QUIZ 1 In Iterative development approach, which phase takes the least cost?

[A]Iterative development [B]System Testing *[C]Specification [D]Design What are generic software process models? (Choose one) [A]Waterfall, Iterative development, Agile development [B]Waterfall, Component-based software engineering, Agile development [C]Waterfall, Iterative development, Extreme programming development *[D]Waterfall, Iterative development, Component-based software engineering What is a software process model? [A]A simplified representation in a waterfall [B]A simplified representation in a cycle of a software process [C]A simplified representation in a step by step of a software process *[D]A simplified representation of a software process, presented from a specific perspective The current trends suggest that the economies of ALL developed and developing nations are dependent on software [A]False *[B]True In Waterfall approach, which phase takes the most cost? *[A]Integration and testing [B]Design [C]Specification [D]Development What is a software process? [A]A set of cycles whose goal is the development or evolution of software [B]A set of steps whose goal is the development or evolution of software [C]A set of models whose goal is the development or evolution of software *[D]A set of activities whose goal is the development or evolution of software The distribution of the costs of software engineering NOT depends on the process model that is used [A]True *[B]False In Waterfall approach, which phase takes the least cost? [A]Development [B]Integration and testing

[C]Design *[D]Specification What are essential attributes of good software? [A]Maintainability; Undependability; Efficiency; Usability *[B]Maintainability; Dependability; Efficiency; Acceptability [C]Maintainability; Efficiency; Usability; Good look and feel In Component-based software engineering approach, which phase takes the least cost? *[A]Specification [B]Design [C]Development [D]Integration and testing What are the key challenges facing software engineering in the 21st century? (Choose one) [A]The heterogeneity challenge, the trust challenge, the life time challenge *[B]The heterogeneity challenge, the delivery challenge, the trust challenge [C]The delivery challenge, the trust challenge, the life time challenge [D]The heterogeneity challenge, the delivery challenge, the life time challenge ----------------------------------------------------------------------------------------------QUIZ 2 Which is the correct sequence of the following activities in the process of System evolution? (1) Assess existing systems (2) Define system requirements (3) Modify systems (4) Propose system changes [A]2=>1=>3=>4 *[B]2=>1=>4=>3 [C]2=>3=>1=>4 [D]2=>3=>4=>1 What is the main difference between the Spiral model and other software processes models? *[A]The explicit recognition of risk in the Spiral model [B]The goal of Objective setting phase [C]The goal of Development and validation phase [D]The goal of Planning phase What is the outputs of Requirements elicitation and analysis? (Choose one) *[A]System models [B]User and system requirements document

[C]Requirements document What is the correct sequence of the following iterations in the RUP(Rational Unified Process) model? (1) Elaboration (2) Inception (3) Transition (4) Construction *[A]2 => 1 => 4 => 3 [B]1 => 2 => 4 => 3 [C]2 => 4 => 3 => 1 [D]4 => 3 => 1 => 2 What is the output of Feasibility study phase in the requirements engineering process? [A]User requirement document *[B]Report that recommends whether or not to continue development project [C]Stakeholders list [D]Project plan In contrast, the RUP (Rational Unified Process) is normally described from which types of perspectives? *[A]Dynamic perspective, Static perspective, Practice perspective [B]Dynamic perspective, Static perspective, Deployment perspective [C]Dynamic perspective, Static perspective, Behavior perspective [D]Dynamic perspective, Static perspective, Iterative perspective What is the main difference between the RUP (Rational Unified Process) and other software processes models? [A]The goal of Inception phase *[B]Phase are more closely related to business rather than technical concerns [C]The construction phase is essentially concerned with system design, programming and testing [D]System design with re-use Which is the correct sequence of the following activities in the Waterfall model? (1) System and software design (2) Requirement definition (3) Integration and system testing (4) Implementation and unit testing (5) Operation and maintenance [A]1=>4=>3=>2=>5 [B]1=>2=>3=>4=>5 *[C]2=>1=>4=>3=>5 [D]2=>3=>4=>1=>5

Which is the correct sequence of the following activities in the Component-based software engineering? (1) Component analysis (2) System design with reuse (3) Requirements modification (4) Development and integration *[A]1=>3=>2=>4 [B]1=>3=>4=>2 [C]1=>2=>4=>3 [D]1=>2=>3=>4 The Waterfall approach is the BEST approach to development software when __ [A]Adding some new features to a system [B]Un-stable requirement systems [C]The software system is small, unclear requirements *[D]The software system is large and that is need developed at several sites Three categories of risks are ___ *[A]Project risks, technical risks, business risks [B]Business risks, personnel risks, budget risks [C]Planning risks, technical risks, personnel risks [D]Management risks, technical risks, design risks -------------------------------------------------------------------------------QUIZ 3 Why many software projects are 'one-off' projects? [A]Because the requirements of software projects should document in multi languages *[B]Because the requirements of software projects are not the same [C]Because the requirements of software projects are the same [D]Because the requirements of software projects are always complex What is the BEST way to do work breakdown structure? *[A]Sets out the breakdown of the project into activities and identifies the milestones and deliverables associated with each activity [B]Sets out the breakdown of the project into smaller activities [C]Sets out the breakdown of the project into smaller tasks [D]Sets out the breakdown of the project into smaller functional What are milestones in project planning? [A]Milestones are the end-point of a project phase [B]Milestones are project results delivered to customers *[C]Milestones are the end-point of a process activity What is the critical path? [A]The critical path is the shortest path in the activity network

*[B]The critical path is the sequence of dependent activities that defines the time required to complete the project [C]The critical path is the path in the activity network Select the BEST statement about critical path [A]Project manager do not need to know critical path [B]Project manager do not need allocate experienced people to do the tasks on the critical path, any slippage in the completion in any critical activity not causes project delay *[C]Project manager should allocate experienced people to do the tasks on the critical path What is the output of the first milestone in software requirement engineering process? *[A]Feasibility study report document [B]Requirements document [C]Requirements analysis document [D]Requirements elicitation document Which is the BEST principle of project scheduling? [A]All tasks are organized concurrently [B]Maximize task dependencies to avoid delays caused by one task waiting for another to complete [C]All tasks are organized sequence *[D]Minimize task dependencies to avoid delays caused by one task waiting for another to complete The project schedule shows ___ [A]The resources available to the project, the work breakdown and a schedule for carrying out the work. *[B]The dependencies between activities, the estimated time required to reach each milestone and the allocation of people to activities What are deliverables? (Choose one) [A]Deliverables are the output of project design *[B]Deliverables are project results delivered to customers [C]Deliverables are the output of project planning [D]Deliverables are the output of project implementation Which is the principle of prototype model? *[A]A prototype is to build quickly demonstrate to the customer what the product look like. Only minimal functionality of the actual product is provided during prototyping phase. [B]A prototype is to build quickly software to the customer. Almost functionality of the product are completed and system tested [C]A prototype is to build quickly software to the customer. All functionality of the product are completed and system tested

[D]A prototype is to build quickly software to the customer. Only some functional of the product are completed and system tested -----------------------------------------------------------------------------QUIZ 4 What are non functional requirements? *[A]Constraints on the services or functions offered by the system such as timing constraints, constraints on the development process, standards, etc [B]Requirements that come from the application domain of the system and that reflect characteristics and constraints of that domain [C]Statements of services the system should provide how the system should react to particular inputs and how the system should behave in particular situations. What are good attributes of requirements? (Choose one) [A]Testable, complete, clear, inconsistent, unambiguous [B]Testable, complete, clear, consistent, ambiguous [C]Testable, incomplete, clear, consistent, unambiguous *[D]Testable, complete, clear, consistent, unambiguous What are domain requirements? [A]Constraints on the services or functions offered by the system such as timing constraints, constraints on the development process, standards, etc [B]Statements of services the system should provide how the system should react to particular inputs and how the system should behave in particular situations. *[C]Requirements that come from the application domain of the system and that reflect characteristics and constraints of that domain What are system requirements? *[A]A structured document setting out detailed descriptions of the systems functions, services and operational constraints [B]Constraints on the services or functions offered by the system such as timing constraints, constraints on the development process, standards, etc [C]Statements in natural language plus diagrams of the services the system provides and its operational constraints Which are types of non-functional requirement? (Choose one) *[A]Product requirements; Organizational requirements; External requirements [B]Organizational requirements; External requirements; Non-Functional Requirements [C]Organizational requirements; External requirements; System Requirements [D]User requirements; Organizational requirements; External requirements What is the BEST way to write requirement document? [A]Should include HOW the system will be implemented in a specification of the system requirements

