Software security is developed to address which of the following types of communication threats?
- A . Intentional attacks
- B . Unintentional attacks
- C . Physical attacks
- D . Natural disasters
A
Explanation:
Software security is designed to protect systems and data from various types of communication threats.
These threats can be categorized as:
Intentional Attacks: These are deliberate actions taken by malicious individuals or groups aiming to exploit software vulnerabilities for gain, disruption, or espionage. Examples include hacking, phishing, and malware attacks.
Unintentional Attacks: These are accidental events that can cause security breaches, such as user errors or software bugs.
Physical Attacks: These involve physical actions against hardware that can affect software, like theft or damage.
Natural Disasters: Events such as earthquakes or floods that can physically damage systems and cause software failures.
Among these, software security primarily addresses intentional attacks. The focus is on preventing unauthorized access, data breaches, and other forms of cyber attacks.
Reference: "Software Security: Building Security In" by Gary McGraw
NIST Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations
Which of the following activities should be classified as an internal failure cost?
- A . Responding to customer satisfaction
- B . Completing an internal audit
- C . Shipping a maintenance build
- D . Investigating the cause of build defects
D
Explanation:
Internal failure costs are costs associated with defects found before the product reaches the customer.
These costs include:
Investigation of defects: Identifying and analyzing defects within the development process.
Rework: Fixing defects found during internal testing or audits.
Scrap: Discarding defective parts or products.
Downtime: Halting production or development to address defects.
Among the given options, investigating the cause of build defects is an internal failure cost because it pertains to finding and analyzing issues within the software before it is released to customers.
Reference: "Quality Planning and Analysis" by J.M. Juran and F.M. Gryna "Total Quality Management" by Besterfield et al.
Which of the following measures would a project manager use to assess the team’s progress against the project schedule?
- A . Function point metric
- B . Earned value analysis
- C . SMART metrics
- D . COCOMO H Model
B
Explanation:
Earned Value Analysis (EVA) is a project management technique used to measure project performance and progress. It integrates project scope, time, and cost data to provide accurate forecasts of project performance.
Planned Value (PV): The estimated value of work planned to be done.
Earned Value (EV): The value of work actually completed.
Actual Cost (AC): The actual cost incurred for the completed work.
Using these metrics, EVA can help project managers assess whether they are ahead or behind schedule and within or over budget.
Reference: "Project Management: A Systems Approach to Planning, Scheduling, and Controlling" by Harold Kerzner
PMBOK Guide by Project Management Institute (PMI)
What type of information should a project’s configuration status accounting communicate?
- A . Budget updates for the project
- B . Changes to the project plan
- C . Activity on baselined items
- D . Change control board minutes
C
Explanation:
Configuration Status Accounting (CSA) involves recording and reporting the status of configuration items throughout the lifecycle of a project.
This includes:
Status of Configuration Items: Information about the current state of items, including version numbers and change histories.
Baselined Items: Items that have been formally approved and serve as a basis for further development.
Changes and Updates: Documenting any modifications made to the baselined items.
CSA ensures that all stakeholders are informed about the status and history of configuration items.
Reference: "Software Configuration Management Patterns: Effective Teamwork, Practical Integration" by Stephen P. Berczuk and Brad Appleton
IEEE Standard for Software Configuration Management Plans (IEEE Std 828)
Which of the following problem-solving tools is most appropriate for breaking down ideas into progressively greater detail?
- A . Tree diagram
- B . Matrix diagram
- C . Affinity diagram
- D . Relationship diagram
A
Explanation:
A tree diagram is a tool used to break down broad categories into finer levels of detail. It is particularly useful for:
Hierarchical Decomposition: Breaking down complex ideas or processes into manageable sub-components.
Problem Solving: Identifying root causes and exploring solutions systematically.
Project Planning: Defining tasks and sub-tasks in a structured manner.
The tree diagram starts with a single node and branches out into multiple nodes, each representing a more detailed aspect of the main topic.
Reference: "The Quality Toolbox" by Nancy R. Tague
"The Memory Jogger II: A Pocket Guide of Tools for Continuous Improvement and Effective Planning"
by Michael Brassard and Diane Ritter
When a software change order is reviewed by the change control board (CCB), it is assigned a status from which of the following sets of classifications?
- A . Accepted, evaluated, m progress
- B . Approved, disapproved, deferred
- C . Escalated, rejected, in progress
- D . Escalated, proposed, accepted
B
Explanation:
When a software change order is reviewed by the Change Control Board (CCB), it undergoes a formal assessment to determine the impact and feasibility of the change.
The CCB typically assigns one of the following statuses:
Approved: The change is accepted and will be implemented.
Disapproved: The change is rejected and will not be implemented.
Deferred: The decision on the change is postponed, often pending further information or consideration.
These classifications help in managing changes systematically, ensuring only feasible and beneficial
changes are made to the software system.
Reference: IEEE Standard for Configuration Management in Systems and Software Engineering (IEEE Std 828-2012)
Software Engineering Body of Knowledge (SWEBOK)
Coverage monitors are used during which of the following types of testing?
- A . Black-box
- B . White-box
- C . Stress
- D . Equivalence partitioning
B
Explanation:
Coverage monitors are tools used to measure the extent to which the source code of a program is executed when a particular test suite runs. This is a key aspect of white-box testing, which involves testing the internal structures or workings of an application, as opposed to its functionality (which is the focus of black-box testing).
Coverage monitoring helps in identifying parts of the code that are not executed by a set of test cases, ensuring thorough testing and identifying untested paths.
