Software Engineering Final :(

3. What makes it possible for software running on a virtual server to ‘run anywhere’?  

A virtual server is a stand-alone system, that can run on any hardware on the cloud. This run anywhere feature is possible because virtual servers have no external dependencies. You load the software that you need and are not relying on software that is out of date, no longer avaible, or other problems.  

6. What are the four most important benefits of using containers?  

1. They solve the problem of software dependencies 

2. They provide a mechanism for software portability across different clouds 

3. They provide an efficient mechanism for implementing software services 

4. They simplify the adoption of DevOps 

9. List 2 advantages and 2 disadvantages of SaaS for customers.  

Advantages: 

• Immediate software updates 

• No upfront costs for software or servers 

Disadvantages: 

• Security concerns 

• Data exchange 

12. List five possible customizations for SaaS.  

Authentication

Branding

Business rules

Data schemas

Access control

15. List the advantages and disadvantages of multi-instance databases.  

Advantages: 

• Flexibility 

• Security 

• Scalability 

• Resilience 

Disadvantages: 

• Cost 

• Update management 

18. Briefly explain how a cloud-based system can be resilient.  

The resilience of a system reflects its ability to continue to deliver critical services in the event of system failure or malicious system use. A standyby system can be used to provide resilience. To protect against hardware failure or failure of the cloud management software, you need to deploy your main system and backup system in different physical locations.    

3. What is coupling and why is it important in a microservices architecture?  

Coupling is a measure of the number of relationships that one component has with other components in the system. Low coupling means that components do not have many relationships with other components. Coupling is a measure of the number of relationships that one component has with other components in the system. Low coupling means that components do not have many relationships with other components. 

6. What support code is needed in a microservice?

Message management code

Failure management code

UI implementation code

Data consistency management code

9. What are four general design guidelines that support the decomposition of a system into

microservices.

Balance fine-grain functionality and system performance

Follow the “common closure principle”

Associate services with business capabilities

Design services so that they have access to only the data that they need

12. Explain what is meant by replica inconsistency.

Several replicas of the same service may be executing concurrently. These all have their own database copy and each updates its own copy of the service data. You need a way of making these databases “eventually consistent” so that all replicas are working on the same data.

15. Explain the difference between orchestration and choreography.

Orchestration is a way to implement this workflow is to define the workflow explicitly (either in a workflow language or in code) and to have a separate service that executes the workflow by calling the component services in turn. An alternative approach is choreography which depends on each service emitting an event to indicate that it has completed its processing. Other services watch for events and react accordingly when events are observed. There is no explicit service controller for choreography.

18. In the RESTful style, what is a resource?

The REST architectural style is based on the idea of transferring representations of digital resources from a server to a client. This is the fundamental approach used in the web, where the resource is a page to be displayed in the user’s browser. An HTML representation is generated by the server in response to an HTTP GET request and is transferred to the client for display by a browser or a special-purpose app.

3. Suggest three features that may be included in cloud-based systems to help users with operational security.

1. Auto-logout addresses 

2. User command logging 

3. Multifactor authentication 

6. What is session hijacking?

Session hijacking is a type of attack where a bad actor acquires a valid session cookie and uses it to impersonate a legitimate user.  

9. What are the major weaknesses of password-based authentication?  

Insecure passwords

Phishing attacks

Password reuse

Forgotten passwords

12. What is the difference between symmetric and asymmetric encryption?

In symmetric encryption, the same encryption key is used for both encoding and decoding the information that is to be kept secret. While in asymmetric encryption, the scheme uses different keys for encrypting and decrypting messages. Each user has a public and private key in asymmetric encryption.

15. What are the four different levels in a system where data may be encrypted?

Application

Database

Files

Media

18. What is ‘privacy’?

Privacy is a social concept that is the collection, dissemination, and appropriate use of personal information held by a third party. The importance of privacy has changed over time and everyone has their own views on what degree of privacy is important.

3. Explain what is meant by ‘fault avoidance’.

Fault avoidance means you use a programming style that reduces the chances of making mistakes that would introduce faults into your program. Your program should be easy to read so that people can easily understand the code.

6. Why does increased complexity lead to program errors?

Complexity leads to programming errors because of the way that our brains work. We use our short-term memory to work things out. If we keep things simple, we can retain more information in short-term memory and so reduce the chances of errors.

9. Why is it important to avoid deep inheritance hierarchies?

The problem with deep inheritance is that if you want to make changes to a class, you have to look at all of its superclasses to see where it is best to make the change. You also have to look at all of the related subclasses to check that the change does not have unwanted consequences. It’s easy to make mistakes when you are doing this analysis and introduce faults into your program.

12. What is ‘program refactoring’?

Refactoring means changing a program to reduce its complexity without changing the external behavior of that program. Refactoring makes a program more readable and understandable. It also makes the program easier to change, which means that you reduce the chances of making mistakes when you introduce new features.

15. List four ways of implementing input validation.

1. Built in validation functions 

2. Type coercion functions 

3. Explicit comparisons 

4. Regular expressions 

18. What are the three most important categories of software failure?

1. Data failures 

2. Program exceptions 

3. Timing failures 

3. Apart from functional testing, list three other types of program testing.

User testing

Performance and load testing

Security testing

6. What is an equivalence partition? Give an example.  

Equivalence partitions are sets of inputs that will be treated in the same way in your code. You should also include inputs that will not produce the correct values. An example is if your program only accepts numbers 1-100 as valid inputs. You should test how your program handles inputs like 1, 50, etc. You should also enter inputs like –7 and 200 to test the error handling measures.

9. What four things is system testing concerned with?

1. Testing to discover if there are unexpected and unwanted interactions between the features in a system 

2. Testing to discover if the system features work together effectively to support what users really want to do with the system 

3. Testing the system to make sure it operates in the expected way in the different environments where it will be used 

4. Testing the responsiveness, throughput, security, and other quality attributes of the system 

12. Briefly outline a commonly used structure for an executable test.

Usually the structure of executables tests are in three parts:  

1. Arrange: Set up the system to run the test 

2. Action: Call the unit that is being tested with the test parameters 

3. Assert: Make an assertion about what should hold if the unit being tested has executed successfully 

15. What is test-driven development?  

Test-driven development is an approach to program development that is based on the idea that you should write an executable test or tests for code that you are writing before you write the code.

18. Give five examples of security risks.

1. Authorized individual accesses resources that are forbidden to that person 

2. Authentication system fails to detect unauthorized attacker 

3. Attacker gains access to database using SQL poisoning attack 

4. Confidential data are unencrypted 

5. Encryption keys are leaked to potential attackers