[B]Should NOT include a definition of user requirements in a specification of the system requirements [C]Requirement document should set of WHAT the system should do and HOW it should do *[D]Should include both a definition of user requirements and a specification of the system requirements What are functional requirements? [A]Constraints on the services or functions offered by the system such as timing constraints, constraints on the development process, standards, etc [B]Requirements that come from the application domain of the system and that reflect characteristics of that domain *[C]Statements of services the system should provide how the system should react to particular inputs and how the system should behave in particular situations. What are user requirements? *[A]Statements in natural language plus diagrams of the services the system provides and its operational constraints [B]Constraints on the services or functions offered by the system such as timing constraints, constraints on the development process, standards, etc [C]A structured document setting out detailed descriptions of the systems functions, services and operational constraints Which of the following requirement statements belongs to domain requirements? [A]Students can reserve a library item online *[B]There shall be a standard user interface to all database that shall be base on the Z39.50 standard [C]The staff member should be able to issue a library item by scanning the bar codes of the library item and the student card [D]The user should be able to search for a library item by specifying a key word In reality, the distinction between different types of requirements is not clear-cut *[A]True [B]False Which of the following requirement statements belongs to non-functional requirements? [A]An article information shall include Author, Title, Description and other related information *[B]The user interface shall be implemented as simple HTML without frames [C]The system shall be able to search either all of the initial set of databases or select a sub set from it, [D]The system shall provide appropriate viewers for the user to read documents in the document store ---------------------------------------------------------------------------

Quiz 5 Whats the BEST way to start creating a data-flow diagram? [A]In the class diagram, you list all the classes and then wrestle with the interclass associations, attributions, operations *[B]In the data-flow diagram, you should start by analyzing the overall procurement process and then move on to the analysis of sub-processes When should you use state machine model? (Choose one) [A]State machine used to define the boundaries of the system, validate system requirement *[B]Describe how a system responses to external and internal events; It shows system states and events that cause transition from one state to another [C]State machine used to help the analyst to understand the functionality of the system, communicating with customer [D]State machine used in showing the data exchange between a system and other systems in its environment When should you use data flow diagrams (DFD)? (Choose one) [A]DFD is used to describing all of the things that can be done with a database system [B]DFD is used to illustrate the sequence of steps that must be performed in order to complete a task [C]DFD is used to showing all of systems functionalities available *[D]DFD is used to showing the data exchange between a system and other systems in its environment Can two objects associate with one another in more than one way? [A]No *[B]Yes Whats the BEST way to start creating a state diagram? *[A]In the state diagram, you first list the states of the object and then focus on the transition [B]In the state diagram, you list all the classes and then wrestle with the interclass associations Whats the BEST way to start creating a class diagram? [A]In the class diagram, you list all the classes and then wrestle with the interclass associations, attributions, operations *[B]In the class diagram, you first list the states of the object and then focus on the attributions, operations Another name for inheritance is ___ [A]Association *[B]Generalization [C]Aggregation

[D]Composition When should you use sequence diagram? (Choose one) [A]Should use sequence diagram to represent exception behavior (when errors happen) [B]Should use sequence diagram to describing branching behaviors of the TCP/IP network protocol [C]Should use sequence diagram to represent all of the people who might use the functionalities of the system *[D]Should use sequence diagram to illustrate the sequence of steps that must be performed in order to complete a task Which models give a static view of a system? [A]Object model; Data-flow model; Context model; Architectural model; *[B]Object model; Data model; Architectural model; [C]Object model; Data model; Context model; State machine model; When should you use use-case diagram? (Choose one) [A]Should use use-case diagram to represent exception behavior (when errors happen) [B]Should use use-case diagram to illustrate the sequence of steps that must be performed in order to complete a task [C]Should use use-case diagram to describing branching behaviors of the TCP/IP network protocol *[D]Should use use-case diagram to represent all of the people who might use the functionalities of the system What are types of behavioral models? (Choose one) [A]Data-Flow, Structure model [B]Data-Flow, Static model *[C]Data-Flow, State machine [D]Data-Flow, Data Structure model

QUIZ 6 Which non-functional system requirements that the software system architecture may depend on? (Choose one) [A]Performance, Security, Safety, Availability, Easy deploy [B]Performance, Efficiency, Safety, Availability, Maintainability [C]Performance, Security, Safety, Availability, Easy implement *[D]Performance, Security, Safety, Availability, Maintainability Select the BEST solution for architectural design of a software system that performance is a critical requirement [A]The architectural should be designed to localise critical operations and minimise communications, use fine-grain rather than large-grain components [B]The architectural should be designed to localise critical operations and maximise communications, use large-grain rather than fine-grain components

*[C]The architectural should be designed to localise critical operations and minimise communications, use large-grain rather than fine-grain components Which of the following models belong to Event-driven systems? (Choose one) [A]Call-return model, Manager model *[B]Broadcast models, Interrupt-driven models [C]Object oriented control model, Function Oriented control model What is the correct statement about software architectural design decisions? *[A]Architectural design is a creative process, the activities in the process differs depending on the type of system being developed [B]Architectural design only focus on non-functional requirements and choose architectural style or styles are appropriate for the system [C]Architectural design only focus on functional requirements and choose architectural style or styles are appropriate for the system Which of the following styles belong to Control styles? (Choose one) *[A]Centralised control, Event-based control [B]Object oriented control, Function Oriented control [C]Shared data control, Shared services control Which of the following styles belong to System organization? (Choose one) [A]Centralised control, Event-based control [B]Object oriented control, Function Oriented control *[C]The repository model; The Client-server model; The Abstract machine (layered) model What is the correct statement about software architectural styles? [A]Most large systems follow two architectural styles *[B]Most large systems are heterogeneous architectural styles [C]Most large systems follow one architectural style What is the correct statement about software architectural design? [A]The architectural design is normally expressed as a sequence diagram presenting an overview of the system structure [B]The architectural design is normally expressed as a use case diagram presenting an overview of the system structure [C]The architectural design is normally expressed as a state diagram presenting an overview of the system structure *[D]The architectural design is normally expressed as a block diagram presenting an overview of the system structure Which of the following models belong to Centralised control? (Choose one) *[A]Call-return model, Manager model [B]Shared data control model, Shared services control model [C]Object oriented control model, Function Oriented control model

What are advantages of explicitly designing and documenting software architecture? [A]Stakeholder communication; System analysis; Detail enough for programmers to coding [B]Stakeholder communication; Large-scale reuse; Not abstract, stakeholders can understand and discussion with the development team, detail enough for developers to coding *[C]Stakeholder communication; System analysis; Large-scale reuse What are the models in architecture design? (Choose one) [A]Static, Dynamic, Validation, Relationship, Distribution [B]Static, Dynamic, Interface, Relationship, Evolution *[C]Static, Dynamic, Interface, Relationship, Distribution What are three general architectural styles? (Choose one) [A]System organisation; decomposition styles; Procedure styles *[B]System organisation; decomposition styles; Control styles [C]System organisation; decomposition styles; Object oriented program [D]System organisation; decomposition styles; Logical styles Another name for [ is a] relationship is ___ *[A]Generalization [B]Aggregation [C]Association [D]Composition

QUIZ7 Which is the correct statement about coupling? [A]Coupling deals with the interactions within a single object or software component *[B]Coupling deals with interactions between objects or software components [C]Coupling concerned with how classes are interrelated Which is NOT a primary goal in the design of the UML? *[A]Be dependent on particular programming language [B]Support higher-level development concepts [C]Provide users a ready-to-use, expressive visual modeling language so they can develop and exchange meaningful models [D]Integrate best practices and methodologies What do you mean by coupling in software design? [A]Coupling are two objects or two software components *[B]Coupling is a measure of the strength of association established by a connection from one object or software component to another. [C]Coupling are two software components or two sub-systems