Reference: "Software Testing: Principles and Practices" by Naresh Chauhan "Software Testing Techniques" by Boris Beizer
Which of the following libraries would be most appropriate for a tester to use when experimenting with different test case designs?
- A . Static
- B . Backup
- C . Dynamic
- D . Controlled
C
Explanation:
The lead auditor acts as the final arbitrator for any audit-related issues that cannot be handled at a lower level. This individual is responsible for the overall conduct of the audit, ensuring that the audit is performed according to the plan and that all findings are appropriately addressed and resolved. The lead auditor has the authority to make final decisions on disputes or issues that arise during the audit process, ensuring objectivity and adherence to audit standards.
Reference: ISO 19011: Guidelines for Auditing Management Systems
"Internal Auditing: Assurance & Advisory Services" by Urton L. Anderson, Michael J. Head, et al.
Which of the following roles acts as the final arbitrator for any audit-related issues that cannot be handled at a lower level?
- A . The client
- B . The auditee
- C . Lead auditor
- D . Auditee management
Static analysis tools are used to evaluate
- A . requirements and design
- B . software builds and test cases
- C . test procedures and packaging
- D . documentation and source code
D
Explanation:
Static analysis tools are used to evaluate documentation and source code. These tools analyze the code without executing it, looking for potential errors, coding standard violations, security vulnerabilities, and other issues.
By reviewing the source code and associated documentation, static analysis helps in identifying problems early in the development process, improving code quality and reducing the likelihood of defects in the final product.
Reference: "Code Complete: A Practical Handbook of Software Construction" by Steve McConnell
"Static Analysis: Results from the Static Analysis Tool Exposition (SATE) IV" by Paul E. Black, Elizabeth Fong, et al.
Which of the following corrective actions is the first action to take when a project experiences a significant deviation on baselined budgets, baselined schedules, or required quality levels?
- A . Add resources and continue with the plan.
- B . Cancel the project because of the deviation.
- C . Create a new baseline and continue with the plan.
- D . Realign project actuals and continue with the plan.
D
Explanation:
When a project experiences significant deviations from baselined budgets, schedules, or quality levels, the first corrective action should be to realign project actuals and continue with the plan.
This involves:
Assessing the Deviation: Understanding the root cause and impact of the deviation on the project.
Adjusting the Plan: Making necessary adjustments to realign the project with its original goals.
Updating Stakeholders: Keeping stakeholders informed about the changes and the new plan. Monitoring Progress: Continuously monitoring the project’s progress to ensure it remains on track after the adjustments.
This approach allows the project to stay aligned with its original objectives while addressing the issues causing the deviations.
Reference: PMBOK Guide by Project Management Institute (PMI)
"Project Management: A Systems Approach to Planning, Scheduling, and Controlling" by Harold Kerzner
A software quality engineer (SQE > is testing software in a system used to monitor critically ill patients and administer dosages of life-sustaining medicines Tests reveal a flaw that could result in an unscheduled shutdown under certain circumstances. Ox er the SQE’s verbal and written objections: the director of engineering decides to ship the system. The SQE knows from experience that "whistle-blowers" in the company have lost their jobs The most appropriate next step for the SQE would be to
- A . gam support from workers
- B . inform the customer
- C . discuss with top management
- D . remain silent
C
Explanation:
In a situation where a software quality engineer (SQE) identifies a critical flaw and the immediate superior decides to proceed despite the risk, the most appropriate next step is to discuss the issue with top management.
This involves:
Documenting the Issue: Clearly outlining the flaw, its potential impact, and the SQE’s objections. Escalating the Concern: Bringing the issue to the attention of higher management levels who have the authority to reconsider the decision.
Focusing on Safety: Emphasizing the critical nature of the flaw, especially in a system used for monitoring critically ill patients.
This step ensures that the concerns are heard at the highest level, potentially preventing a decision that could endanger lives and the company’s reputation.
Reference: "Software Quality Assurance: Principles and Practice" by Nina S. Godbole IEEE Code of Ethics
Which of the following activities is classified as data collection and storage?
- A . Installing and administering data technology
- B . Supporting data technology usage and related issues
- C . Confirming adequacy, uniqueness, and consistency of data
- D . Providing mechanisms that support data availability requirements
C
Explanation:
Data collection and storage activities are focused on ensuring that the data is adequate, unique, and consistent.
This involves:
Adequacy: Ensuring that the collected data meets the necessary requirements for its intended use.
Uniqueness: Verifying that the data is not duplicated and is uniquely identifiable.
Consistency: Ensuring that the data is consistent across different datasets and over time.
These activities are critical for maintaining the integrity and reliability of the data, which is essential
for effective data analysis and decision-making.
Reference: "Data Quality: The Accuracy Dimension" by Jack E. Olson "Data Management for Researchers" by Kristin Briney
The software configuration management (SCM) planning process includes
- A . identifying; analyzing; and mitigating SCM risks
- B . establishing and documenting SCM policies for the organization
- C . monitoring the performance and effectiveness of SCM processes
- D . defining the specific SCM roles and responsibilities for the project
D
Explanation:
The software configuration management (SCM) planning process includes defining the specific SCM roles and responsibilities for the project.
This involves:
Role Identification: Identifying all roles related to SCM, such as SCM Manager, SCM Engineer, and Configuration Librarian.
Responsibility Assignment: Clearly defining the responsibilities associated with each role. Documentation: Documenting these roles and responsibilities in the SCM plan to ensure clarity and accountability.
This step is crucial for establishing a clear framework for managing configuration items and changes throughout the project lifecycle.
Reference: "Software Configuration Management Patterns: Effective Teamwork, Practical Integration" by Stephen P. Berczuk and Brad Appleton IEEE Standard for Software Configuration Management Plans (IEEE Std 828)
Which of the following is a management practice that will provide business continuity?
