SE2_ exercises__ٍSpring_2024.pdf
Document Details
Uploaded by AdventurousBohrium
NAHDA
2024
Tags
Full Transcript
MCQ _SE2_ exercises 1. Which of the following is not a phase of “bathtub curve” of hardware reliability? a) Useful Life d) Time b) Burn-in Answer: d c)...
MCQ _SE2_ exercises 1. Which of the following is not a phase of “bathtub curve” of hardware reliability? a) Useful Life d) Time b) Burn-in Answer: d c) Wear-out Explanation: Time is the horizontal dimension on which the bathtub curve is built and not the phase. 2. How is reliability and failure intensity related to each other? a) direct relation d) none of the mentioned b) inverse relation Answer: b c) no relation Explanation: As the reliability increases, failure intensity decreases. 3. How many product quality factors are proposed in McCall quality model? a) 2 d) 8 b) 3 Answer: b c) 11 4. Which one of the following is not a software quality model? a) ISO 9000 d) ISO 9126 b) McCall model Answer: a c) Boehm model 5. What is MTTF ? a) Maximum time to failure d) None of the mentioned b) Mean time to failure Answer: b c) Minimum time to failure 6. How is software reliability defined? a) time d) speed b) efficiency Answer: a c) quality 7. Suitability, Accuracy, Interoperability, and security are what type quality attribute of ISO 9126 ? a) Reliability d) Usability b) Efficiency Answer: c c) Functionality 8. Time Behavior and Resource Behavior fall under which quality attribute of ISO 9126 ? a) Reliability c) Functionality b) Efficiency d) Usability Answer: b Explanation: The Characteristics mentioned in the question are related to the relationship between the level of performance of the software and the amount of resources used, under stated conditions. 9. NHPP stands for a) Non Homogeneous Poisson Product d) Non Homogeneous Poisson Process b) Non-Hetrogeneous Poisson Product Answer: d c) Non-Hetrogeneous Poisson Process 10. The CMM model is a technique to a) automatically maintain the software reliability d) all of the mentioned b) improve the software process. Answer: b c) test the software =-=-=- Non-occurrence of improper alteration of information is known as___________________? A. Available Dependability C. Maintainable Dependability B. Confidential Dependability D. Integral Dependability All fault-tolerant techniques rely on__________________? A. Integrity C. Redundancy B. Dependability D. None of the mentioned Which of the following Error Detection checks is not a part of Application detection ? A. Hardware checks C. Reversal checks B. Timing checks D. Coding checks Which of the following approaches are used to achieve reliable systems? A. Fault prevention C. Fault tolerance B. Fault removal D. All of the mentioned In N-version programming which is the independent generation of N, the value of N is________? A. greater than 1 C. greater than 2 B. less than 1 D. less than 2 It is imperative for a communicating processes to reach consistent recovery points to avoid the _________ effect, with backward error recovery mechanism ? A. Static C. Domino B. Dynamic D. Whirlpool A system maintaining its integrity while accepting a temporary halt in its operation is said to be in a state of___________________? A. Full Fault Tolerance C. Fail Soft B. Graceful Degradation D. Fail Safe What type of fault remains in the system for some period and then disappears ? A. Permanent B. Transient C. Intermittent D. All of the mentioned Suitability, Accuracy, Interoperability, and security are what type quality attribute of ISO 9126 ? A. Reliability B. Efficiency C. Functionality D. Usability Which level of CMM is for process management ? A. Initial B. Repeatable C. Defined D. Optimizing Software reliability is defined with respect to____________________? A. time B. bugs C. failures D. quality Failure In Time (FIT) is another way of reporting __________________? A. MTTR B. MTTF C. MTSF D. MTBF In ISO 9126, time behavior and resource utilization are a part of_____________? A. maintainability B. portability C. efficiency D. usability MTTF stands for_____________? A. Minimum time to failure B. Mean time to failure C. Maximum time to failure D. None of the mentioned Which of the following is not a Probabilistic Model ? A. Error seeding B. NHPP C. Input domain D. Halstead’s software metric IMC Networks is a leading __________________ certified manufacturer of optical networking and LAN/WAN connectivity solutions for enterprise, telecommunications and service provider applications ? A. Telco Systems C. Arista Networks B. D-Link D. ISO 9001 How many levels are present in CMM ? A. three C. five B. four D. six Exception handling is a type of_____________? A. forward error recovery mechanism B. backward error recovery mechanism D. None of the mentioned C. All of the mentioned Which one is not a software quality model ? A. ISO 9000 B. McCall model C. Boehm model D. ISO 9126 What is MTTF ? A. Maximum time to failure C. Minimum time to failure B. Mean