (1) Focus on working software → simpler design, easier to test. (2) Test-driven development (TDD) — testing is the starting point, driving code quality.

Agile Challenge: Constant time pressure; less time available for new-feature testing; test design is less formal and subject to change.

d(06 marks)

Differentiate between White-box, Black-box, and Grey-box testing. For white-box testing, list four (4) coverage techniques.

✓ Model Answer
TypeInternal Code VisibilityFocus
White-box (clear-box / glass-box)Code IS visible to testersInternal structure, data structures, code paths, security holes
Black-box (behavioural)No knowledge of internal codeInput/output behaviour based on requirements & specs
Grey-boxPARTIAL knowledge of internalsDefects due to improper code structure or application use

White-box coverage techniques (any 4):

  • Statement Coverage — every executable statement run at least once
  • Decision / Branch Coverage — every TRUE and FALSE outcome executed
  • Condition Coverage — all individual conditions within decisions covered
  • Path Coverage — every possible execution path covered (most thorough)
  • Multiple Condition Coverage — all combinations of condition outcomes tested
  • FSM (Finite State Machine) Coverage — how many states are visited/transited

Key rule: 100% decision coverage → guarantees 100% statement coverage. But NOT vice versa.

Q3
Topic 3 — Test Techniques
EP, BVA, Decision Tables, State Transition Testing & Coverage Formulas
25 Marks4 parts (a–d)
a(05 marks)

A user registration form for an online streaming website has an age field. The website categorises users as:

  • Age 6–17: Minor   • Age 18–64: Adult   • Age 65–120: Senior Citizen

(i) Identify the valid and invalid equivalence partitions. (02 marks)
(ii) Identify the boundary values for each partition. (03 marks)

✓ Model Answer
PartitionRangeBoundary ValuesValid?
Below minimum0–50, 5INVALID
Minor6–176, 17Valid
Adult18–6418, 64Valid
Senior Citizen65–12065, 120Valid
Above maximum≥121121INVALID
b(06 marks)

A loan application system has two input conditions: (i) Repayment amount entered (T/F) and (ii) Term of loan entered (T/F). Construct a Decision Table for all possible combinations and state the outcome for each rule. Explain why decision table testing is useful.

✓ Model Answer

With 2 binary conditions → 2² = 4 rules:

ConditionRule 1Rule 2Rule 3Rule 4
Repayment amount enteredTTFF
Term of loan enteredTFTF
OutcomeError MsgProcess RepaymentProcess TermError Msg

Why useful: Systematically covers ALL combinations of conditions → finds gaps/ambiguities in specs that other techniques miss. Works well combined with Equivalence Partitioning.

c(08 marks)

A bank ATM PIN entry system has the following states: S1=Start, S2=Wait for PIN, S3=1st try invalid, S4=2nd try invalid, S5=3rd try invalid, S6=Access granted, S7=Card eaten.

(i) State the four parts of a state transition model. (04 marks)
(ii) Complete the state transition table using valid/invalid transitions (use — for invalid). (04 marks)

✓ Model Answer

(i) 4 Parts of a State Transition Model:

  • States — conditions the software may occupy (e.g. open/closed)
  • Transitions — movement from one state to another (not all transitions are valid)
  • Events — what CAUSES a transition (e.g. inserting a card, entering a PIN)
  • Actions — RESULT of a transition (e.g. error message, cash dispensed)

(ii) State Transition Table:

StateInsert CardValid PINInvalid PIN
S1 StartS2
S2 Wait for PINS6S3
S3 1st invalidS6S4
S4 2nd invalidS6S5
S5 3rd invalidS7
S6 Access granted
S7 Card eatenS1

Dashes (—) = INVALID transitions — important for designing negative test conditions.

d(06 marks)

Consider the following code segment:
IF X > Y THEN Z = 0

(i) Write the formula for Statement Coverage and Decision Coverage. (02 marks)
(ii) Using test cases Test01(X=5, Y=3) and Test02(X=–2, Y=8), calculate Statement Coverage for Test01 only, and Decision Coverage for both test cases. (04 marks)

✓ Model Answer

Formulae:

  • Statement Coverage = (Statements exercised ÷ Total statements) × 100
  • Decision Coverage = (Decision outcomes exercised ÷ Total decision outcomes) × 100

Statement Coverage — Test01 (X=5, Y=3):
X > Y is TRUE → Z=0 executes. 5 statements executed out of 5 total. 5/5 × 100 = 100%

Decision Coverage — Test01 + Test02:

  • Test01 (X=5, Y=3): X>Y = TRUE → 5 outcomes. Decision Cov. = 5/5 × 100 = 100%
  • Test02 (X=–2, Y=8): X>Y = FALSE → 4 outcomes. Decision Cov. = 4/5 × 100 = 80%

KEY RULE: 100% Decision Coverage guarantees 100% Statement Coverage — but NOT vice versa. Statement coverage provides LESS coverage than decision coverage.