- A . Creating and documenting a business continuity’ plan
- B . Defining an organizational policy for business continuity
- C . Analyzing and assessing the organization for business continuity’
- D . Identifying and selecting appropriate strategies for business continuity
A
Explanation:
A management practice that will provide business continuity involves creating and documenting a business continuity plan.
This includes:
Risk Assessment: Identifying potential risks and their impact on business operations.
Strategy Development: Developing strategies to mitigate identified risks and ensure continuity of critical business functions.
Documentation: Documenting the continuity plan, including detailed procedures and guidelines for response and recovery.
Training and Testing: Training employees on the plan and regularly testing the plan to ensure its effectiveness.
A well-documented business continuity plan ensures that an organization can maintain or quickly resume its critical functions during and after a disruption.
Reference: "Business Continuity and Disaster Recovery Planning for IT Professionals" by Susan Snedaker
ISO 22301:2019, Security and resilience C Business continuity management systems C Requirements
One advantage of outsourcing is that it allows the primary company to
- A . focus resources on its core competencies
- B . redirect its resources on new product development
- C . reduce the cost of ongoing training
- D . eliminate the need for a skills-based workforce
A
Explanation:
Outsourcing is a business practice where a company hires an external organization to perform tasks, handle operations, or provide services. One key advantage of outsourcing is that it allows the primary company to focus its resources on its core competencies. By delegating non-core activities to external specialists, the company can concentrate on what it does best, thereby enhancing efficiency, innovation, and competitive advantage in its primary market.
Reference: "The Outsourcing Revolution" by Michael F. Corbett IEEE Software Engineering Body of Knowledge (SWEBOK), Chapter on Software Engineering Management
A software maintenance release is conducted to deliver new
- A . features
- B . functionality
- C . defect corrections
- D . software products
A
Explanation:
Outsourcing is a business practice where a company hires an external organization to perform tasks, handle operations, or provide services. One key advantage of outsourcing is that it allows the primary company to focus its resources on its core competencies. By delegating non-core activities to external specialists, the company can concentrate on what it does best, thereby enhancing efficiency,
innovation, and competitive advantage in its primary market.
Reference: "The Outsourcing Revolution" by Michael F. Corbett IEEE Software Engineering Body of Knowledge (SWEBOK), Chapter on Software Engineering Management
Which of the following documents must be under configuration control?
- A . Problem issues
- B . Control chains
- C . Test procedures
- D . Burn charts
C
Explanation:
Test procedures must be under configuration control to ensure that all testing activities are performed consistently and according to the specified standards. Configuration control involves managing changes systematically so that the integrity and traceability of the testing process are maintained. This helps in ensuring that the tests are repeatable and that any changes in the procedures are documented and approved.
Reference: "Configuration Management Principles and Practice" by Anne Mette Jonassen Hass IEEE Standard for Configuration Management in Systems and Software Engineering (IEEE Std 828-2012)
Which of the following software metrics is based on a nominal scale-1
- A . Root cause of defect, logic error data definition, etc
- B . Severing of a defect, critical, major, minor, etc.
- C . Defect density: number per function point, etc.
- D . Defect discovery rate: number detected per day, etc.
A
Explanation:
Nominal scales are used in measurement to categorize data without any order or priority. They are the simplest form of measurement scale and are used to group items into distinct categories based on names or labels123.
Root cause of defect (Option A): This fits the nominal scale as it involves categorizing defects based on their root causes, such as logic errors or data definitions. These categories are mutually exclusive and do not have a natural order1.
Severity of a defect (Option B): This is an example of an ordinal scale, not a nominal scale. The severity levels (critical, major, minor) imply a ranking or order of importance or impact2. Defect density (Option C): This metric uses a ratio scale as it involves a quantitative measure (number of defects) relative to the size of the software (function points), which has a true zero point and allows for meaningful comparisons between measurements2.
Defect discovery rate (Option D): This is also a ratio scale because it measures the rate of defect detection over time (number detected per day), which is a quantitative assessment that allows for arithmetic operations
A software developer is replacing a higher level code with a test code that establishes a function and passes test data to that function.
What type of test environment is the developer using
- A . Regression
- B . Static
- C . Driver
- D . Stub
C
Explanation:
In software testing, a driver is a piece of code that replaces a higher-level module to test a lower-level module by establishing a function and passing test data to that function. Drivers are used in bottom-up integration testing to simulate the behavior of higher-level modules that have not yet been developed or integrated.
Reference: "Software Testing and Quality Assurance: Theory and Practice" by Kshirasagar Naik and Priyadarshi Tripathy IEEE Standard for Software Unit Testing (IEEE Std 1008-1987)
Which of the following types of audits is most often based on customer requirements?
- A . Process
- B . Product
- C . System
- D . Quality
B
Explanation:
Product audits are often based on customer requirements because they focus on verifying that the final product meets the specified requirements and expectations of the customer. The objective is to ensure that the product is fit for its intended use and meets the agreed-upon standards and specifications. This type of audit typically involves examining the product itself, its performance, and its documentation to ensure compliance with customer requirements.
In which of the following ways do metadata requirements guarantee everyone is interpreting data consistently?
- A . It ensures that everyone who has access to the data has a consistent under standing of its meaning and use.
- B . It ensures that data is managed, maintained, and used appropriately through its lifecycle by creating traceability
- C . it ensures that the data structure remains consistent by making certain that data are correctly classified and stored.
- D . It ensures that quality standards are met by helping organizations better assess potential risks related to data security.
