Midterm Exam with Solutions - Software Engineering | CMSC 435, Exams of Software Engineering

Material Type: Exam; Class: Software Engineering; Subject: Computer Science; University: University of Maryland; Term: Spring 2005;

Typology: Exams

Pre 2010

Uploaded on 07/30/2009

koofers-user-8wb
koofers-user-8wb 🇺🇸

4.5

(1)

9 documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
NAME:_________________________________________ CMSC 435 midterm answers March 17, 2005
1
CMSC 435 midterm answers Sections 0301
Answer all questions in the space following each
question.
1 [7]. Security
a. What are the CIA attributes of security?
Confidentiality, Integrity, Availability
b. The 4 properties to ensure security are authentication,
authorization, data integrity and privacy. Define the role of
each.
Authentication – You are who you say you are.
Authorization – You have the rights to do what you want to
do
Data integrity- Data cannot be changed without your
knowledge
Privacy- Data cannot be seen by others without your
knowledge.
2 [10]. For each statement below, tell whether it is a good
requirement or not and why.
a. The system shall be easy to use.
No - What is “easy?”
b. The system shall respond in less than 2 seconds with the
answer.
Yes – Explicit requirement which can be tested.
c. The system may handle files of up to 2 MB in size.
No – “May” is optional so not really a requirement.
d. The system shall conform to all requirements of IEEE
standard 854.
Yes – Assuming IEEE 854 is an explicit set of requirements.
e. The system shall operate on all web browsers.
No – “All” is too vague here.
3. [30] Explain each of the following in 1 or 2 sentences.
a. (High, Low) __High__ cohesion is preferred. Why?
Want operations in a module to be interrelated.
b. (High, Low) ____Low___ coupling is preferred. Why?
Minimize interactions between modules allows for easy
changes.
c. What is glue code?
Code to allow premade packages (e.g., COTS tools) to be
embedded within another system.
d. RMA attributes are sometimes used as the name for
dependability. What does RMA stand for?
Reliability, Maintainability, Availability.
e. Why is dependability considered a non-functional
requirement?
It’s a property of a system, not an explicit function, such as
safety, security, reliability.
f. Give another dependability attribute, besides the RMA
ones, and why is it also non-functional?
Security – No explicit in-out relationship. System has to
implement the CIA attributes of question 1.
Also safety, usability, almost any other”…ililty.”
g. Eclipse is a (framework, reference model, architecture)
__framework__ and why?
It is a system that runs that allows other tools to be plugged
into it.
h. The ECMA “toaster” model is a (framework, reference
model, architecture) __reference model_ and why?
It defines the areas where standards are needed to define the
interfaces between tools and the environment framework.
i. The Rayleigh curve is a theoretical curve useful to model
what attribute of a project?
Cost (or effort) on a project as a function of time.
j. What are the differences between an error, a fault, and a
failure?
Failure – Observed misbehavior of a system.
Fault – Place in code that causes failure.
Error – Place in code that is incorrect. (Not necessarily the
fault.)
4. [12] For each of the follow, does it represent a risk and
why?
1. You didn’t study for this midterm and you think you may
fail.
Risk – Cost is low grade and probability is between 0 and
100 that you may fail, but not guaranteed. You may
remember enough to pass.
pf3
pf4

Partial preview of the text

Download Midterm Exam with Solutions - Software Engineering | CMSC 435 and more Exams Software Engineering in PDF only on Docsity!

CMSC 435 midterm answers Sections 0301

Answer all questions in the space following each question.

1 [7]. Security a. What are the CIA attributes of security?

Confidentiality, Integrity, Availability

b. The 4 properties to ensure security are authentication, authorization, data integrity and privacy. Define the role of each.

Authentication – You are who you say you are.

Authorization – You have the rights to do what you want to do

Data integrity- Data cannot be changed without your knowledge

Privacy- Data cannot be seen by others without your knowledge.

2 [10]. For each statement below, tell whether it is a good requirement or not and why.

a. The system shall be easy to use.

No - What is “easy?”

b. The system shall respond in less than 2 seconds with the answer.