Q4
Topic 4 — Test Case Design (Static Testing)
Static Testing Types, Review Types Comparison & Static Analysis Tools
25 Marks3 parts (a–c)
a(04 marks)

Define static testing and state the primary objective of static testing. List four (4) types of work products that static testing can be applied to.

✓ Model Answer

Static Testing: Examining software work products manually or with tools WITHOUT executing the code.

Primary Objective: Improve quality by helping engineers recognise and fix their OWN defects early in the lifecycle.

Work products (any 4): Source code | Design documents/models | Requirement specifications | Test plans | User manuals | Traceability matrices

b(07 marks)

There are different types of static reviews. Below are seven statements made by team members during a review session. Select the correct review type for each statement from: (1) Informal (2) Walkthrough (3) Technical Review (4) Inspection. Write the number in the box. (1×7 = 07 marks)

Review Statements
"Hey, I noticed you're using a custom function here — want to use the built-in one instead?"
"From a user perspective, this input validation could be stricter — have you considered unexpected characters?"
"Let us test this logic together, I think there might be an edge case we are missing."
"In this part of the code, can you explain why you chose a linked list instead of an array?"
"On line 47, the variable name temp2 is not descriptive — violates naming convention rule ID-03."
"This module does not follow our logging standard — please use the centralised logger with context tags."
"The algorithm's complexity seems to be O(n²). Could we optimise it for better performance?"
✓ Model Answer
#Statement (key clue)Review Type
1"use the built-in function instead?" — casual suggestion1 Informal
2"From a user perspective…" — user-focused suggestion2 Walkthrough
3"Let us test this logic together…" — collaborative1 Informal
4"can you explain why…" — author explains to group2 Walkthrough
5"violates naming convention rule ID-03" — formal rule ID4 Inspection
6"does not follow our logging standard" — spec violation3 Technical Review
7"O(n²) complexity — optimise?" — technical performance3 Technical Review
c(14 marks)

Compare and contrast all four types of reviews with respect to: (i) Formal process required, (ii) Who leads the meeting, (iii) Whether individual preparation is required, (iv) Whether a scribe is needed, and (v) Whether checklists are used. Also state the main purpose of each. (2 marks per review type)

✓ Model Answer
AttributeInformalWalkthroughTechnical ReviewInspection
Main PurposeDetect defects informallyFind defects, evaluate alternativesGain consensus, detect defects vs specDetect defects, build confidence, prevent future defects
Formal ProcessNoSemi-formalSemi → formalMOST formal
Led byN/AAUTHOR leadsTrained moderator (not author)Moderator + dedicated reader
Ind. PreparationNoOptionalRequiredRequired
ScribeN/AMandatoryMandatory (not author)Mandatory
ChecklistsOptionalOptionalOptionalMandatory (rules + checklists)
Q5
Topic 5 — Levels of Testing
CIT vs SIT, Acceptance Testing Types & Non-Functional Testing (MTTF/MTTR/MTBF)
25 Marks4 parts (a–d)
a(06 marks)

Explain two (2) differences between Component Integration Testing (CIT) and System Integration Testing (SIT). (2022 Q2)

✓ Model Answer
AspectCITSIT
FocusInteractions & interfaces BETWEEN integrated componentsInteractions & interfaces between systems, packages, microservices (+ external orgs e.g. web services)
TimingPerformed AFTER component/unit testingMay be performed AFTER system testing or in parallel with ongoing system test activities
ResponsibilityOften the responsibility of developersOften the responsibility of testers

Typical CIT defects: incorrect sequencing/timing of interface calls, wrong assumptions about data meaning. Typical SIT defects: inconsistent message structures between systems, failure to comply with security regulations.

b(06 marks)

List and briefly describe four (4) types of Acceptance Testing.

✓ Model Answer (any 4 of 6)
TypeDescription
UAT (User Acceptance)Real/simulated operational env, BY intended users, focused on their needs/processes
OAT (Operational Acceptance)Simulated operational env, BY ops/sysadmin staff, focused on operational aspects
Contractual AcceptanceVerifies system satisfies CONTRACTUAL requirements
Regulatory AcceptanceVerifies system conforms to laws, policies, regulations
Alpha TestingOperational testing in DEVELOPER'S environment, by roles outside the dev org
Beta TestingOperational testing at an EXTERNAL site, by roles outside the dev org
c(07 marks)

Explain the following non-functional testing types: (i) Performance Testing, (ii) Stress Testing, (iii) Load & Stability Testing, (iv) Security Testing. Also define MTTF, MTTR, and MTBF.