A
Explanation:
Metadata requirements help guarantee consistent interpretation of data by providing a standardized definition and context for data elements. This includes descriptions, formats, and usage guidelines that ensure anyone accessing the data understands its meaning and how it should be used. Consistent metadata prevents misinterpretation and ensures that data remains reliable and useful across different users and systems.
Test data requirements
- A . include mechanisms for defining when, and for how long, each test data item is needed
- B . allow test data items to be reusable so that the same tests can be executed multiple times
- C . describe the data items and their characteristics and properties needed to execute the tests
- D . act as a single source of content for multiple testers to find and use existing test data items
C
Explanation:
Test data requirements describe the specific data needed to execute test cases effectively. This includes defining the characteristics and properties of data items, such as format, type, and values. Properly describing test data ensures that tests can be executed accurately and consistently, which is crucial for validating software functionality and performance.
Which of the following baselines is typically established after completion and approval of system requirements?
- A . Product
- B . Allocated
- C . Functional
- D . Development
C
Explanation:
The functional baseline is typically established after the completion and approval of system requirements. This baseline includes the functional requirements and specifications that describe what the system is supposed to do. It serves as a reference point for further development and testing, ensuring that all subsequent work aligns with the agreed-upon functional requirements.
Which of the following benefits is associated with using the iterative model?
- A . It can be tailored to the needs of the project and organization.
- B . It does not require knowledge of all the requirements up front.
- C . It correlates directly to the deliverables of software development.
- D . It focuses on exploring options early by feedback through prototyping
B
Explanation:
The iterative model benefits projects by allowing development to start without having all the requirements fully defined upfront. This model supports ongoing refinement through repeated cycles (iterations) of planning, development, and feedback. Each iteration builds upon previous work, allowing teams to adapt to changes and new information, which is particularly useful in projects with evolving requirements or high uncertainty.
Which of the following must be included in a software defect report to track detection effectiveness?
- A . Who found the defect
- B . The phase the defect was introduced
- C . Root cause of the defect
- D . Software component containing the defect
B
Explanation:
Purpose of Tracking Defects: The goal is to understand not only where defects are found but also where they originate. This allows for better prevention strategies and process improvements. Importance of Defect Introduction Phase: Knowing the phase where the defect was introduced helps in pinpointing weak areas in the development process. This can lead to targeted improvements.
Effectiveness in Detection: To effectively track detection efficiency, it is crucial to map defects back to their introduction phase to analyze and optimize earlier phases for defect prevention.
When a team is defining a software metrics program, which of the following steps must be taken first?
- A . Determine what data to collect.
- B . Collect preliminary data
- C . Establish the data collection goal.
- D . Select the metrics to report
C
Explanation:
Setting Goals: Before data can be effectively collected and utilized, it’s essential to have clear goals. This ensures that the data collection process is aligned with the organization’s objectives. Importance of Goals: Establishing the data collection goal ensures that the team collects relevant and meaningful data, which can be analyzed to improve processes and products.
Sequential Process: After setting goals, the team can then determine what specific data to collect, how to collect it, and which metrics to report. This ensures a systematic approach to metrics program development.
An organization uses the plan-do-check-act (PDCA) cycle to align its processes to an international quality standard, which of the following activities would be performed during the "act" step?
- A . Identifying actions to be performed during the pilot
- B . Performing internal audits of the system
- C . Making quality system revisions
- D . Documenting the problems to present to management
C
Explanation:
PDCA Cycle Overview: The Plan-Do-Check-Act (PDCA) cycle is a continuous improvement process used to align processes with quality standards.
Act Phase: In the ‘Act’ step, the organization acts on the findings from the ‘Check’ step to implement changes that improve the process. This typically involves making revisions to the quality system. Quality Improvements: By making revisions based on the findings from audits and performance evaluations, the organization continuously improves its processes and aligns them better with international standards.
Ideas and exclusive rights for novel inventions can be protected for a limited time through
- A . patents
- B . copyrights
- C . license
- D . trademark
A
Explanation:
Definition of Patents: Patents provide legal protection for new inventions, granting the inventor exclusive rights to use and commercialize the invention for a certain period.
Purpose of Patents: They prevent others from making, using, or selling the invention without permission, thus protecting the intellectual property of the inventor.
Other Forms of IP Protection: While copyrights, licenses, and trademarks also protect intellectual property, they do not specifically cover novel inventions in the same way patents do.
When the number of failures found during acceptance testing is compared to the number of failures found after release, the result is a measure of
- A . test effectiveness
- B . test coverage
- C . product maintainability
- D . measurement efficiency
A
Explanation:
Measuring Test Effectiveness: This involves comparing the number of defects found during testing phases to those found after release.
Importance of Test Effectiveness: It provides insight into how well the testing process is identifying defects before the product reaches the customer.
Impact on Quality: High test effectiveness means most defects are caught during testing, leading to higher quality products and fewer post-release issues.
During what time period is the software configuration management plan implemented?
- A . From the requirements phase through the maintenance phase of the software lifecycle
- B . After the software product is placed into production
- C . From the requirements phase through the testing phase of the software lifecycle
- D . During the code generation phase of the lifecycle
A
Explanation:
The software configuration management plan (SCMP) is implemented from the requirements phase through the maintenance phase of the software lifecycle. This comprehensive approach ensures that all changes to software artifacts are systematically controlled and tracked throughout the lifecycle, from initial requirements gathering, through development and testing, and into maintenance and updates after deployment. Effective configuration management helps maintain consistency, traceability, and control over software changes, which is crucial for maintaining software quality and compliance.
Which of the following is a responsibility of a lead auditor?
