Software engineering

Question 1

Plan Driven WaterFall Model

Answer 1

Separate and distinct phases of specification and development
- used for large system engineering projects
and when safety is critical?

Question 2

waterfall model issuess

Answer 2

-if outsoruced is used, hard for development team to check quailty of outsourced stage
-Only appropriate when the requirements are well understood and changes are limited. This is unlikely as few businesses have truly stable conditions

Question 3

Why is plan driven less used like waterfall and when would they be still relevant

Answer 3

Difficult to handle unknown problems using a model that forces you to planeverything in advance
* Places a lot of emphasis on testing behaviour at the end
* Limits stakeholder interactions to beginning and end

Still relevant in large scale development where lots of coordination needed
Safety critical systems requiring certification

Question 4

V-Model
Advantages and Disadvantages

Answer 4

Waterfall model with emphasis on testing(plan driven)

-Helps ensure legitamacy of testing leading to higher chance of success than waterfall

-Changes to specification midway require changes to past phases
-inefficient in ill-understood situations

Question 5

Incremental development
ad dis

Answer 5

Develop systems in parts where each part provides a useful function to the customer

-Debugging is easier for each increment and easier to recieve feedback
-Rapid Delivery and development possible. Allows customers to gain value from software earlier
-Reduce cost of change for future incremenets from feedback.

Increased cost of change for past incremeents
More complex for manangement.

Question 6

Iterative development
adv dis

Answer 6

Refining and improving the same functionality.

-Good for prototyping risky functions
-potential for ongoing feedback

-Not cost effective to proudce documents that reflect every version of system
-System Structure can degrade

Question 7

Prototype advantage and disadvantage

Answer 7

Improved system usability
allows for improved design quality
closer match to users real needs

Costs of developing prototypes
Prototypes leave out many functionality

Question 8

Specifying written requirements

Answer 8

Description - Short statement of purpose(system will provide print faacilitiy, website will support multiple languages)

ID- unique numerical number
Rationale- why is the requirement important(maximise users who can operate a website)

fit criteria- tells you how to go abt something. how to check it.
for example - a system supporting multiple file formats could have fit criteria system will be tested against pdf,jpeg

Owner- assigning an owner confers responsibility

Question 9

Requirement classifications

Answer 9

Furps
Functionality
Usability
reliability
performance
supportability

Question 10

Enduring vs volatile requirements

Answer 10

Enduring - Stable requirements derived from core activity(hospital will always have doctors)
Volatile requirements - requirements which change during development or when system is in use

Question 11

Agile development applicability

Answer 11

Ensuring it isint a safety critical development
Ensuring it isint in a heavily regulated industry
If project contains uncertain elements at the time of starting
small medium size projects around 3-18 months

Question 12

Agile development technique XP

Answer 12

takes extreme approach to iterative development
New software versions may be built several times per day
small increments are delivered to customers frequentyl
ALl test must be ran for every build

Question 13

Key practices of XP

Answer 13

User stories- user requirements are expressed as scenarios then broken into task( AS A ? I WANT TO? , SO THAT I ?)

collective ownership- anyone can change it if bug spotted

refactoring - programming teeam look 4 possible software improvements. e.g renaming methods to make them more understandbable

Pair programming- developing code in pairs
More efficient as each line of code looked at by 2

Question 14

Test Driven Development

Answer 14

Test are written before the code and code is developeed incrementally along with a test for that increment

Question 15

how to go about running a TDD

Answer 15

identity functionality to test
write automated test for this functionality
Run the test(should fail as code not written yet)
implement the functionality and re-run test
Once successful, implement next chunk of functionality

Question 16

Benefits of TDD > Poblems

Answer 16

Writing the tests before the code itself clarifies the
requirements to be implemented
Code Covereage as every code segment has at least one associated test
Test are simple so debugging should be simple

Testing emergent features is tricky such as security
Hard to determine when a set of test is complete

Question 17

Agile development technique : SCrum

Answer 17

A daily meeting of the Scrum team that reviews progress and prioritizes work to be done that day.

nitial phase: outline planning phase (objective)
Sprints Phase: Where each sprint develops an increment of the system.(shippable piece of functionality)
Closure: Documentatin and lessons learned

Question 18

Scrum Master
backlog

Answer 18

faciliator who arranges daily meetings
-Tracks the work to be done
-measures progress
communicates with customers and management outside the team

this is a list of ‘to do’ items which the Scrum team must tackle
A backlog is maintained containing the set of
user stories still to be implemented.