✓ Model Answer
TypeDescription
PerformanceTests response time, throughput, stability, scalability & resource usage under normal workload
StressTests robustness & error handling under extremely heavy load — checks the system's limits and failure behaviour (Memory Leak, Buffer allocation)
Load & StabilityTests behaviour under sustained anticipated load over long periods; uses virtual users; catches: system slowdown, silent failover, crashes
SecurityUncovers vulnerabilities; ensures software behaves securely; checks authorised access, prevents illegal file reads; protects against DoS attacks, eavesdropping
MetricFull NameMeaning
MTTFMean Time To FailureAverage time between successive failures
MTTRMean Time To RepairAverage repair time after each failure
MTBFMean Time Between FailuresMTTF + MTTR
d(06 marks)

Differentiate between Confirmation Testing (Re-testing) and Regression Testing. When is regression testing done and why is it critical in Agile projects?

✓ Model Answer
Confirmation (Re-testing)Regression Testing
PurposeVerify that a SPECIFIC failure caused by a known defect no longer occurs after the fixEnsure changes haven't introduced new defects in UNCHANGED areas
ScopeNarrow — the exact steps that produced the original failureBroad — areas impacted by the change
When doneAfter each individual defect fixAfter fixes, new features, or environment changes (e.g. new OS)

Why critical in Agile: Each sprint delivers working software quickly → changes are frequent → without automated regression testing, new features constantly risk breaking existing functionality. Regression is the safety net that lets teams move fast with confidence.

Q6
Topic 6 — Software Testing Life Cycle (STLC)
STLC Phases, Entry/Exit Criteria, Defect Life Cycle & Priority vs Severity
25 Marks4 parts (a–d)
a(06 marks)

List down the six phases of the Software Testing Life Cycle (STLC). (2023 Q2)

✓ Model Answer
  1. Requirements Analysis — identify testing scope, prepare RTM, automation feasibility
  2. Test Planning — prepare Test Plan, effort estimation, resource plan
  3. Test Case Design & Development — scenario ID, test case writing, test data preparation
  4. Test Environment Setup — configure hardware/OS/software; verify with smoke test
  5. Test Execution — run tests, compare actual vs expected, log defects
  6. Test Closure — archive artefacts, sign-off, lessons learned, closure report
b(08 marks)

Explain what is meant by Entry Criteria and Exit Criteria in STLC. Give the entry and exit criteria for the Test Closure phase. (2022 Q2)

✓ Model Answer

Entry Criteria: Conditions or documents REQUIRED to begin a particular STLC phase. If absent, the task will not be performed.

Exit Criteria: Items/documents/actions/tasks required to be completed BEFORE concluding an STLC phase and moving to the next. A set of expectations from a particular phase.

Test Closure Phase:

Entry CriteriaExit Criteria
Test case execution is completeProvision of test closure reports
Test results are availablePreparation of matrices (to be signed by clients)
Defect report is availableAll test artefacts archived
c(08 marks)

List down and briefly describe the states of a Software Defect Life Cycle. Draw a suitable diagram. (2022 Q2)

✓ Model Answer

Flow: New → Assigned → Active → Test/Fixed → Verified → Closed
Side paths from Active: → Rejected | → Deferred; and Closed → Reopened

StateDescription
NewPotential defect raised and not yet validated
AssignedDefect assigned to development team to be investigated
ActiveDeveloper investigating; possible outcomes: Fixed, Deferred, or Rejected
Test / Fixed / Ready for RetestDefect fixed and ready for QA retesting
VerifiedQA retested and confirmed fix works
ClosedFinal state after QA retest OR if duplicate/not-a-defect
ReopenedDefect was not actually fixed; reactivated by QA
DeferredCannot fix this cycle; postponed to a future release
RejectedThree reasons: Duplicate defect | NOT a defect | Non-reproducible
d(03 marks)

Differentiate between defect Priority and defect Severity with one example each.

✓ Model Answer

Priority = QA team's view — the ORDER in which defects should be RESOLVED (Low / Medium / High / Urgent). Example: Submit button colour mismatch — Low Priority (cosmetic).

Severity = Dev team's view — the IMPACT on the system and complexity to fix (S4 Low → S3 Medium → S2 Major → S1 Critical). Example: App crashes every login → S1 Critical Severity.

These are independent: a logo on a homepage wrong colour = High Priority but Low Severity. A crash in a rarely-used feature = Low Priority but High Severity.