- A . Submitting the audit report
- B . Determining the scope of the audit
- C . Determining the corrective actions required
- D . Performing the initial review of the quality system
B
Explanation:
The lead auditor is responsible for determining the scope of the audit. This involves defining the boundaries of the audit, including which processes, departments, and activities will be examined. The lead auditor ensures that the audit objectives are clear and that the audit plan effectively covers the necessary areas to assess compliance and performance against specified standards and requirements.
A company uses a feature rating system with the following values.
1 = Completely dissatisfied
2 = Somewhat dissatisfied
3 = Neither satisfied nor dissatisfied
4 = Somewhat satisfied
5 = Completely satisfied
This rating system is based on what type of measurement scale?
- A . Nominal
- B . Ordinal
- C . Interval
- D . Ratio
B
Explanation:
The feature rating system described (1 = Completely dissatisfied, 2 = Somewhat dissatisfied, 3 = Neither satisfied nor dissatisfied, 4 = Somewhat satisfied, 5 = Completely satisfied) is based on an ordinal measurement scale. Ordinal scales categorize data into distinct groups that have a meaningful order or ranking, but the intervals between the ranks are not necessarily equal. In this case, the ratings provide a rank order of satisfaction levels.
Which of the following benefits is related to DevOps when it is used to facilitate development activities?
- A . Reducing time to market
- B . Minimizing software releases
- C . Increasing return on investment
- D . Standardizing organizational processes
A
Explanation:
DevOps facilitates development activities by reducing time to market. DevOps practices integrate development and operations, promoting continuous integration, continuous delivery, and automation of deployment processes. This streamlines the software development lifecycle, allowing for faster and more reliable releases, which ultimately reduces the time it takes to deliver new features and updates to customers.
At what point in the development lifecycle should change control be implemented?
- A . During the requirements phase
- B . During the implementation phase
- C . At the beginning of the design phase
- D . When the testing phase begins
A
Explanation:
Change control should be implemented during the requirements phase of the development lifecycle. Early implementation of change control ensures that any changes to the requirements are managed systematically from the outset, maintaining traceability and minimizing the risk of scope creep. This helps ensure that all subsequent phases of the project are based on well-documented and approved requirements, contributing to overall project stability and quality.
Which of the following steps comes first during release planning for waterfall-type projects?
- A . Define the scope of the software being developed.
- B . Determine which problems will be corrected in the next release.
- C . Select the set of requirements that will be included in the release.
- D . Confirm the implemented software meets the specified requirements.
A
Explanation:
Scope Definition: In the waterfall model, the first step in release planning is to define the scope of the software. This involves understanding what the software is supposed to do, the boundaries of the project, and the major features and functionalities to be included.
Importance of Scope: Defining the scope provides a clear understanding and agreement among stakeholders about what the project will deliver, preventing scope creep and ensuring all parties are aligned.
Reference: Software Engineering Body of Knowledge (SWEBOK) and IEEE standards emphasize the importance of scope definition as an initial phase in project planning.
Which of the following actions can a company take to reduce the risk associated with integrating a commercial off-the-shelf (COTS) spreadsheet package into its own software product?
- A . Require the vendor to adhere to the keens mg agreement for product fixes.
- B . Audit the vendor’s quality- system.
- C . Require the vendor to place the object code into escrow.
- D . Test the product to determine whether it satisfies critical functions.
D
Explanation:
Risk Mitigation: Testing the COTS product to ensure it meets critical functions is essential to mitigate risks associated with its integration into the existing software.
Critical Function Verification: This step ensures that the COTS product can handle the required operations reliably and effectively within the existing system.
Best Practices: According to industry best practices, thorough testing is crucial for identifying potential issues early and ensuring compatibility and functionality.
The following graph depicts errors per 1,000 lines of code (KLOC) for modules S, T, U, and V.
The program manager should be most concerned about which module?
- A . S
- B . T
- C . U
- D . V
C
Explanation:
Error Analysis: Module U has the highest total number of errors per KLOC, with significant issues in header comments (H), commented out code (C), and data initialization errors (D).
Quality Concern: The high error rate indicates potential underlying quality issues in Module U that need to be addressed to improve overall software quality.
Prioritization: According to defect prioritization guidelines, modules with the highest error rates should be investigated and corrected first to mitigate risks and improve reliability.
To increase the likelihood of the success of a software project, the project plan should meet which of the following requirements?
- A . It should be completed before the project activities begin.
- B . It should be reviewed and updated at each phase of the project.
- C . It should be developed by an independent software developer
- D . It should be approved by the steering committee.
B
Explanation:
Dynamic Planning: A project plan that is reviewed and updated at each phase ensures that it remains relevant and accurate, reflecting any changes in scope, resources, or timelines. Continuous Improvement: Regular updates allow for continuous improvement and alignment with project goals and stakeholder expectations.
Standards and Guidelines: Project management standards, such as those outlined by the Project Management Institute (PMI), advocate for iterative review and updating of project plans.
In the archival process, retention of historical records is
- A . not required
- B . set for at least 2 years
- C . needed for all documents
- D . specified by the organization
D
Explanation:
Organizational Policies: The retention of historical records is typically governed by organizational policies, which are designed to comply with legal, regulatory, and business requirements. Retention Periods: These policies specify the duration for which records need to be retained, ensuring that important historical data is available for future reference, audits, and compliance checks.
Reference: Industry standards and guidelines, such as those from ISO and regulatory bodies, provide frameworks for establishing record retention policies tailored to organizational needs.
Which of the following categories describes acquirer-type stakeholders?
