Page 1 of 13

a
COLLEGE OF COMPUTING AND INFORMATION SCIENCES

Final-Term Assessment Summer 2020 Semester

Class Id 104568 Course Title SE

Program BSCS Campus / Shift Main Campus / Morning
th
Date 6 – August 2020 Total Marks 50
Duration 03 hours Faculty Name Fizza
Student Id 9461 Student Name Muhammad Tousique

Instructions:
• Filling out Student-ID and Student-Name on exam header is mandatory.
• Do not remove or change any part of exam header or question paper.
• Write down your answers in given space or at the end of exam paper with proper title “Answer
for Question# _ _”.
• Answers should be formatted correctly (font size, alignment and etc)
• Handwritten text or image should be on A4 size page with clear visibility of contents.
• Only PDF format is accepted (Student are advise to install necessary software)
• In case of CHEATING, COPIED material or any unfair means would result in negative marking
or ZERO.
• A mandatory recorded viva session will be conducted to ascertain the quality of answer scripts
where deemed necessary.

• Caution: Duration to perform Final-Term Assessment is 03 hours only. Extra 02 hours are given
to cater all kinds of odds in submission of Answer-sheet. Therefore, if you failed to upload answer
sheet on LMS (in PDF format) within 05 hours limit, you would be considered as ABSENT/FAILED.
 Page 2 of 13

Section A (Descriptive Questions)

Note: Total 9 questions having equal marks 4 =9*4=36

1. We have to develop Library Management System try to explain concept of stub

and driver with proper name of modules
Answer: In library Management System we have a Driver Class in which
modules will be called for testing. We have another Class Book Details in which
we have one Module (Add Book Details). Modules are those functions which are
completely developed of required software and ready for testing and two Stubs
(Update Book Details and Delete Book Details). Stubs are those functions which
are not developed yet they are just dummy. Driver class will be used to test
modules.

2. Regression testing is considered as a hectic process so why it is required try to

explain with example when and how regression testing should be apply
Answer: Regression testing is done after every addition of feature in software and
it will be done on every function again so that there are no errors after integration.
Suppose a banking management system where customer was only able to view
current balance and now we have added a function of transfer funds. If a customer
has a current balance of 1500 and his previous balance was 500 now customer try
to transfer 1000 if we have done regression testing properly customer will be able
to transfer funds as his current balance is 1500 and if we do not applied regression
testing properly system will consider customer previous balance of 500 and will
through an error that transfer cannot be made. It is better to do regression testing
after every function is added as it will save maintenance cost.

3. If you have to develop a mobile based app like (meeting scheduler and reminder)
what process model will you choose? Justify your answer with proper reasoning
Answer:
We will use rapid action development model as it is not a huge application it can
be build in less than 3 months and its GUI is simple and functions are also less.
There are many open source meeting scheduler apps are available so we don’t
have to make new software components we will use software reusable
components, integrate it and test all software components and implement it.
 Page 3 of 13

4. Consider an ATM System. Identify at least 10 risks associated with such a system
(Provide RMMM plan for any 3 most prioritized risks)
Answer:
1)Denial of Service
2)Data Disclosure
3)Malicious Software Injection
4)Configuration File Modification
5)Privilege Setting Modification
6)Software Component Modification
7)Test Utility Exploitation
8)Data Masking
9)User Access Control
10)Application Control
Risk Mitigation, Monitoring and Management

Risk: Denial of Service

• Mitigation
In order to prevent this from happening, meetings (formal and informal) will be held with the server
managers on a routine basis. To ensures that the ATM is running 24/7.

• Monitoring
The meetings with the server managers should ensure that the server managers and our
organization understand each other and the requirements for the ATM service.

• Management
Server Mangers should know that ATM service should be available 24/7 so that customer is able
to use it. Managers should have routine meeting with server manager.

Risk: Data Disclosure

• Mitigation
In order to prevent this from happening, the software will be developed with the high-level
security in mind. The software will be designed in a way to make software safe and secure.
 Page 4 of 13

• Monitoring
The software will be developed with the security in mind. The development team will ask the
opinion of various cyber security professionals throughout the development phases. Specifically,
the developer will be sure to get a thorough opinion from professionals.

• Management
Should the program be tested by the cyber security professionals, the program will be thoroughly
examined to find the reasons that this is so. Specifically, the data privacy will be investigated and
if necessary, revamped into a solution.

Risk: Malicious Software Injection

• Mitigation
In order to prevent this from happening, the software will be developed with the high-level
security in mind. The software will be designed in a way to make software safe and secure.