Which of the following is NOT an approach that may be used to identify object classes? [A]Identify tangible things in the application domain *[B]Use Event-based analysis [C]Grammatical analysis identifying nouns and verbs [D]Use scenario-based analysis [E]Use an approach based on the behavior of the system. Which are object-oriented strategies? (Choose one) [A]Object-oriented design, Object-oriented programming, Object-oriented document *[B]Object-oriented analysis, Object-oriented design, Object-oriented programming [C]Object-oriented design, Object-oriented programming, Object-oriented deployment [D]Object-oriented analysis, Object-oriented design, Object-oriented package Which is NOT the main activity in design process? [A]Designing the user interface [B]Designing the access layer *[C]Designing the test case [D]Designing classes (their attributes, methods, etc.) [E]Iterating and refining the design What is the purpose of analysis? [A]The main objective of the analysis is to capture a incomplete, unambiguous, and inconsistent picture of requirements of the system and what the system must do to satisfy the users requirement and needs *[B]The main objective of the analysis is to capture a complete, unambiguous, and consistent picture of requirements of the system and what the system must do to satisfy the users requirement and needs [C]The main objective of the analysis is to capture a complete, ambiguous, and inconsistent picture of requirements of the system and what the system must do to satisfy the users requirement and needs Another name for [has a] relationship is ___ *[A]Composition [B]Association [C]Realization [D]Generalization Which is NOT an advantage of inheritance? *[A]The inheritance graphs of analysis, design and implementation have different functions and should be separately maintained. [B]The inheritance graph is a source of organisational knowledge about domains and systems. [C]It is a reuse mechanism at both the design and the programming level. [D]It is an abstraction mechanism which may be used to classify entities. Which is the correct statement about object identification?

[A]Object identification is a waterfall process; it does not relies on the skill, experience and domain knowledge of system designers [B]Object identification is a waterfall process; it relies on the skill, experience and domain knowledge of system designers *[C]Object identification is an iterative process; it relies on the skill, experience and domain knowledge of system designers [D]Identifying objects (or object classes) is the easiest part of object oriented design Which is the first stage in an object-oriented design process? [A]Design the system architecture [B]Specify object interfaces. *[C]Develop an understanding of the relationships between the software being designed and its external environment [D]Identify the principal system objects; Which is the right sequence in the process of prototype development? (1) Define prototype functionality (2) Establish prototype objectives (3) Evaluate prototype (4) Develop prototype [A]2 => 4 => 3 => 1 [B]1 => 2 => 4 => 3 [C]2 => 1 => 3 => 4 *[D]2 => 1 => 4 => 3 The practices small, frequent releases of the system, the approach to requirements description base on customer stories or scenarios in Extreme Programming fit into which principle of agile methods? [A]Maintain simplicity [B]People not process [C]Embrace change [D]Customer involvement *[E]Incremental delivery What are common principles of agile methods? *[A]Customer involvement; incremental delivery; people not process; embrace change; maintain simplicity [B]Customer involvement; incremental delivery; people not process; embrace change; Increments are delivered to customers every 2 weeks [C]Customer involvement; incremental delivery; people process; embrace change; maintain simplicity Which of the following BEST describes the major difficulties with incremental development? *[A]Contractual problems, validation problems, management problems and maintenance problems

[B]Requirement problems, design problems, implementation problems and validation problems [C]Contractual problems, requirement problems, implementation problems and management problems [D]Design problems, management problems, validation problems and maintenance problems Which of the following is NOT an advantage of using incremental development and delivery? [A]More extensive testing of critical customer functionality [B]Early delivery of critical functionality to customer [C]Lower risk of overall project failure [D]Early increments serve as prototypes to explore requirements *[E]Systems are often have good structures The practices regular system release, test-first development and continuous integration in Extreme Programming fit into which principle of agile methods? [A]Maintain simplicity *[B]Embrace change [C]Customer involvement [D]People not process [E]Incremental delivery Which is NOT an advantage of rapid software development? [A]The end result is the high quality software in least possible time duration and satisfied customer [B]Rapid software development methodology has an adaptive team which is able to respond to the changing requirements *[C]Only senior programmer are capable of taking the kind of decisions required during the development process [D]Face to face communication and continuous inputs from customer representative leave no space for guesswork [E]The documentation is crisp and to the point to save time Which is the evidence when said that pair programming is as efficient as the same number of programmers working individually? (Choose one) [A]In pair programming, all project team members have the same level *[B]Measurements suggest that development productivity with pair programming is similar to that of two people working independently [C]In pair programming, all project team members have the same skills [D]In pair programming, project team member does not need to study requirement What is a user story in extreme programming? [A]It is a history of user *[B]It is a requirement expressed as scenario [C]It is a small card

[D]It is a small table The practices pair programming, collective ownership of the system code, and sustainable pace in Extreme Programming fit into which principle of agile methods? *[A]People not process [B]Incremental delivery [C]Maintain simplicity [D]Customer involvement [E]Embrace change Who chooses the stories for inclusion in the next release based on their priorities and the schedule estimates? *[A]Customer [B]Developer [C]Tester [D]Project Manager In the extreme programming, what is the role of customer? [A]To help define working process that would be followed by the development team [B]To help define the team members [C]To help code refactoring *[D]To help develop stories that defines the requirements Which part of the system can be reuse? (Choose one) *[A]Application system, Component reuse, Object and function [B]Application system, Object and function, Production environment [C]Application system, Component reuse, Project team member The trend of design process in most software engineering disciplines is base on ___ [A]Design system from the scratch [B]Design system from original software development *[C]Reuse of existing system or component If the applications or components are developed in difference programming language from the programming language you are using then you can not reuse that [A]True *[B]False Which is NOT the main benefit of software reuse? [A]Increased dependability *[B]Creating and maintaining a component library [C]Reduced process risk [D]Accelerated development. [E]Effective use of specialists, standards compliance You can not to combine multiple patterns in the complex software system

*[A]False [B]True Which is the correct statement about Product line architectures? *[A]Architectures must be structured in such a way to separate different sub-systems and to allow them to be modified [B]Architectures must be structured in such a way to include different sub-systems and do not allow them to be modified All of the following are the design choices have to be made when reusing COTS products EXCEPT [A]Which COTS products offer the most appropriate functionality *[B]How will data be exchanged between different modules [C]How will data be exchanged between different products [D]What features of a product will actually be used. The trend of Reuse-based software engineering is an approach to development that tries to ___ [A]Design system from the scratch *[B]Maximize the reuse of existing software [C]Minimize the reuse of existing software [D]Design system from original software development What are the benefits of software re-using? [A]To have better software in shorter duration, fewer software resource involve in software development, easy deployment *[B]To have faster delivery of system, lower cost, increased software quality [C]To have better software at lower cost, shorter duration, fewer software resource involve in software development [D]To have fewer software resource involve in software development, easy deployment Which is NOT a key factor that you should consider when planning reuse? [A]The criticality of the software and its non-functional requirements [B]The background, skill and experience of the development team *[C]The name of the application or component reuse [D]The development schedule of the software; The application domain [E]The expected software lifetime; The platform in which the system will run All of the following are types of program generator EXCEPT *[A]Component generators [B]Parser and lexical analyser generators [C]Application generators [D]Code generators What is the normal order of activities in which software testing is organized? [A]System test, integration test, unit test, validation test

[B]Unit test, integration test, system test, validation test *[C]Unit test, integration test, validation test, system test The main focus of acceptance testing is: [A]finding faults in the system [B]ensuring that the system is acceptable to all users [C]testing the system with other systems *[D]testing from a business perspective Unit testing is a __ *[A]White box testing [B]Black box testing [C]Stress testing The effort required for locating and fixing an error in an operational program is: [A]Usability [B]Testability [C]Effeciency *[D]Maintainability Workbenches are also called ___ [A]Phases [B]Steps [C]Tasks *[D]All of the other choices A program validates a numeric field as follows: values less than 10 are rejected, values between 10 and 21 are accepted, values greater than or equal to 22 are rejected [A]10,11,21 [B]3,20,21 *[C]3,10,22 [D]10,21,22 A successful defect test is a test which causes a program to behave in an normal way [A]True *[B]False Which document identifies and describes the testing that will be implemented and executed? [A]Test report [B]Test plan *[C]Test case [D]Test script What is the purpose of defect testing?