- A . Distributors: developers, suppliers
- B . Distributors, suppliers, users
- C . Indirect user, direct user, customers
- D . Indirect user, direct user, distributor
C
Explanation:
Acquirer-type stakeholders are those who acquire the software or service, which typ y includes both indirect and direct users, as well as customers. These stakeholders are directly involved in the acquisition and usage of the software, making them key participants in determining requirements and evaluating the final product.
Reference: IEEE 12207 standard for software lifecycle processes, which defines stakeholders in software acquisition and development.
Which of the following categories describes acquirer-type stakeholders?
- A . Distributors: developers, suppliers
- B . Distributors, suppliers, users
- C . Indirect user, direct user, customers
- D . Indirect user, direct user, distributor
C
Explanation:
Acquirer-type stakeholders are those who acquire the software or service, which typ y includes both indirect and direct users, as well as customers. These stakeholders are directly involved in the acquisition and usage of the software, making them key participants in determining requirements and evaluating the final product.
Reference: IEEE 12207 standard for software lifecycle processes, which defines stakeholders in software acquisition and development.
Which of the following categories describes acquirer-type stakeholders?
- A . Distributors: developers, suppliers
- B . Distributors, suppliers, users
- C . Indirect user, direct user, customers
- D . Indirect user, direct user, distributor
C
Explanation:
Acquirer-type stakeholders are those who acquire the software or service, which typ y includes both indirect and direct users, as well as customers. These stakeholders are directly involved in the acquisition and usage of the software, making them key participants in determining requirements and evaluating the final product.
Reference: IEEE 12207 standard for software lifecycle processes, which defines stakeholders in software acquisition and development.
Which of the following categories describes acquirer-type stakeholders?
- A . Distributors: developers, suppliers
- B . Distributors, suppliers, users
- C . Indirect user, direct user, customers
- D . Indirect user, direct user, distributor
C
Explanation:
Acquirer-type stakeholders are those who acquire the software or service, which typ y includes both indirect and direct users, as well as customers. These stakeholders are directly involved in the acquisition and usage of the software, making them key participants in determining requirements and evaluating the final product.
Reference: IEEE 12207 standard for software lifecycle processes, which defines stakeholders in software acquisition and development.
Which of the following categories describes acquirer-type stakeholders?
- A . Distributors: developers, suppliers
- B . Distributors, suppliers, users
- C . Indirect user, direct user, customers
- D . Indirect user, direct user, distributor
C
Explanation:
Acquirer-type stakeholders are those who acquire the software or service, which typ y includes both indirect and direct users, as well as customers. These stakeholders are directly involved in the acquisition and usage of the software, making them key participants in determining requirements and evaluating the final product.
Reference: IEEE 12207 standard for software lifecycle processes, which defines stakeholders in software acquisition and development.
5-19.5
Which of the following statements describes these class intervals most accurately?
- A . They are appropriate.
- B . They are unrelated to the data set
- C . They fail to describe the full range of data
- D . They should be whole numbers since the data are whole numbers
A
Explanation:
The class intervals 11.5-13.5, 13.5-15.5, 15.5-17.5, and 17.5-19.5 are appropriate for representing the given data set in a histogram. These intervals cover the entire range of the data, ensuring each data point falls within a specific interval, and they are consistent in width, which is crucial for accurate histogram representation.
Reference: Statistical analysis and data representation guidelines which recommend using class intervals that encompass all data points and maintain equal widths.
A software project requires data to be secure due to export control regulations The software project needs to be running on the client’s virtual machines, and the client does not want to connect to the software through their enterprise VPN.
Which of the following cloud ownership and service model combinations should the client use?
- A . A public cloud and software as a service
- B . A community- cloud and platform as a service
- C . A private cloud and infrastructure as a service
- D . A virtual private cloud and software as a service
C
Explanation:
For secure data handling due to export control regulations, running on the client’s virtual machines without connecting through an enterprise VPN, the combination of a private cloud and infrastructure as a service (IaaS) is suitable. This setup allows the client to have dedicated infrastructure and control over their data environment, ensuring compliance with security and regulatory requirements.
Reference: NIST SP 800-145, which provides guidelines on cloud computing and defines private cloud and IaaS models for enhanced security and control.
A software requirements specification (SRS) for software that is part of multiple systems should include which of the following elements?
- A . Training requirements
- B . System quality characteristics
- C . Physical requirements
- D . External interfaces
D
Explanation:
A software requirements specification (SRS) for software that is part of multiple systems should include external interfaces. This ensures that the software can interact correctly with other systems and components, defining how the software will communicate with other systems, devices, or external data sources.
Reference: IEEE 830-1998 standard for software requirements specifications, which outlines the importance of specifying external interfaces in the SRS.
Under which of the following major Cost of Quality categories would testing a software upgrade be classified?
- A . Appraisal
- B . Prevention
- C . Internal failure
- D . External failure
A
Explanation:
Testing a software upgrade is classified under the appraisal category of the Cost of Quality. Appraisal costs are associated with evaluating and measuring the quality of products through testing and inspection to ensure they meet quality standards and specifications.
Reference: ISO 9001:2015 quality management principles and ASQ (American Society for Quality) definitions of Cost of Quality, which categorize testing activities as appraisal costs.
Which of the following types of tests should be run on an installation of a new client server development environment that has 2 to 25 users in order to ensure it meets the company’s requirements?
- A . Maintainability tests
- B . Boundary value tests
- C . Efficiency tests
- D . Performance tests
D
Explanation:
Performance tests are essential for ensuring that a new client-server development environment can handle the expected load and perform adequately with 2 to 25 users. These tests help evaluate how the system performs under various conditions, such as peak load times and typical usage scenarios, ensuring that it meets the company’s performance requirements. By running performance tests, you can identify potential bottlenecks, optimize resource usage, and ensure that the system can scale effectively.
