Examples

See how QA answers become stronger

Many QA answers are not wrong — they are just incomplete. What To Test helps you expand from obvious happy paths to risk-based, senior-level coverage.

Example 1

How would you test a login page?

Try Login challenge

Weak answer

Junior
valid login and invalid password

It covers the happy path and one basic negative case, but misses account states, security, session behavior, UX, and accessibility.

Better answer

Senior
valid login, invalid password, empty fields, unknown email, locked user, remember me, forgot password, brute force protection, rate limiting, generic error message, password masking, session cookies, redirect after login, keyboard navigation

It covers functional behavior, negative cases, account states, security risks, session behavior, and accessibility.

What improved

It covers functional behavior, negative cases, account states, security risks, session behavior, and accessibility.

Example 2

How would you test payment checkout?

Try Checkout challenge

Weak answer

Junior
visa card, paypal, buy one product

It mentions payment methods and a simple purchase, but misses failure recovery, duplicate submit, tax, promo codes, order consistency, receipt, security, and UX.

Better answer

Senior
successful checkout, visa and paypal, declined card, provider timeout, retry, duplicate submit, tax calculation, promo code, shipping address, order confirmation email, inventory reservation, no duplicate orders, clear payment status

It covers happy path, payment failures, recovery, calculations, backend consistency, and user experience.

What improved

It covers happy path, payment failures, recovery, calculations, backend consistency, and user experience.

Example 3

How would you test Create User API?

Try Create User API challenge

Weak answer

Junior
201 created, invalid email

It covers a basic success case and one validation case, but misses duplicate users, required fields, authorization, role escalation, schema, data persistence, and error codes.

Better answer

Senior
201 created with valid payload, required fields, invalid email, duplicate email, unauthorized request, forbidden admin role, malformed JSON, response schema, database record created, audit log, 400/401/403/409 status codes, no sensitive data in response

It covers functional behavior, validation, authorization, security, backend persistence, schemas, and status codes.

What improved

It covers functional behavior, validation, authorization, security, backend persistence, schemas, and status codes.