[A]To verify that the software meet its requirements [B]To test individual program components *[C]To discover faults that make softwares behavior incorrect [D]To ensure about the performance of the software The testing intended to show that previously correct software has not been adversely affected by changes is call: *[A]Regression testing [B]Black box testing [C]White box testing We split testing into distinct stages primarily because: *[A]Each test stage has a different purpose. [B]It is easier to manage testing in stages. [C]We can run different tests in different environments. [D]The more stages we have, the better the testing. Which is the right sequence in the software testing process? (1) Prepare test data (2) Create test case (3) Perform test (4) Create test report [A]2 => 1 => 4 => 3 [B]2 => 4 => 3 => 1 *[C]2 => 1 => 3 => 4 [D]1 => 2 => 4 => 3 Which of the following is NOT part of configuration management? [A]controlled library access [B]status accounting of configuration items *[C]The people in the project team [D]identification of software versions Which is the change management concerned with? [A]Keeping track the change [B]System rebuilding, releasing [C]Ensuring that the change is made *[D]All of the other choices Software systems are subject to continual change requests from ___ [A]Users, Project managers, Chief Executive Officer [B]Developers, Project managers, Chief Executive Officer [C]Project managers, Project Director, Chief Executive Officer *[D]Developers, Users, Market forces

The customer wants to make a change to the project scope. The best thing for the project team to evaluate is the: [A]effect of the change on the project baselines [B]effect of the change on scope planning [C]effect of the change on the project scope *[D]effect of the change on the project schedule, cost, quality, and risks Which of the following is the source for software version up? *[A]All of the other choices [B]For different machines/OS6 [C]Offering different functionality [D]Tailored for particular user requirements A configuration management system would NOT normally provide: [A]Restricted access to the source code library. [B]The precise differences in versions of software component source code. *[C]Facilities to compare test results with expected results. [D]Linkage of customer requirements to version numbers. What is a release? [A]An instance of a system which is functionally distinct in some way from other system instances *[B]An instance of a system which is distributed to users outside of the development team. [C]An instance of a system which is functionally identical but non-functionally distinct from other instances of a system Who review and approves the change request? *[A]Change control board [B]Project manager [C]Chief executive officer [D]Project director Which of the following items would not come under Configuration Management? [A]user requirement documents [B]Design documentation [C]Operating systems *[D]Live data Which is the right sequence of the change management process? (1) Analyze change request (2) Request change by completing a change request form (3) Make changes to software (4) Submit request to change control board (5) Create new system version *[A]2 => 1 => 4 => 3=>5

[B]1 => 5 => 4 => 3=>2 [C]2 => 1 => 3 => 4=>5 [D]2 => 1 => 5 => 3=>4 Which are levels of protection in application security engineering? (Choose one) [A]Unix-level. Application-level. Database-level *[B]Platform-level. Application-level. Record-level| [C]Windows-level. Application-level. Database-level [D]Linux-level. Application-level. Record-level Consider security design for username and password protection, what is the good design? (Choose one) [A]Username and Password cannot be blank. Username can be any characters *[B]System users are authenticated using a login name/password combination. Requires user change password after 2 months [C]Requires user change password after 2 months. Username can be any characters [D]Username can be any characters. Password can be blank What is the first stage in survivability analysis [A]Identity softspots and survivability strategies. *[B]Review system requirements and architecture. [C]Identify attacks and compromisable components. [D]Identify critical services and components. Password should be changed [A]On regular basis [B]When you suspect that password is compromised [C]When you leave the place *[D]All of the other choices Why do we need consider security for project? (Choose one) [A]To allow administrators manage user [B]To have good architecture design [C]Security is a part of Software process *[D]To protect the system against external attack Which of the following design guidelines for secure systems engineering is NOT true? [A]Validate all inputs [B]Use redundancy and diversity to reduce risk. [C]Avoid a single point of failure. *[D]Avoid using redundancy and diversity to reduce risk [E]Base security decisions on an explicit security policy. What is the last stage in survivability analysis [A]Identity attacks and compromisable components. [B]Review system requirements and architecture.

*[C]Identify softspots and survivability strategies. [D]Identify critical services and components. All of the following are the complementary strategies to achieve survivability EXCEPT *[A]Conversion [B]Resistance [C]Recognition [D]Recovery Define the security terms 'attack' [A]The possible loss or harm that could result from a successful attack. This can be loss or damage to data or can be a loss of time and effort if recovery is necessary after a security breach. *[B]An exploitation of a system's vulnerability. Generally, this is from outside the system and is a deliberate attempt to cause some damage [C]A weakness in a computer based system that may be exploited to cause loss or harm Which is the correct statement about integrity? [A]Extent to which a program satisfies its specifications and fulfils the user's mission and goals [B]Effort required for learning, operating, preparing input interpreting output of a program [C]Effort required to couple one system with another *[D]Extent to which access to software or data by an unauthorized persons can be controlled Probability of a software failure is the *[A]Reliability [B]Defect rate [C]Correctness [D]Testability Password should be changed *[A]On regular basis [B]When you forget the password [C]When you leave the workplace [D]All of the other choices 1.What was the software crisis? As more powerful hardware was introduced in the 1960s, larger software systems were developed. These were usually late, unreliable, did not meet user needs and cost more than expected. The problems of producing software was the software crisis. 2.What are the two fundamental types of software product? Generic products that are designed to meet the needs of many different customers. Customised products designed to meet the specific needs of a single customer.

3.What is software engineering? An engineering discipline concerned with all aspects of software production from specification to system maintenance. 4.What are the fundamental activities in software processes? Software specifiation, software development, software validation and software evolution. 5.What are the three general paradigms of software development? The waterfall approach, iterative development, component-based software engineering. 6.What are the principal components of a software engineering method? System model descriptions, rules, recommendations, process guidance. 7.What does the acronym CASE stand for? Computer Aided Software Engineering. 8.Why is maintainability an important attribute of software? Because all software is subject to change after it goes into use and the costs of software maintenance often exceeds the development costs of the software. 9.What are three key challenges facing software engineering? The heterogeneity challenge, the delivery challenge, the trust challenge. 10.What is a software engineering code of ethics? A set of principles that set out, in a general way, standards of expected behaviour for professional software engineers. 1.What are the fundamental activities that are common to all software processes? Software specification, software design and implementation, software validation, software evolution. 2.List the three fundamental software process frameworks that are used to create specific software processes. The waterfall model Evolutionary development Component-based software engineering 3.Why are iterations usually limited when the waterfall model is used? The waterfall model is a document-driven model with documents produced at the end of each phase. Because of the cost of producing and approving documents, iterations and costly and involve significant rework. Hence they are limited. 4.Briefly describe two types of evolutionary development. Exploratory development where the objective of the process is to work with customers to explore their requirements and deliver a final-system. Throw-away prototyping where the

objective is to develop a better understanding of the customers requirements and deliver a better requirements specification. 5.What are the development stages in CBSE? Component analysis. Requirements modification. System design with reuse. Development and integration. 6.What are the advantages of using incremental development and delivery? Early delivery of critical functionality to the customer. Early increments serve as prototypes to explore requirements. Lower risk of overall project failure. More extensive testing of critical customer functionality. 7.What are the four sectors in each loop in Boehm's spiral model? Objective setting. Risk assessment and reduction. Development and validation. Planning. 8.What are the principal requirements engineering activities? Feasibility study. Requirements elicitation and analysis. Requirements specification. Requirements validation. 9.What models might be developed when applying a structured method? An object model. A sequence model. A state transition model. A structural model. A data-flow model. 10.What are the three important stages in the testing process? Component (or unit) testing. System or integration testing. Acceptance testing. 11.Why is it increasingly irrelevant to distinguish between software development and evolution? Few software systems are now completely new and a more realistic model of software development is of an iterative process that lasts for the lifetime of the software. 12.What are the four phases of the Rational Unified Process? Inception, elaboration, construction, transition.