In a software development company, which of the following authorities is responsible for establishing the company’s quality policies?
- A . Senior management
- B . Quality management
- C . Engineering development teams
- D . A cross-functional ream of developers and managers
A
Explanation:
Senior management is responsible for establishing the company’s quality policies. They set the strategic direction and ensure that quality objectives align with the overall business goals. Senior management’s commitment to quality is crucial as it drives the organization’s culture, resources allocation, and priorities, ensuring that quality practices are integrated into the development processes.
Reference: ISO 9001:2015 standard, which emphasizes the role of top management in establishing
and supporting the quality management system.
The modules in the following table were all created two years ago as part of the same software project
Current Cyclomatic
Module Version Complexity
Which module is the most likely candidate for reengineering?
- A . Option a
- B . Option b
- C . Option c
- D . Option d
B
Explanation:
Reengineering a software module typically involves assessing various factors such as code complexity, maintainability, performance requirements, and the age of the platform. The goal is to identify modules that are costly to maintain, difficult to understand, or are becoming obsolete due to platform changes12.
Cyclomatic Complexity: This is a quantitative measure of the number of linearly independent paths through a program’s source code. A higher cyclomatic complexity indicates a more complex and potentially less maintainable module2.
Looking at the table provided:
Module A has a version number of 12 and a cyclomatic complexity of 9.
Module B has a version number of 3 and a cyclomatic complexity of 21.
Module C has a version number of 9 and a cyclomatic complexity of 4.
Module D has a version number of 11 and a cyclomatic complexity of 20.
Given these details, Module B stands out as the most likely candidate for reengineering for the following reasons:
It has the highest cyclomatic complexity (21), which suggests that the code is highly complex and may be difficult to maintain or extend2.
The version number being 3 indicates that it has undergone fewer iterations of updates or fixes compared to the other modules, which might imply that it has legacy code that could benefit from reengineering.
Which of the following describes when a test plan should be changed?
- A . After product stability has been assessed
- B . After changes to the design specifications
- C . After each code review
- D . When the configuration management tool is updated
B
Explanation:
A test plan should be changed after changes to the design specifications. This ensures that the tests remain relevant and accurately reflect the new design and functionality of the software. Keeping the test plan updated with design changes helps ensure comprehensive test coverage and alignment with the project’s requirements.
Reference: IEEE 829-2008 (IEEE Standard for Software and System Test Documentation), which outlines the importance of maintaining an up-to-date test plan to reflect changes in design and requirements.
Which of the following individuals on the Change Control Board (CCB) is responsible for escalating change requests and other issues to a higher level CCB or management?
- A . Chair
- B . Scribe
- C . Member
- D . Screener
A
Explanation:
The Chair of the Change Control Board (CCB) is responsible for escalating change requests and other issues to a higher level CCB or management. The Chair ensures that all changes are properly reviewed and approved, and any significant issues that cannot be resolved at the current level are escalated for further consideration.
Reference: ITIL (Information Technology Infrastructure Library) Change Management guidelines, which describe the roles and responsibilities within the Change Control Board, including the escalation process led by the Chair.
Which of the following capabilities of a configuration management system is involved with constructing a specific build of the software?
- A . Project repository
- B . Release notes
- C . Version management
- D . Issue tracking
C
Explanation:
Version management, also known as version control, is a capability of a configuration management system that deals with tracking and managing changes to software code. It involves creating and maintaining different versions of the software as it is developed and updated. Constructing a specific build of the software relies on selecting the correct versions of the code and other artifacts that are part of that build. Version management ensures that all the changes are properly recorded, and the appropriate versions can be retrieved for constructing specific builds. This capability is essential for reproducibility and consistency in the software development process.
Reference: Sommerville, Ian. "Software Engineering." 10th Edition, Addison-Wesley, 2015.
IEEE Std 828-2012, IEEE Standard for Configuration Management in Systems and Software Engineering.
Which of the roles in an organizational change management core team see the need for change and will help sell it to the organization?
- A . Change sponsors
- B . Change advocates
- C . Official change agents
- D . Informal change agents
A
Explanation:
Change sponsors are typically high-level leaders within an organization who recognize the need for change and are responsible for promoting and supporting the change initiative. They provide the necessary resources, align the change with the organization’s strategic goals, and help to overcome resistance to change by communicating its benefits. Their role is crucial in ensuring the success of change management efforts as they legitimize the change and motivate others within the organization to embrace it.
Reference: Kotter, John P. "Leading Change." Harvard Business Review Press, 1996.
Hiatt, Jeff. "ADKAR: A Model for Change in Business, Government and Our Community." Prosci Learning Center Publications, 2006.
One of the direct benefits of improved software quality is
- A . an improved organizational management structure
- B . a more disciplined development process
- C . a reduction in the number of defects
- D . a reduction in the tools used to evaluate the product
C
Explanation:
One of the direct benefits of improved software quality is a reduction in the number of defects. High-quality software undergoes thorough testing, rigorous quality assurance processes, and adherence to best practices in development, leading to fewer bugs and issues. This results in more reliable and robust software, reduces the need for costly fixes and rework, and enhances user satisfaction and trust in the product.
Reference: Pressman, Roger S. "Software Engineering: A Practitioner’s Approach." 8th Edition, McGraw-Hill, 2014.
IEEE Std 730-2014, IEEE Standard for Software Quality Assurance Processes.
Which of the following factors is important in a software product m terms of its adaptability?