Q7
Topic 7 — Quality Control (Monitoring & Reporting)
Test Monitoring Objectives, Metrics (Schedule vs Effort Timeliness) & Test Reports
20 Marks3 parts (a–c)
a(06 marks)

"Track corrective action to closure" is one main objective of test monitoring and control. List three (3) other main objectives. (2022 Q3)

✓ Model Answer
  • Monitor the test plan, schedule and key project parameters; keep on track
  • Conduct progress and milestone reviews to determine actual status; re-plan as appropriate
  • Monitor risks and take appropriate action
  • Analyse issues and change requests and take appropriate action
  • Monitor resources and manage resource issues
  • Report the test status to management
b(06 marks)

Briefly explain the difference between the Schedule Timeliness metric and the Effort Timeliness metric for testing. (2022 Q3)

✓ Model Answer

Schedule Timeliness: Refers to elapsed calendar time (months) — compares planned vs actual elapsed calendar months for each phase/milestone. It is a lagging measure.

Effort Timeliness: Refers to the planned number of person-months required to carry out the work, vs the actual number of person-months it actually took. NOT calendar time.

Key difference: Schedule is about TIME (calendar); Effort is about PEOPLE/HOURS (person-months). Both are needed for accurate project reporting.

c(08 marks)

Name and briefly describe four (4) of the five metric categories used in testing. State who is responsible for presenting the test status report to management.

✓ Model Answer
CategoryWhat It Measures
Customer SatisfactionSurvey arrival rate, satisfaction scores by category (quality, timeliness, ease of use, staff expertise, value). Scale: 8-10 Exceeds, 7 Meets, 5-6 Fair, 0-4 Below
Project ManagementSchedule Timeliness (calendar time) and Effort Timeliness (person-months planned vs actual)
Test ExecutionTotal defects by severity; open/closed defect status; problem arrival rate; pass/fail/blocked test case counts; cumulative arrival vs closure rates
Customer CareEffectiveness resolving queries; query volume; system availability at customer site; outage post-mortems
Cost of QualityCMMI maturity score (1-10; 7+ = satisfied). COPQ (Cost of Poor Quality) per Crosby = most meaningful measurement

Responsibility: The Test Manager presents status, key risks and issues to management, explaining how issues are being managed.

Q8
Topic 8 — Test Automation
Definition, When to Automate, Tool Selection, Benefits & Risks, Manual vs Automation
25 Marks4 parts (a–d)
a(04 marks)

What is Software Test Automation? (2022 Q2, 2023 Q2)

✓ Model Answer

Automation Testing is the use of software tools to develop and execute tests.

Tools used in test automation can:

  • Enter test data into the application under test
  • Compare expected and actual results
  • Generate detailed reports automatically

"Software test automation is not always possible" — TRUE. Examples where automation is NOT suitable: exploratory testing, usability/UX testing, one-off tests, tests requiring human observation.

b(05 marks)

Give three (3) advantages and two (2) risks of Software Test Automation. (2023 Q2)

✓ Model Answer

Advantages (3):

  • Speed — Test execution is faster compared to manual testing
  • Reliable — Automated tests perform the same operation precisely each time, eliminating human error
  • Repeatable — Tests can be re-run easily across different versions
  • Also: Coverage (wider test coverage) | Reusable (across app versions)

Risks (2):

  • Incompatibility of automation tools with the test environment
  • Incorrect evaluation of time and effort required (tool selection, training, maintenance)
  • Also: Overlooking human-tester capability | Budget/vendor issues
c(06 marks)

Briefly explain two (2) key factors to consider when selecting a testing tool. Compare Manual Testing and Automation Testing with respect to Accuracy and Cost Efficiency. (2022 Q3)

✓ Model Answer

Key Factors (any 2):

  • Platform Compatibility — OS types, application types, mobile platforms supported
  • User-Friendliness — Supports keyword testing or requires scripting expertise
  • Ecosystem Integration — Integrates with CI/CD pipeline, defect management, source control
AspectManual TestingAutomation Testing
AccuracyHuman errors reduce accuracyEliminates human error → higher accuracy consistently
Cost EfficiencyMore costly — hiring experts for each testing cycleHigh initial investment; less costly in the long term
d(10 marks)

State whether the following statements about test automation frameworks are TRUE (T) or FALSE (F). (1×10 = 10 marks)