time to failure D. None of the mentioned How many product quality factors are proposed in McCall quality model ? A. 2 C. 11 B. 3 D. 8 Which of the following is not a phase of “bathtub curve” of hardware reliability ? A. Useful Life C. Wear-out B. Burn-in D. Time How is software reliability defined ? A. time C. quality B. efficiency D. speed Time Behavior and Resource Behavior fall under which quality attribute of ISO 9126 ? A. Reliability B. Efficiency C. Functionality D. Usability The CMM model is a technique to_________? A. automatically maintain the software C. test the software reliability D. all of the mentioned B. improve the software process Which one of the following is not a software quality model ? A. ISO 9000 C. Boehm model B. McCall model D. ISO 9126 How is reliability and failure intensity related to each other ? A. direct relation B. inverse relation C. no relation D. none of the mentioned =-=-=-2=-=- 1. Which of the following is a layer of protection for Security ? a) Platform-level protection b) Application-level protection c) Record-level protection d) All of the mentioned Answer:d Explanation: None. 2. Security engineering is only concerned with maintenance of systems such that they can re sist malicious attacks. a) True b) False Answer:b Explanation: Security engineering is concerned with maintenance as well as development of such systems. 3. What are security controls ? a) Controls that are intended to ensure that attacks are unsuccessful b) Controls that are intended to detect and repel attacks c) Controls that are intended to support recovery from problems d) All of the mentioned Answer:d Explanation: All the options define a security control property. advertisement 4. Controls that are intended to repel attacks is analogous to ____________ in dependability engineering. a) Fault avoidance b) Fault tolerance c) Fault detection d) None of the mentioned Answer:b Explanation: Here the system is designed so that faults in the delivered software do not result in system failure. 5. Controls that are intended to ensure that attacks are unsuccessful is analogous to ______ in dependability engineering. a) Fault avoidance b) Fault tolerance c) Fault detection d) Fault Recovery Answer:a Explanation: In Fault avoidance the system is developed in such a way that human error is avoided and thus system faults are minimised. 6. What is Life cycle risk assessment ? a) Risk assessment before the system has been c) All of the mentioned deployed d) None of the mentioned b) Risk assessment while the system is being Answer:c developed Explanation: None. 7. A system resource that has a value and has to be protected is known as a) Asset d) None of the mentioned b) Control Answer:a c) Vulnerability Explanation: The answer is self explanatory. 8. An impersonation of an authorised user is an example of a security threat. a) True b) False Answer:b Explanation: It is a security attack. 9. The records of each patient that is receiving or has received treatment resembl es which security concept ? a) Asset d) Control b) Threat Answer:a c) Vulnerability Explanation: Asset is a system resource that has a value and has to be protected. 10. Circumstances that have potential to cause loss or harm is known as a) Attack d) Control b) Threat Answer:b c) Vulnerability =-=-=-3=-=- 1. Reuse-based software engineering is a software engineering strategy where the development process is geared to reusing existing software. a) True b) False Answer: a 2. The open source movement has meant that there is a huge reusable code base available at a) free of cost b) low cost c) high cost d) short period of time Answer: b Explanation: The open source movement has meant that there is a huge reusable code base available at low cost. This may be in the form of program libraries or entire applications. 3. Consider the example and categorize it accordingly, “A pattern-matching system developed as part of a text- processing system may be reused in a database management system”. a) Application system reuse b) Component reuse c) Object and function reuse d) None of the mentioned Answer: b Explanation: Components of an application, ranging in size from subsystems to single objects, may be reused. advertisement 4. COTS stands for a) Commercial Off-The-Shelf systems b) Commercial Off-The-Shelf states c) Commercial Off-The-System state d) None of the mentioned Answer: a 5. COTS product reuse means a) Class and function libraries that implement commonly used abstractions are available for reuse b) Shared components are woven into an application at different places when the program is compiled c) Large-scale systems that encapsulate generic business functionality and rules are configured for an organization d) Systems are developed by configuring and integrating existing application systems Answer: d 6..NET are specific to which platform? a) Java b) Mac-OS c) Microsoft d) LINUX Answer: c Explanation: NET Framework (pronounced dot net) is a software framework developed by Microsoft that runs primarily on Microsoft Windows. 