Question 19

Scrum benefits

Answer 19

Product broken down into a set of managable chunks
Unstable requirements do not hold up progress
Customers see benefits with every increment

Daily meetings take up valuable resources restricting team size
Scrum master is challeniging
Close ties depend on team co-location

Question 20

Feasibility study

Answer 20

Decides whether or not the propsed system is worthwhile
-risk of project
how will system help

Question 21

Why would personas be used

Answer 21

Personas are used to represent the interests of user
groups without identifying with real world individuals
Particularly useful when exploring negative character
traits

Question 22

Benefits of software reuse
Problems of reusye

Answer 22

Increased dependability- Tested software likely to be more dependable then new software
Lower development costs- lower cost than developing new software
accelerated development- speed up system production as development and validation time reduced.

Increased mainteneance costs- reused elements of system may become increasingly incompatible with system changes.

Finding,understanding and adapting reusable components- software components have to be understood and sometimes apdapted to work in new enviroments.

Question 23

Open source licensing models

Answer 23

General public license - ‘recipricol license’ meaning if you use open source spftware under GPI, you must make that software open source.

Lesser general public license- you can write components that link to open-source code without having to publish source of your component

Berkley standard distribution license- Non reciripocol license meaning not obligated to re-publish any changes made to open source code

Question 24

ERP , CRM , LCNC

Answer 24

ERP-costly, increases process speeds of business

CRM - customer niteraction and sales

For LCNC - low code no code ( point and click programming)
 Short lifespan systems
 Rapid deployment situations
 Limited functionality systems
 Non mission critical infrastructure

Question 25

Measurements for reliability

Answer 25

Mean time between failure = Mean time to failure + mean time to recover
Availability = MTTF / (MTTF + MTTR)

Question 26

Drawbacks of measurements for reliability

Answer 26

System load difficult to model as it may vary by time of day
Disasters may occur
Seasonality
Growing business

Question 27

Static Software inspection (testing)

Answer 27

No execution of code
used for verification and not validaiton.

AD-Incomplete versions of a system can be inspected without additional costs
An inspection can also consider some nonfunctional attributes of a program

D

Question 28

Dynamic testing

Answer 28

Development testing, where the system is tested during development to discover bugs
Release testing, where a separate testing team test a complete version of the system before it is released to users.
User testing, where users or potential users of a system test the system in their own environment.

Question 29

Testing strategies

Answer 29

Partition testing - where you identify groups of inputs that have common characteristics and should be processed in the same way.

Guideline-based testing, where you use testing guidelines to choose test cases.

Question 30

Development testing

Answer 30

Includes
Unit testing- Individual program units or objects classes are tested.
unit tested should be automated to make retesting easier.

Component testing- several indiviudal units are integrated to create composite component

System testing- some or all of the components in a system are integrated and the system is tested as a whole.

Question 31

Release testing

Answer 31

usually black box testing process so unit test wont help.
may involve testing the emergent properties, such as performance and reliability.

Load is steadily increased until the system
performance becomes unacceptable.

Question 32

User testing types

Answer 32

Alpha testing- Users of the software work with the development team to test the software at the developer’s site.

Beta testing -release of the software is made available to users to allow them to experiment and to raise problems that they discover with the system developers.

Acceptance testing- Customers test system to decide if its ready to be accepted from system developers and deployed in customer environment

Question 33

DevOps Practices

Answer 33

DevOps involves far deeper communication and cooperation between Development staff and Operations staff.

DevOps would be used where there is uncertain functionality, and potential for ongoing change

Automated Testing - TDD

Integrated software configuration- Systems allow staff to manage and share information about configuration and change

Continuous integration and deployment - integrate changes quickly and deploy quickly. – leads to far more responsive development but increase risk as it relies on programmers testing codes themself

real-time-monitoring- proactive monitoring canresolve issues before they become catastrophic( making logs available to developers)

Question 34

Devops drawbacks

Answer 34

Requires organisational culture change. Management, employee training.
Requires significant investment in software development tools such as docker
currently few studies to measure effectiveness

Question 35

DevSecOps

Answer 35

Similar to Devops but Centred on security engineering

Question 36

Key processes to support DevSecOps

Answer 36

Test Driven Security- Regression test to cover common security failures

SAST- used testing in relation to security without running the code.
-Analyse system based on static code
-Largely automated tool based checking
-Prone to false positives