  • 1.Data Driven Automation Frameworks allow test scripts to run with different data sets without modifying the script itself.
  • 2.Hybrid Automation Frameworks combine elements of both data-driven and keyword-driven frameworks.
  • 3.Keyword Driven Automation Frameworks require testers to have programming knowledge to create test cases.
  • 4.Linear Automation Frameworks are best suited for complex applications with numerous interactions.
  • 5.Library Architecture in test automation focuses on organising reusable functions to promote code reuse.
  • 6.Regression testing is done BEFORE code fixes, upgrades or any other system maintenance.
  • 7.Smoke testing is a good candidate for test automation.
  • 8.Software test automation is always possible for all types of testing scenarios.
  • 9.Automation testing can ensure a superior user experience better than manual testing.
  • 10.Load and performance testing have no viable manual alternative.
✓ Model Answer
#Statement (key point)Answer
1Data Driven — run with different data without modifying scriptTRUE
2Hybrid — combines data-driven and keyword-drivenTRUE
3Keyword Driven — requires programming knowledgeFALSE (keywords abstract the code)
4Linear — best for complex applicationsFALSE (simple, not complex apps)
5Library Architecture — reusable functionsTRUE
6Regression done BEFORE code fixesFALSE (done AFTER changes)
7Smoke testing is good for automationTRUE
8Automation ALWAYS possibleFALSE (not for exploratory/usability)
9Automation ensures better UX than manualFALSE (UX needs human judgement)
10Load/performance — no viable manual alternativeTRUE
Q9
Topic 9 — XML-Based Test Automation (XPath)
XPath Format, Absolute vs Relative, Functions & Axes
25 Marks4 parts (a–d)
a(05 marks)

XPath is one of the most popular HTML element locators in Test Automation. Briefly explain the general XPath format using an example, describing each component. (2024 Q3)

✓ Model Answer
XPath = //tagname[@attribute='value']
ComponentMeaning
// (double slash)Selects anywhere in the DOM — relative path
/ (single slash)Refers to root element — absolute path from HTML root
tagnameThe HTML tag being targeted (e.g. div, input, a, select)
@attributeThe attribute name to filter by (e.g. @id, @class, @name)
'value'The expected value of the attribute (in quotes)

Example: //input[@id='username'] — finds all <input> elements anywhere in the DOM where id equals 'username'.

b(04 marks)

Briefly explain the difference between Absolute XPath and Relative XPath with one example each. (2022 Q3, 2023 Q3)

✓ Model Answer
Absolute XPathRelative XPath
DefinitionComplete path from ROOT nodeShorter path starting from MIDDLE of DOM (any element)
Starts withSingle slash: /Double slash: //
FlexibilityBrittle — breaks if DOM structure changesFlexible — less likely to break
Example/html/body/table/tbody/tr[2]/td//input[@id='username']
c(10 marks)

Write the correct relative XPath for each of the following scenarios. (2×5 = 10 marks)

iWrite XPath to identify 'img' node where 'src' attribute value contains 'toyota'.
iiIdentify 'select' node using both 'class' = 'htext round' and 'name' = 'vtype'.
iiiSelect 'input' element where id is 'username'.
ivWrite XPath to capture 'h2' node using text() function where text = 'Search Vehicles'.
vSelect the second <li> element in an ordered list <ol>.
✓ Model Answer
#ScenarioXPath
iimg with src containing 'toyota'//img[contains(@src, 'toyota')]
iiselect by class AND name//select[@class='htext round' and @name='vtype']
iiiinput by id//input[@id='username']
ivh2 using text()//h2[text()='Search Vehicles']
vsecond li in ol//ol/li[2]
d(06 marks)

Write down the correct XPath axis name in front of each definition. (2024 Q3)

DefinitionAxis
Selects all immediate (direct) children of the current node
Selects the immediate parent of the current node
Selects all ancestors of the current node, all the way up to the root
Selects all siblings after the current node
Selects all nodes that come before the current node (except ancestors)
Selects the current node itself
✓ Model Answer
DefinitionAxis
Selects all immediate (direct) childrenchild
Selects the immediate parentparent
Selects all ancestors up to rootancestor
Selects all siblings after current nodefollowing-sibling
Selects all nodes before current node (except ancestors)preceding
Selects the current node itselfself

Additional axes: following (all nodes after), preceding-sibling (siblings before), descendant (all children/grandchildren).

Q10
Topic 10 — Automated Testing Suites for Web Apps
Selenium Components, Architectures, POM & Selenium API Commands
25 Marks3 parts (a–c)
a(12 marks)

Selenium is a free and open-source test automation suite widely used for web applications. Name and explain the four components of the Selenium suite. (2024 Q2)

✓ Model Answer
ComponentDescription
Selenium WebDriverLanguage-specific bindings to drive browsers (Chrome, Firefox, Safari etc.). Supports Java, Python, C#, JS, Ruby. Can create robust browser-based regression automation suites. Provides different drivers per browser. BACKBONE of modern Selenium.
Selenium IDEChrome, Firefox, and Edge add-on that performs simple record-and-playback of interactions with the browser. Makes testing easier even for people with no/limited programming experience. Used for quick bug reproduction scripts.
Selenium GridHelps run Selenium tests in parallel across multiple remote machines simultaneously. Hub + Nodes architecture: nodes run Selenium instances; hub controls entire execution. Facilitates scaling and running tests across vast browser/OS combinations.
Selenium RC (Remote Controller)DEPRECATED — no longer a current Selenium component. Was used to inject JavaScript code into the browser for automation and required an additional server.
b(08 marks)

Briefly describe the following test automation architectures: (i) Record and Playback, (ii) Keyword-Driven, (iii) Data-Driven, (iv) Page Object Model (POM). State whether POM is REQUIRED for Selenium to be effective.