13.What are the six fundamental best practices in the RUP? Develop software iteratively. Manage requirements. Use component-based architectures. Visually model software. Verify software quality. Control changes to software. 14.Give five examples of activities that can be automated using CASE. Graphical system modelling. Maintaining a data dictionary. Generating user interfaces. Program debugging. Translating programs from one language to another. 15.What is the distinction between a CASE tool and a CASE workbench? A CASE tool supports an individual process task such as checking the consistency of a design. A CASE workbench supports sets of related activities such as specification or design. 1.What are important differences between software project management and other types of project management? The product (software) is intangible. There are no standard software processes. Large software projects are often one-off projects. 2.List five common project management activities. Any five from the following: proposal writing, project planning and scheduling, project costing, project monitoring and reviewing, personnel selection and evaluation, report writing and presentations. 3.What is included in a quality plan and a validation plan? Quality plan: The quality procedures and standards that should be used in a project. Validation plan: The approach, resources and schedule used for system validation. 4.What is the difference between a milestone and a deliverable? A milestone is a recognised endpoint of some activity that represents a decision point for a project. A deliverable is a project output that is delivered to the customer. 5.What is involved in project scheduling? Separating the total planned work in the project into separate activities and judging the time required to complete these activities. 6.Explain how bar charts and activity networks give different views of a project schedule.

Activity networks show the time required to complete an activity and the dependence on activities. Bar charts show the activity timeline illustrating the relative length of activities and the dates when they take place. 7.What are three related categories of risk? Project risks. Product risks. Business risks. 8.Suggest four risks that may threaten the success of a software project. Staff turnover, management change, hardware unavailability, requirements change, specification delays, size underestimate, CASE tool underperformance, technology change, product competition. 9.Give two examples of technology risks that may arise in a software project. The system database cannot process as many transactions as expected. Reused software components are defective. 10.What is involved in risk monitoring? Regularly assessing the project risks to decide whether or not that the risk is becoming more or less probable and whether the effects of the risk have changed. 1.What are system requirements? Descriptions of the services to be provided by a system and the systems operational constraints. 2.What are user requirements and system requirements? User requirements are statements in a language that is understandable to a user of what services the system should provide and the constraints under which it operates. System requirements are more detailed descriptions of the system services and constraint, written for developers of the system. 3.What is the distinction between functional and non-functional requirements? Functional requirements define what the system should do. Non-functional requirements are not directly concerned with specific system functions but specify required system properties or place constraints on the system or its development process. 4.List three types of non-functional requirement? Product requirements. Organisational requirements. External requirements. 5.What is a domain requirement? Give an example. A requirements that is derived from the application domain of the system rather than from the specific needs of system users. For example, in a train control system, the

requirement for the train braking system depends on characteristics of the train and the track. 6.What problems can arise when requirements are written in natural language? Lack of clarity. Requirements confusion. Requirements amalgamation. 7.What is the distinction between the terms.'shall' and 'should' in a user requirements document? Shall normally indicates a mandatory requirement. Should indicates a desirable but not essential requirement. 8.Why is it impossible to completely separate system requirements and design? The system architecture may have to be designed to structure the requirements specification. Existing systems constrain the design and these constraints are requirements. The use of a specific architecture may be a requirement for business or regulatory reasons. 9.What are the main advantages of using a standard format to specify requirements? All requirements have the same format so are easier to read. The definition of form fields mean that writers are less likely to forget to include information. Some automated processing is possible. 10.What are three types of interface that may have to be defined in a requirements document? Procedural interfaces. Data structures. Representations of data. 11.What is the software requirements document? The offical document that defines the requirements that should be implemented by the system developers. 12.List the requirements document sections suggested by the IEEE standard. Introduction. General description. Specific requirements. Appendices. Index. 1.What perspectives may be used for system modelling? An external perspective. A behavioural perspective.

A structural perspective. 2.What types of system model may be developed? Data flow models. Composition models. Architectural models. Classification models. Stimulus/response models. 3.What is described in a context model? The immediate external environment of the system defining the systems context and the dependencies that a system has on its environment. 4.What is described in a state machine model? How the system responds to external events. 5.What is a semantic data model? A model that describes the logical structure of the data processed by a system or managed by a database. 6.What are the components of an object class definition in the UML? The name of the object class. The attributes of that class. The operations or methods associated with that class. 7.What different object models may be developed? Inheritance models. Object aggregation models. Object behaviour models. 8.What is shown in an UML sequence model? The sequence of interactions between objects and actors in the system associated with a single defined use-case. 9.What is a structured method? A systematic way of producing models of an existing system or of a system that is to be built. 10.List four weaknesses of structured methods. They do not support non-functional requirements modelling. They rarely include guidelines to help users decide if they can be used in a particular area. They tend to produce too much documentation. The models produced are detailed and often hard to understand. What are the stages in an object-oriented development process?

Object-oriented analysis. Object-oriented design. Object-oriented programming. 2.What is the distinction between an object and an object class? An object is created at run-time by instantiating an object class. The object includes state variables and operations on that state as defined in the object class definition. 3.Briefly describe two types of concurrent object implementation. Servers: The object is a parallel process with methods corresponding to the object operations. Methods execute in response to external requests Active objects: The state of the object is changed by internal operations within the object itself. The process executing these operations runs continuously. 4.List the five key stages in an object-oriented design process. Understand and define the context and use of the system. Design the system architecture. Identify the principal objects in the system. Develop design models. Specify object interfaces. 5.What do you understand by the system context and model of use? The system context is a static model of the other systems in the environment of the system being designed. The model of use is a dynamic model that describes how the system being designed interacts with its environment. 6.In the architectural model of the weather station system, what are the three layers in the software? The interface layer. The data collection layer. The instruments layer. 7.List four approaches that may be used to identify object classes. Grammatical analysis identifying nouns and verbs. Identify tangible things in the application domain. Use an approach based on the behaviour of the system. Use scenario-based analysis. 8.Briefly describe three design models that are part of the UML. Subsystem models that show logical groupings of objects. Sequence models that show the sequence of object interactions. State machine models that show state changes in response to events. 9.What is the purpose of interface design in an OO design process?

To define the signatures and semantics of the interfaces that are provided by an object or group of objects. 10.Briefly explain why an OO approach facilitates design evolution. The internal details of an object are hidden from other objects so changing these details is unlikely to have knock-on effects on other objects. What are the advantages of using an incremental approach to software development? Accelerated delivery of customer services. User engagement with the system. 2.What is the key difference between incremental development and prototyping? Incremental development starts with the requirements that are best understood and that have the highest priority. Prototyping is intended to help understand the requirements so starts with requirements that are not well understood. 3.List five important principles of agile methods. Customer involvement. Incremental delivery. People not process. Embrace change. Maintain simplicity. 4.What are three important characteristics of extreme programming? Requirements expressed as scenarios. Pair programming. Test-first development. 5.What is test-first development? When a system feature is identified, the tests of the code implementing that feature are written before the code. Tests are automated and all tests are run when a new increment is added to the system. 6.Briefly describe the advantage of pair programming. It supports the idea of common ownership and responsibility for the code. It serves as an informal code review process. It helps support refactoring. 7.What tools are normally included in a RAD environment? A database programming language. An interface generator. Links to office applications. A report generator. 8.What is visual programming?

An approach to development where a programmer manipulates graphical icons representing functions, data or user interface components and associates processing scripts with these icons. 9.Suggest three ways that a software prototype may be used. To help with the elicitation and validation of requirements. To explore software design solutions and support user interface design. To run back-to-back tests with the implemented system. 10.What were the key benefits of prototyping found in Gordon and Biemans study? Improved system usability, a closer match to users needs. Improved system quality, improved maintainability. Reduced development effort. 1.List the main benefits of software reuse. Increased dependability. Reduced process risk. Effective use of specialists. Standards compliance. Accelerated development. 2.List the main problems with software reuse. Increased maintenance costs. Lack of tool support. Not-invented-here syndrome. Creating and maintaining a component library. Finding, understanding and adapting components. 3.What key factors should be considered when planning reuse? The development schedule for the software. The expected software lifetime. The background, skills and experience of the development team. The criticality of the software and its non-functional requirements. The application domain. The system delivery platform. 4.What is a design pattern and why are patterns important for reuse? A design pattern is a description of a problem and the essence of its solution. This solution is expressed in a generic way and can be instantiated and reused in different settings. 5.What do Gamma et al. suggest are the four essential elements of a design pattern? A meaningful name. A description of the problem and when the pattern can be applied. A solution description. A statement of the consequences of applying the pattern.