DAST - Attack a system while it is running to look for vulnerabilities.
-Largely automated
-Can still generate false positives despite use of IA
-blackbox in nature

IAST(interactive application)- Similar to DAST but whitebox in nature
- Only checks code being executed
-programming language dependent

Penetration testing
-Uses ethical hackers
- mix of automation and manual testing
-avoids false positives
-Expensive and requires expertise

Question 37

How to monitor for intrusion

Answer 37

Intrusion detection system- Alerts human or dsicovery of threat but takes no action

Intrusion prevention systems - Would take pro-active action and alert humans.

Logging Pipelines- Without logs, we cannot monitor, Without logging pipelines, logs will remain scattered
-Logs provide easy access to info.
-Provides audit trail for secuitry incidents.

Question 38

Professional responsibility

Answer 38

Confidentiality- respect the confidentiality of employers or clients whether or not agreement has been signed

Competence - Dont accept work outside their competence

Intellectual property right- Engineers should be aware of local laws governing the use of intellectual property(copyright)

Computer misuese- Software engineers should not use their technical skills to misuse other ppls computers

Question 39

8 ethical priniples of ACM/IEEE

Answer 39

Public interest, client and employers intrest, product standards, professional judgement, ethical management, professional integrity, support colleagues, self growth.

Question 40

Equality Act
DPA
GDPR

Answer 40

Unlawful Act- Unlawful for service to discriminate against a disabled person.

Data Protection Act-Data used fairly,lawfully and transparency
- used for explicit purposes
- Used in a way that is relevant and limited
-Accurate and kept up to date
-Kept for no longer than necessary
-Handled in a way that ensures appropriate Security

GDPR- .Strengthens ability to find where your data is held
Prevents sale of your personal data without consent

Question 41

GDPR issues

Answer 41

1. infereed data. Say you are 80 years old living in london st 1 kenworth ==> The fact you are old and in kenworth is known
2. Hidden information - you can ask a company where they got your info from. but they only have to give a rough idea

Question 42

Foi Act

Answer 42

FOI act 2000 gives individuals the right to
access information about certain public bodies
by two routes :

Publication scheme- MAny orgs provide much of the info that can be requested using websites.

General right of access –> to be told whether info exist.
requests must be in permanent form

decision to withold requires good reasons such as:
Excessive costs
Communications with the King
law enforcement
Vexatious- clearly has no purpose or value
Repeated

Question 43

Software process activity

Answer 43

software ( specification, development, validation, evolution)

software produces with bespoke (from scratch)
COts(from standard products)

Question 44

Behavioural driven development

Answer 44

uses structered english language and focuses on providing suitable unit and acceptance test which are executable

Question 45

BDD advantages and disadvantages

Answer 45

Allows a broader range of stakeholders to check acceptance test are approriate and accurate.
-Acts as a bridge between user storeis and code test

Requires training as writing gherkin is a little difficult.
Ensures code will work but not that it is good or efficient code.

Question 46

Architectual patterns

Anti patterns

Answer 46

peer to peer
event driven
clinet server

replicated, dead code, very long methods, poor method names

Question 47

role of defensive progrmaming

Answer 47

imrpoves progarm and robustness of software through,

error handling,
input handling
redudancys
making code easily understandable

Question 48

Purpose of usecase diagram notation

Answer 48

Shows how systems are linked at a high level.
It supports non-technical users in discussing design

Question 49

Purpose of class diagrams

Answer 49

shows the existence of Classes and is used to
represent the static structure of the system

Details of the relationships between classes

Question 50

Beneftis and disadvantages to globilisation

Answer 50

Allows outsourcing to the best organisation for a given area of development
Allows 24 hour development in theory at least making use of hand offs around the
world, saving money and time

Requires understanding of local laws etc in the deployment market
Limited in-person meetings can restrict communication opportunities

Question 51

Use Case Diagrams : To determine what functionality is required
and who interacts with it
 Class and Object Diagrams : To determine what objects there are
and what associations exist between them
 Sequence Diagrams : To determine the behaviour of objects as
they interact
 State Diagrams : To explore the state of a given system
 Activity Diagrams : To determine what an object does during
states of a state diagram, and what a collection of objects do
through a whole use case