7. Which of the following is a generic structure that is extended to create a more specific subsystem or application? a) Software reuse b) Object-oriented programming language c) Framework d) None of the mentioned Answer: c Explanation: Frameworks are implemented as a collection of concrete and abstract object classes in an object- oriented programming language. 8. “An ordering system may be adapted to cope with a centralized ordering process in one company and a distributed process in another.” Which category the example belong to? a) Process specialization b) Platform specialization c) Environment specialization d) Functional specialization Answer: a Explanation: In process specialization, the system is adapted to cope with specific business processes. 9. What are generic application systems that may be designed to support a particular business type, activity, or sometimes a complete enterprise? a) COTS-solution systems b) COTS-integrated systems c) ERP systems d) Both COTS-solution and COTS-integrated systems Answer: a 10. Which of the following is not an advantages of software reuse? a) lower costs b) faster software development c) high effectiveness d) lower risks Answer: c Explanation: Effectiveness depends on how one reuses the existing product. 11. ERP stands for a) Effective Reuse Planning b) Enterprise Resource Planning c) Effective Research Planning d) None of the mentioned Answer: b Explanation: Enterprise Resource Planning systems are examples of large -scale COTS reuse. 12. Which framework class include standards and classes that support component communication and information exchange? a) System infrastructure frameworks b) Middleware integration frameworks c) Enterprise application frameworks d) MVC Answer: b =-=- 1. Which of the following term is best defined by the statement “In a distributed system, several processes may operate at the same time on separate computers on the network.”? a) Concurrency b) Openness c) Resource sharing d) Fault tolerance Answer: a Explanation: None. 2. Which of the following is not a dimension of scalability? a) Size b) Distribution c) Manageability d) Interception Answer: d Explanation: Interception is a communication conception. 3. A distributed system must defend itself against a) Modification b) Interruption c) Fabrication d) All of the mentioned Answer: d advertisement 4. QoS stands for a) Quality of security b) Quality of system c) Quality of service d) None of the mentioned Answer: c Explanation: QoS is particularly critical when the system is dealing with time-critical data such as sound or video streams. 5. In Java,_________ are comparable with, though not identical to, RPCs. a) Remote Method Invocations b) Operating System c) Client–server computing d) None of the mentioned Answer: a 6. _________ depend on there being a clear separation between the presentation of information and the computations that create and process that information. a) Master-slave architectures b) Client–server systems c) Two-tier client–server architecture d) Both Master-slave architectures AND Client–server systems Answer: b Explanation: One should design the architecture of distributed client–server systems so that they are structured into several logical layers, with clear interfaces between these layers. 7. Which architecture is used when there is a high volume of transactions to be processed by the server? a) Multi-tier client–server architecture b) Master-slave architecture c) Distributed component architecture d) Peer-to-peer architecture View Answer Answer: a Explanation: Multi-tier systems may be used when applications need to access and use data from different databases. 8. Which architecture are reliant on middle-ware? a) Multi-tier client–server architecture b) Master-slave architecture c) Distributed component architecture d) Peer-to-peer architecture Answer: c Explanation: It allows the system designer to delay decisions on where and how services should be provided. 9. __________ is a way of providing functionality on a remote server with client access through a web bro wser. a) SaaS b) SOA c) Configurability d) Both SaaS and Configurability Answer: a =-=-Project management 1. Which of the following is not project management goal? a) Keeping overall costs within budget b) Delivering the software to the customer at the agreed time c) Maintaining a happy and well-functioning development team d) Avoiding customer complaints Answer: d Explanation: Projects need to be managed because professional software engineering is always subject to organizational budget and schedule constraints. 2. Project managers have to assess the risks that may affect a project. a) True b) False Answer: b Explanation: Risk management involves anticipating risks that might affect the project schedule or the quality of the software being developed, and then taking action to avoid these risks. 