6.What is generator-based reuse? An approach to reuse where reusable knowledge is embedded in a generator system which is programmed by domain experts to create the system. An executable system is then generated. 7.What major software problem is addressed by aspect-oriented software development? The problem of separation of concerns so that a software unit is designed to do one thing and one thing only. 8.What are three possible classes of application framework? System infrastructure frameworks. Middleware integration frameworks. Enterprise application frameworks. 9.What design choices have to be made when reusing COTS products? Which COTS products offer the most appropriate functionality. How data will be exchanged between different products. What features of a product will actually be used. 10.List four types of specialisation of software product lines. Platform specialisation. Environment specialisation. Functional specialisation. Process specialisation. 1.What are the two complementary goals of the testing process? To demonstrate that the software meets its requirements. To discover faults or defects in the software. 2.What is a successful defect test? A successful defect test is one where the systems operation does not conform to its specification, i.e. one that exposes a defect in the system. 3.Briefly describe the two distinct phases of system testing. Integration testing where the components and subsystems making up the system are integrated and tested. The integration team have access to the source code of the system. Release testing where the version of the system to be released to users is tested. The release testing team treat the system as a black-box while testing. 4.What guidelines does Whittaker suggest for defect testing? Chose inputs that force all error messages to be generated. Design inputs that might cause buffers to overflow. Repeat the same input numerous times. Force invalid outputs to be generated. Force computation results to be too large or too small.

5.What is the function of stress testing? To test the failure behaviour of the system. To stress the system and bring defects to light that might not normally be discovered. 6.What tests should be included in object class testing? Tests for all operations in isolation. Tests that set and access all object attributes. Tests that force the object into all possible states. 7.What are the three important classes of interface errors? Interface misuse. Interface misunderstanding. Timing errors. 8.What three approaches may be used when designing test cases? Requirements-based testing where test cases are designed from the requirements. Partition testing where input and output partitions are identified and tested. Structural testing where knowledge of the programs structure is used to design tests. 9.What is an equivalence partition? Give an example. A class of inputs or outputs where it is reasonable to expect that the system will behave the same way for all members of the class. For example, all strings with less than 256 characters. 10.What is path testing? A structural testing strategy whose objective is to exercise every independent path through a program.

1.What is meant by configuration management? The development and use of standards and procedures for managing an evolving software system. 2.What is a baseline? A controlled system where changes to the system have to be agreed and recorded before they are implemented. 3.What should be included in a configuration management plan? The configuration items to be managed. The people responsible for management. The configuration management policies. The CM tools to be used. The schema of the configuration database.

4.Why is it necessary to define a configuration item identification scheme? Because there may be thousands of source code modules, test scripts, design documents, etc. in a large project. You have to be able to uniquely identify and locate any specific item and so a unique naming scheme is required. 5.What information may be included in a configuration database? Information about configuration items such as data of creation, creator, etc. Information about users of components, system customers, execution platforms, and proposed changes to the system. 6.What are the objectives of change management procedures? To analyse the costs and benefits of proposed changes, approving changes that are worthwhile, and tracking which components of the system have been changed. 7.What is the role of a change control board? To assess the impact of proposed changes from a strategic and organisational perspective rather than a technical perspective. They should decide if changes are worthwhile and should prioritise changes to be implemented. 8.What is the difference between a system version and a system release? A system version is an instance of a system that differs, in some ways, from other instances. A system release is a version that is released to customers. 9.What are the advantages of attribute-based version identification? When selecting components, you do not need to specify the version number (an errorprone process if there are many components) but simply list the required component attributes. 10.What may be included in a system release? The executable code of a system. Configuration files. Data files. An installation program. Electronic and paper documentation, packaging and publicity. 11.What are the key issues in system building? Have all components been included? Are the right versions of components included? Are all required data files available? Are the data files properly referenced? Is the appropriate version of the compiler and other tools available? 12.What are the two types of CM workbench? Open workbenches that include CM tools from different suppliers. Integrated workbenches that provide integrated facilities for version management, system building and change tracking.

13.What facilities might be provided in system building CASE tools? A dependency specification language and interpreter. Tool selection and instantiation support. Distributed compilation. Derived object management. What are the key standards for web service-oriented architectures? SOAP message interchange. WSDL service interface description. UDDI service discovery information. WS-BPEL workflow language. 2.What is the definition of a (web) service? A loosely coupled reusable software component that encapsulates discrete functionality which may be distributed and programmatically accessed. A web service is a service that is accessed using standard Internet and XML-based protocols. 3.What are the components of a WSDL specification? The interface specification that defines the operations and message formats. The binding which maps the abstract interface to a concrete set of protocols. The location part which defines where the service implementation is located. 4.What is service engineering? The process of developing services for reuse in service-oriented applications. 5.What are the three fundamental types of service that may be identified? Utility services implement some general functionality. Business services associated with a specific business function. Coordination services provide support for a business process. 6.What are the three stages in service interface design? Logical interface design where operations, inputs and outputs are identified. Message design where the structure of messages sent and received is designed. WSDL development where the abstract service interface is designed. 7.What information is maintained in a UDDI description? Details of the business providing the service. An informal description of the service functionality. Information on where to find the WSDL service specification. Subscription information for user registration. 8.How can web services be used to facilitate the use of legacy systems? The legacy system functionality is hidden b y wrapping it in a web service which is accessed by external applications. These applications therefore do not need to know the protocols and data structures used by the legacy system.

9.Define software development with services. The creation of programs by composing and configuring services to create new composite services. 10.What is a workflow? A sequence of activities, ordered in time, that make up a coherent business processes with each activity carrying out some part of the work of that process. 11.What are the stages in service construction by composition? Formulate outline workflow. Discover services. Select possible services. Refine workflow. Create workflow program. Test completed service or application. 12.What is the difference between BPMN and WS-BPEL? BPMN is a graphical language for defining workflows whereas WS-BPEL is a lowerlevel XML-based language. 13.List five problems in testing service-oriented systems. Services from an external provider may change so are not the services originally tested. Dynamic service binding may mean that the bound service is unpredicatable. The non-functional behaviour of the service may vary from time to time because of load which is outside the testers control. Testing is expensive if services are charged on a per use basis. Compensating actions may be difficult to test. 1.What are the advantage of explicitly designing and documenting a software architecture? It improves stakeholder communications. It encourages a detailed analysis of the system. It helps with large-scale reuse. 2.What non-functional requirements may be influenced by the choice of system architecture? Performance, security, safety, availability, maintainability. 3.List four fundamental questions that should be addressed in architectural design.Is there a generic application architecture that can be used? How will the system be distributed? What architectural style or styles are appropriate? How should the system be structured? What control strategy should be used? Etc.

4.What architectural models may be developed? A static structural model. A dynamic process model. An interface model. Relationship models. A distribution model. 5.What is the fundamental characteristic of a repository model? All shared data is held in a central database that can be accessed by all sub-systems. 6.How is the system organised in a client-server model? A set of services is provided by servers and clients access and use these services. 7.What are the two principle styles used for modular decomposition? Object-oriented decomposition. Function-oriented pipelining. 8.Briefly describe function-oriented pipelining.The system is decomposed into a set of functional transformations that consume inputs and produce outputs. Data flows from one function to another (the pipeline) and is transformed as it passes through the sequence. 9.What are the two main types of event-driven control models? Broadcast models where an event is broadcast to all sub-systems. Interrupt-driven models where external events are detected and processed by an interrupt handler. 10.What is a reference architecture? An abstract model of a system class that can be used to inform designers about the general structure of that type of system. 1.What is the distinction between validation and verification? Validation: Are we building the right product? Verification: Are we building the product right? 2.What are the two complementary approaches used for checking and analysis? Software inspections or peer reviews. Software testing. 3.What are the principal sections included in a test plan?The testing process. Requirements traceability. Tested items. Testing schedule. Test recording procedures. Hardware and software requirements. Constraints.