✓ Model Answer
ArchitectureDescription
Record & PlaybackRecords user interactions, generates tests, replays them. Simple and easy to use but BRITTLE — may not work well with complex web applications.
Keyword-DrivenSteps defined by predefined keywords mapped to objects and actions in a shared object repository. More flexible than record/playback; promotes reuse. Does NOT require programming knowledge.
Data-DrivenTests driven by a SET of input data from file/DB. Same script runs with different data sets — clear separation of test scripts and input data. No hard-coding of data.
POM (Page Object Model)Web pages represented as OBJECTS mapping page elements. Organised into a page object model. Easy to write and maintain tests for complex apps; reduces code duplication; improves maintainability.

Is POM required? FALSE — POM is a best-practice design pattern, not a requirement. Selenium is effective without POM.

c(05 marks)

Write down suitable Selenium commands in Java to perform the following actions: (2024 Q4)

iCreate a WebDriver instance using ChromeDriver
iiOpen the webpage "http://ucsc.lk"
iiiClick on a button whose XPath is //input[@id='btn']
ivSelect option "Sri Lanka" from a dropdown whose XPath is //select[@id="country"]
vClose all browser windows and end the session
✓ Model Answer
// i. Create ChromeDriver instance
WebDriver driver = new ChromeDriver();

// ii. Open URL
driver.get("http://ucsc.lk");

// iii. Click button by XPath
driver.findElement(By.xpath("//input[@id='btn']")).click();

// iv. Select dropdown option
WebElement dropdown = driver.findElement(By.xpath("//select[@id='country']"));
Select select = new Select(dropdown);
select.selectByVisibleText("Sri Lanka");

// v. Close all windows
driver.quit();  // Use driver.close() to close only the current window
Q11
Topic 11 — Java-Based Test Automation: TestNG
TestNG Annotations, Execution Order & Output Tracing
20 Marks3 parts (a–c)
a(02 marks)

TestNG is a testing framework for Java programming language. Name the two (2) unit testing frameworks that were mainly used to develop TestNG. (2023 Q4)

✓ Model Answer

JUnit and NUnit

b(08 marks)

Write down the output of the following TestNG programme. Use your knowledge of TestNG annotation execution sequence. (2023 Q4)

public class it6206 {
  @Test
  public void testCase1() { System.out.println("Test One"); }
  @Test(priority=1)
  public void testCase2() { System.out.println("Test Two"); }
  @BeforeMethod
  public void beforeMethod() { System.out.println("A"); }
  @AfterMethod
  public void afterMethod() { System.out.println("A"); }
  @BeforeTest
  public void beforeTest() { System.out.println("B"); }
  @AfterTest
  public void afterTest() { System.out.println("B"); }
  @BeforeSuite
  public void beforeSuite() { System.out.println("C"); }
  @AfterSuite
  public void afterSuite() { System.out.println("C"); }
}
✓ Model Answer

Annotation order: BeforeSuite → BeforeTest → BeforeClass → BeforeMethod → @Test → AfterMethod (repeats per @Test) → AfterClass → AfterTest → AfterSuite

Note: @Test with no priority = priority 0 (runs FIRST). @Test(priority=1) runs second.

C
B
A
Test One
A
A
Test Two
A
B
C
c(10 marks)

State whether the following statements are True (T) or False (F) regarding TestNG and Selenium. (2024 Q4) (1×10 = 10 marks)