- A . Efficiency
- B . Accessibility
- C . Trainability
- D . Portability
D
Explanation:
Portability refers to the ease with which software can be transferred from one environment to another. It is a critical factor in a software product’s adaptability as it determines how well the software can function across different platforms, operating systems, or hardware configurations. High portability ensures that the software can be easily adapted to new environments without significant modification, thereby extending its usability and market reach.
Reference: ISO/IEC 25010:2011, Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – System and Software Quality Models. Sommerville, Ian. "Software Engineering." 10th Edition, Addison-Wesley, 2015.
Quality function deployment is defined as a
- A . procedure in which code modules with low defect density are identified for reuse
- B . technique for measuring complex metrics by random sampling of functional units
- C . method that provides a framework for relating product features to customer needs
- D . process in which best practices are distributed throughout all levels of an organization
C
Explanation:
Quality Function Deployment (QFD) is a method used to translate customer needs (the voice of the customer) into specific product features (technical requirements). It provides a structured approach for defining customer requirements and transforming them into detailed engineering specifications and plans to produce the products that fulfill those needs. QFD uses tools like the House of Quality matrix to ensure that customer requirements are systematically addressed throughout the product development process.
Reference: Akao, Yoji. "Quality Function Deployment: Integrating Customer Requirements into Product Design." Productivity Press, 1990.
Hauser, John R., and Don Clausing. "The House of Quality." Harvard Business Review, May-June 1988.
Project management has been complaining that code inspections are taking too much time and are not worth the effort. The software manager has to decide whether the inspection program should be continued or disregarded for the upcoming release.
Which of the following factors is critical to the manager s decision?
- A . The resources currently available for development
- B . The estimated impact of inspection on the schedule
- C . The cost of additional testing
- D . The cost of not using inspection
D
Explanation:
The critical factor for the software manager’s decision on whether to continue or disregard the inspection program is the cost of not using inspection. Code inspections are a preventive measure to identify defects early in the development process. The cost of not using inspections can include increased defects in the final product, higher costs for post-release fixes, decreased customer satisfaction, and potentially significant impacts on the company’s reputation. While resources, schedule impact, and additional testing costs are important considerations, the long-term cost implications of not identifying defects early can be far more detrimental.
Reference: Gilb, Tom, and Dorothy Graham. "Software Inspection." Addison-Wesley, 1993.
IEEE Std 1028-2008, IEEE Standard for Software Reviews and Audits.
Which of the following tests should be conducted on software that will be used internationally?
- A . Logical path analysis
- B . Predefined function keys
- C . Boundary value analysis
- D . Test matrices
D
Explanation:
Test matrices are essential for software that will be used internationally because they help organize and manage various test cases and scenarios, including those related to localization and internationalization. Test matrices ensure that all aspects of the software’s functionality, user interface, and performance across different regions and languages are systematically tested. This includes checking date formats, currency symbols, character encoding, and other locale-specific requirements. Logical path analysis, predefined function keys, and boundary value analysis are valuable tests but do not specifically address the comprehensive needs of international software testing.
Reference: Internationalization and localization testing guidelines, ISO/IEC 25051.
Pressman, Roger S. "Software Engineering: A Practitioner’s Approach." 8th Edition, McGraw-Hill, 2014.
As it relates to testing, the phrase "80% coverage" means 80% of the
- A . software is error-free
- B . statements in the program have been tested
- C . planned test cases have been completed
- D . predicted errors have been uncovered
B
Explanation:
The phrase "80% coverage" in testing typically refers to the percentage of statements in the program that have been executed at least once during testing. This is known as statement coverage or code coverage. It is a measure of how much of the code has been exercised by the test suite and is used to assess the thoroughness of the testing efforts. It does not necessarily mean that 80% of the software is error-free, that 80% of planned test cases have been completed, or that 80% of predicted errors have been uncovered, although higher coverage often correlates with better defect detection.
Reference: Kaner, Cem, Jack Falk, and Hung Quoc Nguyen. "Testing Computer Software." 2nd Edition, Wiley, 1999. Myers, Glenford J., Tom Badgett, and Corey Sandler. "The Art of Software Testing." 3rd Edition, Wiley, 2011.
According to the CMMI-DEV VI.3, how many process areas are defined for an organization at Maturity Level 2?
- A . 2
- B . 3
- C . 5
- D . 7
D
Explanation:
According to the CMMI-DEV (Capability Maturity Model Integration for Development) version 1.3, there are 7 process areas defined for an organization at Maturity Level 2. These process areas are Requirements Management, Project Planning, Project Monitoring and Control, Supplier Agreement Management, Measurement and Analysis, Process and Product Quality Assurance, and Configuration Management. These areas focus on establishing basic project management and process discipline.
Reference: CMMI-DEV Version 1.3, CMMI Product Team, Software Engineering Institute (SEI), Carnegie Mellon University, 2010.
"CMMI for Development, Version 1.3," Software Engineering Institute.
Software inspection is best described as a process for
- A . identifying software defects
- B . taking corrective and preventive action to reduce software defects
- C . evaluating the capability of software
- D . supplementing software testing
A
Explanation:
Software inspection is best described as a process for identifying software defects. Inspections involve a detailed examination of software artifacts, such as requirements, design documents, and code, to detect errors and issues early in the development process. The primary goal of inspections is defect detection rather than defect correction, capability evaluation, or testing supplementation.
This proactive approach helps to improve software quality and reduce the cost of fixing defects later in the development cycle.
Reference: Fagan, Michael E. "Design and Code Inspections to Reduce Errors in Program Development." IBM Systems Journal, 1976.
Gilb, Tom, and Dorothy Graham. "Software Inspection." Addison-Wesley, 1993.