4.What are the advantages of inspections over testing? Inspections can discover many errors. In testing, one error may mask another. Incomplete versions of a system can be inspected. Inspections can consider broader quality attributes as well as program defects. 5.What are the stages in the software inspection process? Planning. Overview. Individual preparation. Inspection meeting. Rework. Follow-up. 6.List the classes of faults that should be considered in an inspection checklist.Data faults. Control faults. Input/output faults. Interface faults. Storage management faults. Exception management faults. 7.What is automated static analysis? A process where an analysis program examines the source code looking for possible anomalies. These are drawn to the inspectors attention as they may represent faults in the program. 8.What are the main argument for the use of formal specification and verification? Formal specification forces a detailed analysis of the requirements so reveals errors and anomalies. Formal verification demonstrates that the program meets its specification so implementation errors do not compromise dependability. 9.Why do formal specification and verification not guarantee reliability? The specification may not reflect the real requirements of users. The proof may contain errors. The proof may assume a usage pattern which is incorrect. 10.What are the five key strategies used in cleanroom development? Formal specification. Incremental development. Structured programming. Static verification. Statistical testing.

1.What is the distinction between application and infrastructure security?

Application security the application is designed to resist attacks. Infrastructure security the software is configured to resist attacks. 2.Define the security terms vulnerability and asset.Vulnerability: A weakness in a computer system that MAY be exploited to cause loss or harm. Asset: A system resource that has a value and so should be protected. 3.What is security risk management? Security risk management is concerned with assessing the possible losses that might ensue from attacks on assets in the system and balancing these losses against the costs of security procedures that may reduce the losses. 4.What are the stages of preliminary risk assessment? Asset identification. Asset value assessment. Exposure assessment. Threat identification. Threat probability assessment. Control identification. Feasibility assessment. Security requirements definition. 5.Suggest two possible vulnerabilities when login/password authentication is used.Users set guessable passwords. Authorised users reveal their passwords to unauthorised users, perhaps through some social engineering process. 6.What fundamental issues have to be considered when designing system architecture for security? Protection: How should the system be organised so that critical assets can be protected against an external attack. Distribution: How should system assets be distributed so that the effects of a successful attack are minimised. 7.What are the three levels of protection that might be used in an information system? Platform-level protection. Application-level protection. Record-level protection. 8.List four design guidelines for secure systems engineering.Base security decisions on an explicit security policy. Avoid a single point of failure. Use redundancy and diversity to reduce risk. Validate all inputs. (Others in Fig. 30.10.)

9.Why is it important to design for deployment? Because many security vulnerabilities are introduced when the system is configured for use in its deployment environment. 10.What deployment support may be included in a system? Support for viewing and analysing configurations. Default privilege minimisation. Configuration setting localisation. Easy ways to fix security vulnerabilities. 11.What are the three complementary strategies to achieve survivability? Resistance. Recognition. Recovery. 12.List the stages in survivability analysis.Review system requirements and architecture. Identify critical services and components. Identify attacks and compromisable components. Identify softspots and survivability strategies. Which system model is described in the following graphic? *[A]Data-flow models [B]State machine models [C]Context models [D]Object models Change request is proposal due to ______ [A]Market forces [B]Customers [C]Developers *[D]All of the others What's the difference between functional and non-functional requirements? [A]The functional requirement is described in details, the other is described in high-level abstract *[B]None of the others [C]The functional requirement describes system properties and constraints, the other describes system services What are the user requirements? *[A]The statements in a natural language plus diagrams that describe the services' system and their constraints [B]The high-level abstract requirement [C]The requirements are written for contractor managers [D]All of the others

Suggest a most appropriate software process model that might be used as a basic for managing the developing of the software system that support categorizing goods based on consumption pattern, tracking payments from the customers. *[A]The waterfall model [B]All of the others [C]Component-based software engineering model [D]Incremental delivery model How is the system organized in a client-server model? [A]A set of services is provided by clients and servers access and use these services [B]All of the others *[C]None of the others [D]A set of services is provided by servers and clients access and use these services Which of the following statements about the differences between integrating testing and component testing are true? *[A]The integrating testing test the result of the component while the component testing test its internal structure [B]All of the others [C]The integrating testing tests the result of the component interaction [D]The component testing tests the system's goals that will be applied to integrating system Which of the following statements about project management is true? [A]The process of project planning is straightforward [B]All of the others *[C]The intangibility of software systems poses special problems for software project management [D]The best programmers always make the best software managers What are the distinctions between an object and an object class? *[A]All of the others [B]The object includes state variables and operations on that state as defined in the object class definition [C]An object is created at run-time by instantiating an object class. Which of the following is NOT a disadvantage of structured methods? *[A]There are not many CASE tools that support structured methods [B]They tend to produce too much documentation [C]They do not support non-functional requirements modeling [D]They rarely include guidelines to help users decide if they can be used in a particular area [E]The models produced are detailed and often hard to understand

The economies of all developed nations are dependent on software.

*[A]True [B]False If performance is a critical requirement the architecture should be designed to *[A]localize critical operations and minimize communications; use large rather than finegrain components [B]All of the others [C]include redundant components and mechanisms forfault tolerance [D]use a layered architecture with critical assets in the inner layers Which of the following does NOT belong to important principles of agile methods? [A]Embrace change *[B]Process not people [C]Incremental delivery [D]Customer involvement [E]Maintain simplicity What are the advantages of explicitly designing and documenting software architecture? [A]It improves stakeholder communications *[B]All of the others [C]It encourages a detailed analysis of the system Which of the following statements about test first development are true? *[A]All of the others [B]When a system feature is identified, the tests of the code implementing that feature are written before the code [C]Tests are automated and all tests are run when a new increment is added to the system. What is the problem that cannot arise when requirements are written in natural language? [A]Lack of clarity [B]Requirement confusion [C]Requirement amalgamation *[D]Lack of user's understandability All of the fallowings are main benefits of software reuse EXCEPT [A]Accelerated development *[B]Reduce maintenance costs [C]Increased dependability [D]Reduced process risk [E]Effective use of specialists

Which of the following statements about testing is NOT true? [A]Testing can only show the presence of errors in a program *[B]Its goal is to fix errors of the software system

[C]None of the others [D]It cannot demonstrate that there are no remaining faults Which of the following statement about the two distinct phases of system testing is NOT true? [A]The release testing team treat the system as a black-boxwhile testing [B]None of the others [C]Release testing where the version of the system to be released to users is tested. [D]Integration testing where the components and subsystems making up the system are integrated and tested *[E]The integration team does NOT have access to the source code of the system. Which of the following statements about Enterprise Resource Planning (ERP) systems is NOT true? [A]Specific ERP systems are created by configuring a generic system at development time with information about the customer's business *[B]Enterprise Resource Planning systems are very widely used [C]All of the others What is the second stage of risk management process? [A]Risk planning [B]Risk monitoring *[C]Risk analysis [D]Risk identification Both the waterfall model of the software process and the prototyping model can be accommodated in the spiral process model. [A]False *[B]True Which of the following is a type of software process model that represents the roles of the people involved in the software process and the activities for which they are responsible? [A]An actor model *[B]An role/action model [C]None of the others [D]An activity model What does computer science concern with? *[A]Computer science is concerned with theories and methods that underlie computers and software systems [B]Computer science is concerned with the practicalities of developing and delivering useful software [C]All of the others What are included in a quality plan? [A]The resources and schedule used for system validation