  • 1.TestNG XML files are used to define test suites, test groups, and the order in which tests should be executed.
  • 2.In a TestNG XML file, you can specify parameters to be passed to test methods at runtime.
  • 3.TestNG XML files are MANDATORY for executing tests in TestNG; tests cannot run without them.
  • 4.A single TestNG XML file can only define one test suite and cannot include multiple test configurations.
  • 5.The Page Object Model (POM) is a design pattern that promotes code reusability by creating an object repository for web elements.
  • 6.Selenium requires the use of POM to be effective in automating tests.
  • 7.Using POM helps in reducing code duplication and improves the maintainability of test scripts.
  • 8.Assertions are used in testing to verify that the expected outcome matches the actual outcome.
  • 9.Assertions are only used in unit testing and are not applicable to integration or functional testing.
  • 10.Assertions can be categorised into soft assertions, hard assertions, and regular assertions based on how they handle test failures.
✓ Model Answer
#AnswerExplanation
1TRUETestNG XML defines suites, groups & execution order
2TRUEParameters can be passed via TestNG XML at runtime
3FALSETestNG XML is NOT mandatory — tests can run without it
4FALSEOne XML file CAN define multiple test suites/configurations
5TRUEPOM creates an object repository for web elements
6FALSESelenium does NOT require POM to be effective
7TRUEPOM reduces code duplication & improves maintainability
8TRUEAssertions verify expected vs actual outcomes
9FALSEAssertions apply to all test levels (integration, functional etc.)
10FALSEOnly SOFT and HARD assertion types — NOT "regular"
Q12
Topic 12 — CI / CD · Jenkins · Version Control & Git
CI/CD Definitions, Jenkins Architecture, Pipeline Script & Git Commands
25 Marks3 parts (a–c)
a(08 marks)

(i) Briefly explain Continuous Integration (CI) and Continuous Delivery (CD). (2023 Q4, 04 marks)

(ii) Describe the Jenkins Master-Slave Architecture focusing on the major responsibilities of each component. (2022 Q4, 04 marks)

✓ Model Answer

CI — Continuous Integration: A method of continuously verifying the condition of a codebase through automated testing. Best achieved by integrating CI with version control. Developers merge code frequently; automated builds & tests run on each commit.

CD — Continuous Delivery: Approach to regularly deploying artefacts that successfully pass the CI phase, to ensure confidence around deployments. Deployments become quick, frequent, and reliable.

RoleResponsibilities
MasterSchedules build jobs; dispatches jobs to slave nodes for execution; monitors slaves; records & aggregates results; acts as central server/controller
Slave / NodeExecutes build jobs given by the master; can support different OS/browser environments; enables horizontal scaling
b(08 marks)

Consider the following Jenkins Pipeline Script. What is the purpose of the steps in part (A) and part (B)? (2022 Q4)

pipeline {
  agent any
  stages {
    stage("Test") {
      steps {
        sh 'make check || true'   // (A)
        junit '**/target/*.xml'    // (B)
      }
    }
  }
}
✓ Model Answer

(A) sh 'make check || true'
Executes the shell command "make check" within the Jenkins environment. The || true part ensures that even if "make check" fails (returns a non-zero exit status), the pipeline does NOT fail. The pipeline continues regardless of the command's outcome.

(B) junit '**/target/*.xml'
Publishes JUnit test results by specifying the path to the JUnit XML report files. The glob pattern **/target/*.xml matches XML files in ANY subdirectory of the "target" directory. Jenkins uses these results to mark the build as UNSTABLE (yellow) if tests fail, and captures them for the build report.

c(09 marks)

You are working on a Git repository called "bitproject" containing files: "index.html", "styles.css", and "script.js". Write the appropriate Git commands to: (2022 Q4)

AInitialise a new Git repository called "bitproject"
BAdd all files to the staging area and commit with message "Initial Commit"
CCreate a branch called "feature" and switch to it
DSwitch back to master and merge the "feature" branch
EView the commit history
✓ Model Answer
# A. Initialise repository
git init bitproject

# B. Stage all files and commit
git add .
git commit -m "Initial Commit"

# C. Create branch and switch to it
git branch feature
git checkout feature
# OR shorthand:
git checkout -b feature

# D. Switch to master and merge
git checkout master
git merge feature

# E. View commit history
git log
Q13
Topic 13 — Mobile Test Automation
Mobile App Types, Appium Architecture & UIAutomator
20 Marks3 parts (a–c)
a(08 marks)

Name two (2) main types of mobile applications and briefly explain each type with an example. (2023 Q3)

✓ Model Answer (any 2 of 4 types)
TypeDescriptionExample
Native AppBuilt for ONE specific platform (Android/iOS/Windows). Written in platform language (Java for Android, Swift for iOS). Tied to its OS — cannot run on other platforms. Runs both online and offline. Full access to all device APIs (GPS, camera, contacts).Instagram, Google Maps
Browser-based / Web AppAccessed via mobile browser (Safari/Chrome). Built with HTML/CSS/JS. Needs network connection — served from a server (no offline mode). Common code base across all platforms. May lack GPS/camera access.Mobile websites
Hybrid AppWeb technology (HTML/CSS/JS) running INSIDE a native container. Single codebase for all platforms. Web-to-native abstraction layer enables moderate device API access.Ionic apps
Transpiled / Cross-PlatformWritten once, compiled to native code per platform. Near-native performance.Flutter, React Native
b(08 marks)

What is the purpose of UIAutomator in Appium for Android? Describe the Appium architecture and how it communicates with Android and iOS devices. (2022 Q4)

✓ Model Answer

UIAutomator: A native Android UI automation framework that allows testers to run JUnit test cases directly on the device via command line using Java. Appium allows it to be driven from any WebDriver-supported language. It provides APIs to interact with UI elements (click buttons, enter text, navigate screens, verify elements).

