The Quality Assurance team is testing a new third party developed application. The Quality team does not have any experience with the application. Which of the
following is the team performing?
A.
Grey box testing
B.
Black box testing
C.
Penetration testing
D.
White box testing
Explanation:
Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This
method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level
testing, but can also dominate unit testing as well. Specific knowledge of the application’s code/internal structure and programming knowledge in general is not
required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input
returns a certain, invariable output but is not aware of how the software produces the output in the first place.
Incorrect Answers:
A: Gray box testing, also called gray box analysis, is a strategy for software debugging in which the tester has limited knowledge of the internal details of the
program. A gray box is a device, program or system whose workings are partially understood. Gray box testing can be contrasted with black box testing, a scenario
in which the tester has no knowledge or access to the internal workings of a program, or white box testing, a scenario in which the internal particulars are fully
known. Gray box testing is commonly used in penetration tests.
Gray box testing is considered to be non-intrusive and unbiased because it does not require that the tester have access to the source code. With respect to internal
processes, gray box testing treats a program as a black box that must be analyzed from the outside. During a gray box test, the person may know how the system
components interact but not have detailed knowledge about internal program functions and operation. A clear distinction exists between the developer and the
tester, thereby minimizing the risk of personnel conflicts. The question states that the Quality team does not have any experience with the application.
Therefore, this answer is incorrect.
C: Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could
exploit. Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the
target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings.
The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization’s security policy compliance, its
employees’ security awareness and the organization’s ability to identify and respond to security incidents. Penetration tests are used to test the security controls of
a system or application. It is not used specifically for general application testing. Therefore, this answer is incorrect.
D: White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of testing software that tests
internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing). In white-box testing an internal perspective of the system, as
well as programming skills, are used to design test cases. The tester chooses inputs to exercise paths through the code and determine the appropriate outputs.
This is analogous to testing nodes in a circuit, e.g. in-circuit testing (ICT). White-box testing can be applied at the unit, integration and system levels of the software
testing process. Although traditional testers tended to think of white-box testing as being done at the unit level, it is used for integration and system testing more
frequently today. It can test paths within a unit, paths between units during integration, and between subsystems during a systemlevel test.
The question states that the Quality team does not have any experience with the application.
Therefore, this answer is incorrect.http://en.wikipedia.org/wiki/Black-box_testing
http://searchsoftwarequality.techtarget.com/definition/gray-box http://searchsoftwarequality.techtarget.com/definition/penetration-testing http://en.wikipedia.org/wiki/
White-box_testing