• Monitoring
The software will be developed with the security in mind. The development team will ask the
opinion of various cyber security professionals throughout the development phases. Specifically,
the developer will be sure to get a thorough opinion from professionals.

• Management
Should the program be tested by the cyber security professionals, the program will be thoroughly
examined to find the reasons that this is so. Specifically, the software will be investigated and if
necessary, revamped into a solution.

5. How can you improve software process using review, and explain how software
reviews can impact quality and performance?
Answer:
If we take review after every development phase, we will be able to recognize
errors early and correct it so when software is completed, we will be having less
errors on the other side if we complete the software without reviews their will be
more errors that will increase our cost.
 Page 5 of 13

6. Suppose we have payroll management system (OOP based project) explain how
you can perform testing on that project (properly mention classes and methods)
Answer:
Payroll Class{

payroll_id;
payroll_title;
payroll_type;
payroll_employee_id;

addPayroll()
{
}
editPayroll()
{
}
deletePayroll()
{
}
searchPayroll()
{
}

We will test after every function we completed to make software error free
and integrate in the end to deliver software efficiently. We will be testing software
after every component is added
 Page 6 of 13

7. The maturity level or capability level of an organization provides a way to

characterize its capability and performance. XYZ (Pvt) Ltd is a software house,
working at CMM level 3, what processes they must use and what are your
recommendations for improvement from CMM level 3 to next level 4 and 5 in
terms of KPA?
Answer:
As XYZ(Pvt) ltd is on CMM level 3 if the want to upgrade to level 4 and 5 they
have to make their organization data driven so that they can predict accurately and
meet the standards of stakeholders. Their organization should also focus on
continuous change and innovation so they can adapt to change easily and provide
platform for innovation.

8. Design at least 4 UI’s of your SE course Project and perform Black Box Testing

1)Enter Text in Username textbox

2)Enter password in password textbox and see password is hidden or not
3)After entering username and password click logon if username and password is
correct it will login and will show dashboard otherwise give error of invalid
username and password
 Page 7 of 13

1)Click on Dashboard on navbar it should refresh the page as we are on dashboard

2)Click on Brand on navbar it should open brand page.
3)Click on Category on navbar it should open category page.
4)Click on Product on navbar it should open product page.
5)Click on Orders on navbar it will drop down two option Add Order and Manage
Order.
6)Click on Report on navbar it will open report page.
7)Click on Admin logo on navbar it will slide down two option Settings and sign
out.

1)Click on Add Product button it will show a screen to add product details.
2)Enter text on search textbox it will search on products according to text written
in searchbox.
3)Click on home it should open dashboard page.
 Page 8 of 13

4)Click on Action Dropdown menu it will dropdown options of edit product,delete

product and status

1)Click on home it should open dashboard page

2) Click on Action Dropdown menu it will dropdown options of edit order,delete
order and status.
3)Enter text on search textbox it will search on orders according to text written in
searchbox

9. Suppose “abc” is a developer (producer) whose work product has been inspected.
Now as a moderator you are required to initiate inspection activity try to explain
the whole scenario with all key roles and responsibilities performed by each role
Answer:
Inspection is a formal method and it is done in a formal meeting in which Reader
read the code and everyone inspect it and come up with defects and recorder
record the errors and moderator ensures that discussion is on productive line.
After inspection if errors are in high rate producer will be asked to fix it and other
inspection meeting will be done and if errors are in less quantity producer will
only be asked to fix it no other meeting will be held.
 Page 9 of 13

Section B (Calculations)
Note: Total 3 questions

1. Derive a flow graph for the following program and apply the basic path testing:
(5 Marks)
Page 10 of 13
Page 11 of 13
Page 12 of 13
 Page 13 of 13

2. Differentiate between single point estimates and feature by feature estimates by

using example scenario (5 Marks)

Answer:
Suppose we are developing LMS there are two approaches to estimate of project one is single point
estimate which means we estimate according to every function and method and make an estimate of
total functions and estimate time of project which will be a long process and it can tell more cost of
LMS on the other hand we have feature by feature estimation in which we take total of features which
we will be developing and it will give us less estimation time of project.

3. Suppose we have 2 risks associated with the project one is significant product
rejection having 2% chances of occurrence and total risk if it occurs will be 95K
another risk is major changes in initial requirements probability of occurrence is
20% and total risk if it occurs will be 35k. Find Risk Exposure for both risks and
provide analysis for both of them (4 Marks)

Answer:

Product Rejection:
RE=P*C
RE=0.02*95000=1900

Major Changes:
RE=P*C
RE=0.2*35000=7000

If Major Changes risk occur it will impact less on our product as compare to product
rejection risk