Appium Architecture: Appium is an HTTP server written in Node.js. Client-server flow:

  1. Test script sends commands (JSON over HTTP/WebDriver protocol) to the Appium server
  2. Appium initiates a session and returns a session ID
  3. Appium translates commands to platform-specific frameworks
  4. Returns execution status to the test script
PlatformHow Appium Communicates
AndroidProxies commands to UIAutomator script on-device. bootstrap.jar acts as a TCP server sending test commands
iOSUses Apple's UIAutomation API (JavaScript library). Test script → Appium → instruments → bootstrap.js → commands executed
c(04 marks)

State whether each statement about mobile applications is True (T) or False (F):

  • 1.A native mobile application can run in offline mode.
  • 2.Browser-based mobile applications are stored offline on the device.
  • 3.Hybrid apps use a single codebase to run on multiple platforms.
  • 4.Native apps can run on any mobile operating system without modification.
✓ Model Answer
#StatementAnswer
1Native app runs in offline modeTRUE
2Browser-based apps stored offline on deviceFALSE — served from server, no offline storage
3Hybrid apps use single codebase for multiple platformsTRUE
4Native apps run on any mobile OS without modificationFALSE — tied to its own OS, cannot run on others
Q14
Topic 14 — Test Reporting Frameworks
Test Reporting Frameworks, Tool Selection Criteria & Report Contents
20 Marks3 parts (a–c)
a(08 marks)

Write down the correct type of testing framework based on the definitions given below. (2023 Q4, 1×4 = 04 marks) Also explain TWO other frameworks not listed. (2×2 = 04 marks)

iCombination of existing testing frameworks to take advantage of the benefits of different frameworks and mitigate their weaknesses.
iiTest execution is basically a sequence of steps defined by keywords, and keywords are mapped to objects and actions in a shared object repository.
iiiFocus is on executing a test with different input data. Data is read from databases or spreadsheets. There is a clear separation of test scripts and input data.
ivTests are independent of one another, often created by recording manual actions and replaying them.
✓ Model Answer
#Definition key clueFramework
i"Combination…take advantage of benefits"Hybrid
ii"keywords…mapped to objects and actions"Keyword Driven
iii"different input data…separation of scripts & data"Data Driven
iv"recording manual actions and replaying"Linear Scripting

Additional Frameworks:

  • BDD (Behaviour Driven): Tests written DESCRIPTIVELY in plain English (Gherkin — Given/When/Then) so business stakeholders can understand them. Tests in terms of user-focused behaviours/scenarios.
  • Module Based: Application tested in smaller parts (functions/modules/sub-systems); separate test scripts per module; combined for system-level tests.
b(05 marks)

List down five (5) criteria that can be used for choosing the right test reporting tool. (2023 Q4)

✓ Model Answer
CriterionDetail
User InterfaceClean and easy to use
UsabilitySimple to learn and master; compatible with a wide range of automation tools
Functionality & FeaturesAbility to provide comprehensive and relevant reports; real-time tracking; defect traceability
ValueReasonable price in relation to the features, capabilities and use case
IntegrationWorks with CI/CD pipeline, defect management systems, source control
c(07 marks)

What is a Test Summary Report? List the key sections it must include and briefly describe the 10-step process to create one.

✓ Model Answer

Test Summary Report: A document summarising all test activities and final results of a testing project. Helps stakeholders assess product quality and decide whether to release.

Key sections: Test Objective | Areas Covered | Areas NOT Covered | Testing Approach | Defect Report | Platform Details | Overall Summary/Recommendations | Exit Criteria & Sign-Off

10-Step Creation Process:

  1. Capture purpose of the document
  2. Capture overview of the product under test
  3. Capture testing scope (in/out, untested areas + reasons)
  4. Capture metrics (planned/executed/passed/failed test case counts)
  5. Capture types of testing performed (incl. multiple rounds)
  6. Capture test environment & tools (App URL, DB version, bug tool)
  7. Document learnings during test activity (issues & solutions)
  8. Write recommendations for next cycle
  9. Define exit criteria (all planned cases run; critical issues closed)
  10. SIGN OFF — testing team approves go-live if exit criteria fulfilled