3. Which of the following is not considered as a risk in project management? a) Specification delays b) Product competition c) Testing d) Staff turnover Answer: c Explanation: Testing is a part of project, thus it can’t be categorized as risk. advertisement 4. The process each manager follows during the life of a project is known as a) Project Management b) Manager life cycle c) Project Management Life Cycle d) All of the mentioned Answer: c Explanation: A proven methodical life cycle is necessary to repeatedly implement and manage projects successfully. 5. A 66.6% risk is considered as a) very low b) low c) moderate d) high Answer: d Explanation: The probability of the risk might be assessed as very low (75%). 6. Which of the following is/are main parameters that you should use when computing the costs of a software development project? a) travel and training costs b) hardware and software costs c) effort costs (the costs of paying software engineers and managers) d) all of the mentioned Answer: d Explanation: Estimation involves working out how much effort is required to complete each activity and, from this, calculating the total cost of activities. 7. Quality planning is the process of developing a quality plan for a) team b) project c) customers d) project manager Answer: b Explanation: The quality plan should set out the desired software qualities and describe how these are to be assessed. 8. Which of the following is incorrect activity for the configuration management of a software system? a) Internship management b) Change management c) Version management d) System management Answer: a Explanation: Configuration management policies and processes define how to record and process proposed system changes, how to decide what system components to change, how to manage different versions of the system and its components, and how to distribute changes to customers. 9. Identify the sub-process of process improvement a) Process introduction b) Process analysis c) De-processification d) Process distribution Answer: b Explanation: The current process is assessed, and process weaknesses and bottlenecks are identified. 10. An independent relationship must exist between the attribute that can be measured and the external quality attribute. a) True b) False Answer: b =-=-=-planning 1. Which of the following is an important factor that can affect the accuracy and efficacy of estimates? a) Project size b) Planning process c) Project complexity d) Degree of structural uncertainty Answer: a Explanation: As size increases, the interdependence among various elements of the software grows rapidly. 2. What describes the data and control to be processed? a) Planning process b) Software scope c) External hardware d) Project complexity Answer: b Explanation: Functions described in the statement of scope are evaluated and in some cases refined to provide more detail prior to the beginning of estimation. 3. A number of independent investigators have developed a team-oriented approach to requirements gathering that can be applied to establish the scope of a project called a) JAD b) CLASS c) FAST d) None of the mentioned Answer: c Explanation: Facilitated application specification techniques (FAST), this approach encourages the creation of a joint team of customers and developers who work together to identify the problem, propose elements of the solution, negotiate different approaches, and specify a preliminary set of requirements. advertisement 4. CLSS stands for a) conveyor line sorting system b) conveyor line sorting software c) conveyor line sorting speed d) conveyor line sorting specification Answer: a Explanation: The conveyor line sorting system (CLSS) sorts boxes moving along a conveyor line. Each box is identified by a barcode that contains a part number and is sorted into one of six bins at the end of the line. 5. The project planner examines the statement of scope and extracts all important software functions which is known as a) Association b) Decomposition c) Planning process d) All of the mentioned Answer: b Explanation: None 6. The environment that supports the software project is called a) CLSS b) SEE c) FAST d) CBSE Answer: b Explanation: Software engineering environment (SEE), incorporates hardware and software. 7. Which of the following is not an option to achieve reliable cost and effort estimate? a) Base estimates on similar projects that have already been completed b) Use one or more empirical models for software cost and effort estimation c) Use relatively simple decomposition techniques to generate project cost and effort estimates d) The ability to translate the size estimate into human effort, calendar time, and dollars Answer: d Explanation: None. 8. What can be used to complement decomposition techniques and offer a potentially valuable estimation approach in their own right? a) Automated estimation tools b) Empirical estimation models c) Decomposition techniques d) Both Automated estimation tools and Empirical estimation models Answer: b Explanation: An estimation model for computer software uses empirically derived formulas to predict effort as a function of LOC or FP. 9. Which of the following is not achieved by an automated estimation tools? a) Predicting staffing levels b) Predicting software cost c) Predicting software schedules d) Predicting clients demands Answer: d Explanation: Demands can vary from client to client. 