1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 136
Выбрать главу

Unattended computer operations are incorrect because they represent a situation where most of computer operational tasks are performed by machines (robots) and less with people.

Unattended software testing is incorrect because testing is conducted by automated test tools without a person watching the testing process. The test tool continues running the test sessions by replaying one or more test scripts. It handles unforeseen circumstances gracefully.

Unattended facsimile machine is incorrect because it can lead to social engineering attacks. The unattended computer operations, software testing, and facsimile machine pose less risk than the unattended computer terminal.

174. What does the most commonly used application program design structure metrics include?

a. Check-in and check-out indicators

b. Fan-in and check-out indicators

c. Fan-in and fan-out metrics

d. Fan-out metrics and check-in indicators

174. c. Fan-in and fan-out are based on program coupling. Fan-in is a count of the number of modules that call a given module, and fan-out is a count of the number of modules that are called by a given module. Both fan-in and fan-out measure program complexity. Check-in and check-out are program change controls where documents or data/program files will have a check-in or check-out indicator in system libraries to prevent their concurrent use by programmers and computer programs.

175. Which of the following application software libraries can raise questions about data ownership rights?

a. Test library

b. Quality assurance library

c. Reusable library

d. Production library

175. c. A reusable library can improve software productivity and quality by increasing the efficient reuse of error-free code for both new and modified application software. “Who owns the reusable code?” is a legal question that requires a careful answer due to difficulty in tracing to the original author of the software.

A test library is incorrect because it is where the new software is developed or the existing software is modified. A quality assurance library is incorrect because it is a staging area where final quality reviews and production setup procedures take place. A production library is incorrect because it is the official place where operational programs reside and execute to process data. Data ownership rights in these three libraries (test, quality assurance, and production) are clear and traceable to the author(s).

176. Which of the following application software testing approaches does not require stubs or drivers?

a. Top-down approach

b. Bottom-up approach

c. Sandwich approach

d. Big-bang approach

176. d. The big-bang approach puts all the units or modules together at once, with no stubs or drivers. In it, all the program units are compiled and tested at once.

Top-down approach is incorrect because it uses stubs. The actual code for lower level units is replaced by a stub, which is a throwaway code that takes the place of the actual code. Bottom-up approach is incorrect because it uses drivers. Units at higher levels are replaced by drivers that emulate the procedure calls. Drivers are also a form of throwaway code. Sandwich approach is incorrect because it uses a combination of top-down (stubs) and bottom-up (drivers) approaches.

177. Which of the following is a less-formal review technique?

a. Inspections

b. Traceability analysis

c. Reviews

d. Walkthroughs

177. d. A walkthrough is an evaluation technique in which a designer or programmer leads one or more other members of the development team through a segment of design or code, whereas the other members ask questions and make comments about technique, style, and identify possible errors, violations of development standards, and other problems. Walkthroughs are similar to reviews but are less formal.

Inspections are incorrect because they are an evaluation technique in which application software requirements, design, code, or other products are examined by a person or group other than the author to detect faults, violations of development standards, and other problems. Inspections are more formal than walkthroughs.

Traceability analysis is incorrect because it is the process of verifying that each specified requirement has been implemented in the design/code, that all aspects of the design/code have their basis in the specified requirements, and that testing produces results compatible with the specified requirements. Traceability analysis is more formal than walkthroughs.

Reviews are incorrect because a review is a meeting at which the requirements, design, code, or other products of software development project are presented to the user, sponsor, or other interested parties for comment and approval, often as a prerequisite for concluding a given phase of the software development process. Reviews are more formal than walkthroughs.

178. Inspections cannot detect which of the following errors in application software?

a. Incomplete requirements errors

b. Infeasible requirements errors

c. Conflicting requirements errors

d. Input/output description errors

178. d. An inspection is an evaluation technique in which software requirements, design, code, or other products are examined by a person or group, other than the author, to detect faults, violations of development standards, and other problems. Input/output description errors are detected in the interface testing phase. The type of errors detected in inspections includes incomplete requirements errors, infeasible requirements errors, and conflicting requirements errors.

179. Which of the following is an example of a dynamic analysis to detect application software errors?

a. Inspections

b. Code reading

c. Testing

d. Tracing

179. c. Dynamic analysis techniques involve the execution of a product and analysis of its response to sets of input data to determine its validity and to detect errors. The behavioral properties of the program are also observed. The most common type of dynamic analysis technique is testing. Testing of software is usually conducted on individual components (for example, subroutines and modules) as they are developed, on software subsystems when they are integrated with one another or with other system components, and on the complete system. Another type of testing is acceptance testing performed before the user accepts the product.

Inspections, code reading, and tracing are examples of static analysis. Static analysis is the analysis of requirements, design, code, or other items either manually or automatically, without executing the subject of the analysis to determine its lexical and syntactic properties as opposed to its behavioral properties.

180. Decision tables are used in which of the following phases of a system development life cycle (SDLC)?

~ 136 ~