[B]All of the others *[C]The quality procedures and standards that should be used in a project Which of the followings belong to Server type of concurrent object implementation? *[A]The object is a parallel process with methods corresponding to the object operations. Methods execute in response to external requests [B]The state of the object is changed by internal operations within the object itself. The process executing these operations runs continuously. [C]All of the others What is meant by configuration management? [A]All of the others [B]Configuration management is concerned with ensuring that software has a low number of defects and that it reaches the required standards of maintainability, reliability, and portability and so on *[C]The development and use of standards and procedures for managing an evolving software system Which of the following statements about Service-oriented software engineering is true? *[A]Service-oriented software engineering is based on the notion that programs can be constructed by composing independent services that encapsulate reusable functionality [B]Services are language dependent and their implementation is based on widely adopted XML-based standards [C]All of the others Which of the fallowings does NOT belong to the important differences between software project management and other types of project management? [A]There are no standard for software processes [B]Large software projects are often one-off projects [C]The product (software) is intangible *[D]Cost of software project maintenance is higher than other type of projects is concerned with developing an oriented system model to implement requirements *[A]Object-oriented Analysis [B]Object-oriented Design [C]Object-oriented Paradigm [D]None of the others What are system requirements? [A]None of the others [B]Requirements that come from the application domain of the system and that reflect characteristics of that domain *[C]A structured document setting out detailed descriptions of the system's functions, services and operational constraints. [D]Statements in natural language plus diagrams of the services the system provides and its operational constraints. Written for customers

What key factors should be considered when planning reuse? *[A]All of the others [B]The development schedule for the software [C]The background, skills and experience of the development team [D]The expected software lifetime Applications frameworks are collections of concrete and abstract objects that are designed to be reused through specialization and the addition of new objects. [A]False *[B]True All of the following are the main benefits of software reuse EXCEPT [A]Increased dependability [B]Effective use of specialists, standards compliance [C]Accelerated development *[D]Reduce maintain cost [E]Reduced process risk Which of the following statements about Equivalence partitioning are NOT true? [A]Equivalence partitioning is a way of deriving test cases [B]Often, the value that is most likely to lead to a successful testis a value at the boundary of a partition. [C]It depends on finding partitions in the input and output data sets and exercising the program with values from these partitions *[D]None of the others Which of these statements about extreme programming are true? [A]All tests should only be run in the last time [B]All of the others [C]Increments are delivered to customers at the end of process *[D]New versions may be built several times per day Which of the following are the testing process goals? [A]Discover faults or defects in the software [B]The check that the software meets its requirements *[C]All of the others Which of the following statements about service interfaces is true? *[A]All of the others [B]Service interfaces are defined in an XML-based language called WSDL [C]A WSDL specification includes a definition of the interface types and operations, the binding protocol used by the service and the service location Which of the following statements about security is NOT true? [A]None of the others

[B]Security engineering focuses on how to develop and maintain software systems that can resist malicious attacks that are intended to damage a computer-based system or its data *[C]Security threats can be threats to the only confidentiality and integrity of a system or its data. [D]Security risk management involves assessing the losses that might ensue from attacks on a system and deriving security requirements that are aimed at eliminating or reducing these losses. All of the following are stages in an object-oriented development process EXCEPT? [A]Object-oriented analysis [B]Object-oriented design *[C]Object-oriented evolution [D]Object-oriented programming What are the components of an object class definition in the UML? *[A]All of the others [B]The name of the object class [C]The operations or methods associated with the class [D]The attributes of the class All of the following statement about design pattern are true EXCEPT ( tat ca deu dung) [A]A pattern description should include a pattern name, a problem and solution description, and a statement of the results and trade-offs of using the pattern [B]They are fundamental to design reuse in object-oriented development [C]Design patterns are detail-level abstractions that document successful design solutions. Suggest the most appropriate generic software process model that might be used as a basic for managing the development of the following system: A university accounting system that replaces an existing system *[A]Waterfall model [B]Throw-away prototyping [C]Exploratory development [D]None of the others Requirements are usually presented at_ and _ levels of detail in requirements document *[A]a high level statement/ a detailed system specification [B]a high level statement/ a user specification [C]All of the others [D]a high level statement/ a low system specification What are advantages of pipeline model? [A]Intuitive organization for stakeholder communication *[B]All of the others [C]Easy to add new transformations

[D]Supports transformation reuse All of the fallowings are the ways that a software prototype may be used EXCEPT *[A]To test all functions of the completed system [B]To run back-to-back tests with the implemented system [C]To explore software design solutions and support user interface design [D]To help with the elicitation and validation of requirements Which of the following is NOT object model that may be developed? [A]Object aggregation models *[B]Workflow model [C]Object behavior model [D]Inheritance models What is application security? [A]Application security is a systems management problem where the infrastructure is configured to resist attacks. [B]All of the others *[C]Application security is a software engineering problem where the system is designed to resist attacks The change control board assess the impact of proposed changes from a strategic and organizational perspective rather than a technical perspective [A]False *[B]True What can be represented by a workflow model? [A]The process as a set of activities, each of which carries out some data transformation. [B]The roles of the people involved in the software process and the activities for which they are responsible [C]All of the others *[D]The sequence of activities in the process along with their inputs, outputs and dependencies. Which of the following requirement statements belongs to functional requirements? [A]The system is implemented by using Java, Oracle database [B]The response time for each screen is must be less than 2 seconds *[C]An article information shall include Author, Title, Description and other related information [D]The user interface shall be implemented as simple HTML without frames The Waterfall approach is the BEST approach to development software when *[A]The requirements are well-understood and changes will be fairly limited during the design process [B]Adding some new features to a system [C]Un-stable requirement systems

[D]Software system is small, unclear requirements Domain requirements may be functional or non-functional requirements [A]False *[B]True What is the basis of schedule and cost estimates in the extreme programming? [A]The way that the team would develop the test-first [B]The overall requirements that customer provide to the team *[C]The tasks that are broken down by the team from the scenarios or user stories written cards [D]The way that the team would perform code refactoring The term 'CASE' is the acronym of [A]Computer Aided System Engineer *[B]Computer-Aided Software Engineering [C]Computing Automation System Extension Which is the first stage in an object-oriented design process? [A]Specify object interfaces. *[B]Develop an understanding of the relationships between the software being designed and its external environment [C]Identify the principal system objects; [D]Design the system architecture Select the BEST model when you want to design a software system that very fast responses to events is a critical requirement? *[A]Interrupt-driven model [B]Manager model [C]Call-return model [D]Broadcast model What are the purposes of system modelling? (Choose one) [A]To validate user requirement, define the boundaries of the system [B]To define the boundaries of the system, validate system requirement *[C]To help the analyst to understand more about the functionalities of the system, and help communicating with customer Which is the right sequence in the risk management process? (1) Risk analysis (2) Risk identification (3) Risk monitoring (4) Risk planning [A]1=>4=>2=>3 *[B]2=>1=>4=>3 [C]1=>2=>4=>3

[D]2=>1=>3=>4 Object identification is a(n)_process [A]Waterfall *[B]Iterative [C]Recursive What is SOAP standard? [A]Defines the components of a service specification that may be used to discover the existence of a service [B]This standard allows a service interface and its bindings to be defined *[C]A message exchange standard that supports service communication [D]A standard for workflow languages used to define service composition In Waterfall approach, which phase takes the least cost? [A]Design [B]Integration and testing [C]Development *[D]Specification Given the project activities chart as below, please define the critical path (the values mention in each arrow are activity name and activity duration) *[A]AFDEI [B]ABCIE [C]AFGHI [D]ABCI There are only one approach to reuse software applications or components that can be used. [A]True *[B]False What are stages of service interface design? [A]Logical interface design, Java object interface design, WSDL description *[B]Logical interface design, Message design, WSDL description [C]Logical interface design, Message design, Java object interface design Which one of the following statements about system testing is NOT true? [A]System tests are often performed by independent teams. [B]Functional testing is used more than structural testing. [C]Faults found during system tests can be very expensive to fix. *[D]End-users should be involved in system tests. Before doing integration testing this testing must have been done *[A]Unit testing [B]System testing

[C]Stress testing Acceptance testing will be done by [A]Developer [B]Project manager *[C]User [D]Tester The decision where the programmers can reuse a pattern or need to develop a specialpurpose solution always easy [A]True *[B]False What is WSDL standard? [A]A standard for workflow languages used to define service composition *[B]This standard allows a service interface and its bindings to be defined [C]A message exchange standard that supports service communication [D]Defines the components of a service specification that may be used to discover the existence of a service