Professional Documents
Culture Documents
a
COLLEGE OF COMPUTING AND INFORMATION SCIENCES
Instructions:
• Filling out Student-ID and Student-Name on exam header is mandatory.
• Do not remove or change any part of exam header or question paper.
• Write down your answers in given space or at the end of exam paper with proper title “Answer
for Question# _ _”.
• Answers should be formatted correctly (font size, alignment and etc)
• Handwritten text or image should be on A4 size page with clear visibility of contents.
• Only PDF format is accepted (Student are advise to install necessary software)
• In case of CHEATING, COPIED material or any unfair means would result in negative marking
or ZERO.
• A mandatory recorded viva session will be conducted to ascertain the quality of answer scripts
where deemed necessary.
• Caution: Duration to perform Final-Term Assessment is 03 hours only. Extra 02 hours are given
to cater all kinds of odds in submission of Answer-sheet. Therefore, if you failed to upload answer
sheet on LMS (in PDF format) within 05 hours limit, you would be considered as ABSENT/FAILED.
Page 2 of 13
3. If you have to develop a mobile based app like (meeting scheduler and reminder)
what process model will you choose? Justify your answer with proper reasoning
Answer:
We will use rapid action development model as it is not a huge application it can
be build in less than 3 months and its GUI is simple and functions are also less.
There are many open source meeting scheduler apps are available so we don’t
have to make new software components we will use software reusable
components, integrate it and test all software components and implement it.
Page 3 of 13
4. Consider an ATM System. Identify at least 10 risks associated with such a system
(Provide RMMM plan for any 3 most prioritized risks)
Answer:
1)Denial of Service
2)Data Disclosure
3)Malicious Software Injection
4)Configuration File Modification
5)Privilege Setting Modification
6)Software Component Modification
7)Test Utility Exploitation
8)Data Masking
9)User Access Control
10)Application Control
Risk Mitigation, Monitoring and Management
• Mitigation
In order to prevent this from happening, meetings (formal and informal) will be held with the server
managers on a routine basis. To ensures that the ATM is running 24/7.
• Monitoring
The meetings with the server managers should ensure that the server managers and our
organization understand each other and the requirements for the ATM service.
• Management
Server Mangers should know that ATM service should be available 24/7 so that customer is able
to use it. Managers should have routine meeting with server manager.
• Mitigation
In order to prevent this from happening, the software will be developed with the high-level
security in mind. The software will be designed in a way to make software safe and secure.
Page 4 of 13
• Monitoring
The software will be developed with the security in mind. The development team will ask the
opinion of various cyber security professionals throughout the development phases. Specifically,
the developer will be sure to get a thorough opinion from professionals.
• Management
Should the program be tested by the cyber security professionals, the program will be thoroughly
examined to find the reasons that this is so. Specifically, the data privacy will be investigated and
if necessary, revamped into a solution.
• Mitigation
In order to prevent this from happening, the software will be developed with the high-level
security in mind. The software will be designed in a way to make software safe and secure.
• Monitoring
The software will be developed with the security in mind. The development team will ask the
opinion of various cyber security professionals throughout the development phases. Specifically,
the developer will be sure to get a thorough opinion from professionals.
• Management
Should the program be tested by the cyber security professionals, the program will be thoroughly
examined to find the reasons that this is so. Specifically, the software will be investigated and if
necessary, revamped into a solution.
5. How can you improve software process using review, and explain how software
reviews can impact quality and performance?
Answer:
If we take review after every development phase, we will be able to recognize
errors early and correct it so when software is completed, we will be having less
errors on the other side if we complete the software without reviews their will be
more errors that will increase our cost.
Page 5 of 13
6. Suppose we have payroll management system (OOP based project) explain how
you can perform testing on that project (properly mention classes and methods)
Answer:
Payroll Class{
payroll_id;
payroll_title;
payroll_type;
payroll_employee_id;
addPayroll()
{
}
editPayroll()
{
}
deletePayroll()
{
}
searchPayroll()
{
}
We will test after every function we completed to make software error free
and integrate in the end to deliver software efficiently. We will be testing software
after every component is added
Page 6 of 13
8. Design at least 4 UI’s of your SE course Project and perform Black Box Testing
1)Click on Add Product button it will show a screen to add product details.
2)Enter text on search textbox it will search on products according to text written
in searchbox.
3)Click on home it should open dashboard page.
Page 8 of 13
9. Suppose “abc” is a developer (producer) whose work product has been inspected.
Now as a moderator you are required to initiate inspection activity try to explain
the whole scenario with all key roles and responsibilities performed by each role
Answer:
Inspection is a formal method and it is done in a formal meeting in which Reader
read the code and everyone inspect it and come up with defects and recorder
record the errors and moderator ensures that discussion is on productive line.
After inspection if errors are in high rate producer will be asked to fix it and other
inspection meeting will be done and if errors are in less quantity producer will
only be asked to fix it no other meeting will be held.
Page 9 of 13
Section B (Calculations)
Note: Total 3 questions
1. Derive a flow graph for the following program and apply the basic path testing:
(5 Marks)
Page 10 of 13
Page 11 of 13
Page 12 of 13
Page 13 of 13
Answer:
Suppose we are developing LMS there are two approaches to estimate of project one is single point
estimate which means we estimate according to every function and method and make an estimate of
total functions and estimate time of project which will be a long process and it can tell more cost of
LMS on the other hand we have feature by feature estimation in which we take total of features which
we will be developing and it will give us less estimation time of project.
3. Suppose we have 2 risks associated with the project one is significant product
rejection having 2% chances of occurrence and total risk if it occurs will be 95K
another risk is major changes in initial requirements probability of occurrence is
20% and total risk if it occurs will be 35k. Find Risk Exposure for both risks and
provide analysis for both of them (4 Marks)
Answer:
Product Rejection:
RE=P*C
RE=0.02*95000=1900
Major Changes:
RE=P*C
RE=0.2*35000=7000
If Major Changes risk occur it will impact less on our product as compare to product
rejection risk