Yes – Explicit requirement which can be tested.

c. The system may handle files of up to 2 MB in size.

No – “May” is optional so not really a requirement.

d. The system shall conform to all requirements of IEEE standard 854.

Yes – Assuming IEEE 854 is an explicit set of requirements.

e. The system shall operate on all web browsers.

No – “All” is too vague here.

  1. [30] Explain each of the following in 1 or 2 sentences.

a. (High, Low) High cohesion is preferred. Why?

Want operations in a module to be interrelated.

b. (High, Low) ____Low___ coupling is preferred. Why?

Minimize interactions between modules allows for easy changes.

c. What is glue code?

Code to allow premade packages (e.g., COTS tools) to be embedded within another system.

d. RMA attributes are sometimes used as the name for dependability. What does RMA stand for?

Reliability, Maintainability, Availability.

e. Why is dependability considered a non-functional requirement?

It’s a property of a system, not an explicit function, such as safety, security, reliability.

f. Give another dependability attribute, besides the RMA ones, and why is it also non-functional?

Security – No explicit in-out relationship. System has to implement the CIA attributes of question 1. Also safety, usability, almost any other”…ililty.”

g. Eclipse is a (framework, reference model, architecture) framework and why?

It is a system that runs that allows other tools to be plugged into it.

h. The ECMA “toaster” model is a (framework, reference model, architecture) _reference model and why?

It defines the areas where standards are needed to define the interfaces between tools and the environment framework.

i. The Rayleigh curve is a theoretical curve useful to model what attribute of a project?

Cost (or effort) on a project as a function of time.

j. What are the differences between an error, a fault, and a failure?

Failure – Observed misbehavior of a system. Fault – Place in code that causes failure. Error – Place in code that is incorrect. (Not necessarily the fault.)

  1. [12] For each of the follow, does it represent a risk and why?
  2. You didn’t study for this midterm and you think you may fail.

Risk – Cost is low grade and probability is between 0 and 100 that you may fail, but not guaranteed. You may remember enough to pass.

  1. It is raining outside and you didn’t bring your umbrella. You think you may get wet.

No risk. You will get wet.

  1. Assume midterm exams may be graded in 24 hours. You have to leave for Spring Break soon. You think you have to wait until after Spring Break to get your grade.

No risk. Loss in minimal.

  1. You car was low on gas and you didn’t buy any. You think you may miss getting to this midterm on time.

Risk – Probability of not arriving on time and getting a low grade is between 0 and 100 per cent.

5 [12].

a. What are the significant differences between a spiral life cycle and a waterfall life cycle?

Waterfall is artifact based. Do requirements document, then move on to design, … Spiral model is really similar but emphasizes risk assessment and evaluation at each stage, not just the completion of a document or a review.

b. How does the V process model differ from the waterfall model?

Only in display. Both have the same stages, only the V model matches coding with design as its validation, integration testing with specification, and acceptance testing with requirements.

c. Give an example of both an upstream and a downstream process.

Upstream – pre-code: requirements, specification, design Downstream – code, testing, or any specific type of process such as code inspections.

d. What are the differences between the specification process and the requirements process?

Requirements are what the user wants and is a contract between the user and the development. Specifications are what the computer will do and are a “contract” between the developers and the computer.

6 [5]. What would be the implications if the application program interface (API) in Microsoft’s Windows XP operating system were converted into an IEEE standard? (Write as much or as little as you think necessary to answer this.)

  1. Microsoft couldn’t arbitrarily change APIs between versions of Windows.
  2. Changes to APIs would take longer to implement.
  3. Perhaps nothing would change since Microsoft could ignore standards – they are only voluntary anyway.
  4. If Microsoft followed standards, would allow competing developers more time to build competing projects.
  5. Alternative operating systems could be built with a different structure but using the same application interfaces.
  6. Probably several other reasons as well …

7 [12]. You want to develop a web-based application. The user types in name and email address and a word into a local client, and the server application looks up the word in a database and sends the contents of that database entry as an email message back to the user.

Model the client, server, and database application as a message sequence chart. Include as many error conditions as you can.

(Explain any other requirements you have to assume if they are not explained here.)