10. Software project estimation can never be an exact science, but a combination of good historical data and systematic techniques can improve estimation accuracy. a) True b) False Answer: a 14.1 Explain the important differences between application security engineering and infrastructure security engineering. Application security engineering is the responsibility of system designers who have to design security into the system that reflects the security requirements and policies of the system procurer. Infrastructure security engineering is the responsibility of system managers or administrators whose job is to configure the existing infrastructure software (operating systems, databases, middleware, etc.) to ensure that it conforms to the security policies of the organisation that uses the infrastructure. 14.6 Explain why it is important to use diverse technologies to support distributed systems in situations where system availability is critical. The use of diverse technologies provides some protection against common vulnerabilities in different elements of the distributed system. Availability is enhanced by distributing assets so that attacks on one element do not disable the entire system. If diverse technologies are used, it reduces the chances that an attack on all elements of the system will be successful. 14.7 What is social engineering? Why is it difficult to protect against it in large organizations? Social engineering occurs where accredited users of a system are fooled into giving away secret information (such as passwords) to potential attackers. It is difficult to protect against this in large organisations because these have a hierarchical structure and people are used to obeying instructions from their managers. Also, because of the size of the organisation, there is less chance that a manager’s manager (say) will be known personally so it is therefore easier for an attacker to impersonate someone in authority. Explain how the complementary strategies of resistance, recognition and recovery may be used to enhance the survivability of a system. Resistance: Built-in mechanisms to resist attacks (such as the use of firewalls) means that many attacks on the system that may threaten its survivability are unsuccessful. Recognition: This is the process of recognising that an attack is underway. Early recognition means that counter - measures can be quickly deployed and that extra protection can be applied to critical assets, thus increasing the overall chances of survival. Recovery: If the system has built-in features to support recovery, then normal system service can be resumed more quickly after a successful attack. The overall availability of the system is therefore increased =-=- 16.3 Give four circumstances where you might recommend against software reuse. Circumstances where software reuse is not recommended: 1. If the business status of the code provider is dubious. If the provider goes out of business, then no support for the reused code may be available. 2. In critical applications where source code is not available. Testing the code to the required standards may be very difficult. 3. In small systems where the costs of reuse are comparable to the savings that result if code is reused. 4. In systems where performance is a critical requirement – specially developed code can usually be made more efficient. 16.8 Identify six possible risks that can arise when systems are constructed using COTS. What steps can a company take to reduce these risks? Risks that can arise when systems are constructed using COTS include: 1. Vendor risks: Failure of vendor to provide support when required Vendor goes out of business or drops product from its portfolio 2. Product risks: Incompatible event/data model with other systems Inadequate performance when integrated with other systems Product is undependable in intended operating environment 3. Process risk: Time required to understand how to integrate product is higher than expected. =-=-= Explain why the best programmers do not always make the best software managers. You may find it helpful to base your answer on the list of management activities. Management activities such as proposal writing, project planning and personnel selection require a set of skills including presentation and communication skills, organisational skills and the ability to communicate with other project team members. Programming skills are distinct from these (indeed, it is a common criticism of programmers that they lack human communication skills) so it does not follow that good programmers can re - orient their abilities to be good managers. =-=-= 7 What problems do you think might arise in extreme programming teams where many management decisions are devolved to the team members? While the notion of devolving management decisions to the team is attractive in terms of motivation, there are two types of problem that can arise: 1. Decisions are liable to be primarily influenced by technical considerations rather than business decisions. This is natural given the type of people on an XP team – it is difficult for them to take a business perspective. 2. Because of the focus on rapid iteration, management decisions tend to be short-term and pay insufficient attention to long-term issues. While this is in keeping with the XP philosophy, there is sometimes a need for a more detached, longer-term perspective which can be taken by a manager. I assume here that management decisions on e.g. the performance of team members are not taken by the team. Given the close knit nature of XP teams, it is difficult for the team to take decisions that censure individual team members. =-==-= Under what circumstances might a company justifiably charge a much higher price for a software system than the software cost estimate plus a reasonable profit margin? Circumstances where a high price might be charged: 1. Where a customer expects the developer to take on a considerable amount of project risk. 2. Where the customer has special requirements e.g. for very rapid delivery. 3. When the work is not central to the companies business and so diverts people from other more business - focused activities. The high price is intended to compensate for this. 4. When the customer has no alternative! Think about the ethics of excessive pricing in this situation. -Explain why the process of project planning is iterative and why a plan must be continually reviewed during a software project Project planning can only be based on available information. At the beginning of a project, there are many uncertainties in the available information and some information about the project and the product may not be available. As the project develops, more and more information becomes available and uncertainties are resolved. The project plan therefore must be reviewed and updated regularly to reflect this changing information environment. 5.Cost estimates are inherently risky, irrespective of the estimation technique used. Suggest four ways in which the risk in a cost estimate can be reduced. Possible techniques of risk reduction include: 1. Obtain a number of independent estimates using different estimation techniques. If these are widely divergent, generate more costing information iterate until the estimates converge. 2. For those parts of the system which are hard to estimate, develop a prototype to find out what problems are likely to arise. 3. Reuse software to reduce the amount of estimation required and to reduce overall costs. 4. Adopt a design to cost approach to development where the system functionality is adapted to a fixed cost. 5. Partition software requirements into critical, desirable and ‘gold plating’. Eliminate ‘gold-plating’ if necessary. =-=-=- 1. Reliability and safety are related but distinct dependability attributes. Describe the most important distinction between these attributes and explain why it is possible for a reliable system to be unsafe and vice versa. 2. Explain the important differences between application security engineering and infrastructure security engineering. 3. Explain why it is practically impossible to validate reliability specifications when these are expressed in terms of a very small number of failures over the total lifetime of a system. To measure reliability you need to have statistically valid failure data for the system so you need to induce more failures than are specified in the given time period. However, because the number of failures is so low, this will take an unrealistically large amount of time. =-=-=- Security =-=- 16.3 Give four circumstances where you might recommend against software reuse. Circumstances where software reuse is not recommended: 1. If the business status of the code provider is dubious. If the provider goes out of business, then no support for the reused code may be available. 2. In critical applications where source code is not available. Testing the code to the required standards may be very difficult. 3. In small systems where the costs of reuse are comparable to the savings that result if code is reused. 4. In systems where performance is a critical requirement – specially developed code can usually be made more efficient. =-=--= Distributed =-=- =-=- 9 Explain why deploying software as a service can reduce the IT support costs for a company. What additional costs might arise if this deployment model is used?
