c. Design reviews
d. Unit test
57. b. It is possible to quantify the return on investment (ROI) for various quality improvement activities. Studies have shown that quality ROI is highest when software products are reviewed with user customers. This is followed by code inspection by programmers, design reviews with the project team, and unit testing by programmers.
58. The IT operations management of KPT Corporation is concerned about the reliability and availability data for its four major, mission-critical information systems that are used by business end-users. The KPT corporate management’s goal is to improve the reliability and availability of these four systems in order to increase customer satisfaction both internally and externally. The IT operations management collected the following data on percent reliability. Assume 365 operating days per year and 24 hours per day for all these systems. The IT operations management thinks that system reliability is important in providing quality of service to end-users. System Reliability 1 99.50 2 97.50 3 98.25 4 95.25
Which of the following systems has the highest downtime in a year expressed in hours and rounded up?
a. System 1
b. System 2
c. System 3
d. System 4
58. d. The system 4 has the highest downtime in hours. Theoretically speaking, the higher the reliability of a system, the lower its downtime (including scheduled maintenance), and higher the availability of that system, and vice versa. In fact, this question does not require any calculations to perform because one can find out the correct answer just by looking at the reliability data given in that the lower the reliability, the higher the downtime, and vice versa.
Calculations for System 1 are shown below and calculations for other systems follow the System 1 calculations.
Downtime = (Total hours) × [(100 − Reliability%)/100] = 8,760 × 0.005 = 44 hours
Availability for System 1 = [(Total time − Downtime)/Total time] × 100 = [(8,760 − 44)/8,760] × 100 = 99.50%
Check: Availability for System 1 = [Uptime/(Uptime + Downtime)] × 100 = (8,716/8,760) × 100 = 99.50%
59. Which of the following is the most important requirement for a software quality program to work effectively?
a. Quality metrics
b. Process improvement
c. Software reengineering
d. Commitment from all parties
59. d. A software quality program should reduce defects, cut service costs, increase customer satisfaction, and increase productivity and revenues. To achieve these goals, commitment by all parties involved is the most important factor. The other three factors such as quality metrics, process improvement, and software reengineering have some merit, but none is sufficient on its own.
60. As the information system changes over time, which of the following is required to maintain the baseline configuration?
a. Enterprise architecture
b. New baselines
c. Operating system
d. Network topology
60. b. Maintaining the baseline configuration involves creating new baselines as the information system changes over time. The other three choices deal with information provided by the baseline configuration as a part of standard operating procedure.
61. Software quality is not measured by:
a. Defect levels
b. Customer satisfaction
c. Time-to-design
d. Continuous process improvement
61. c. Quality is more than just defect levels. It should include customer satisfaction, time-to-market, and a culture committed to continuous process improvement. Time-to-design is not a complete answer because it is a part of time-to-market, where the latter is defined as the total time required for planning, designing, developing, and delivering a product. It is the total time from concept to delivery. These software quality values lead to quality education, process assessments, and customer satisfaction.
62. Which of the following responds to security incidents on an emergency basis?
a. Tiger team
b. White team
c. Red team
d. Blue team
62. b. A white team is an internal team that initiates actions to respond to security incidents on an emergency basis. Both the red team and blue team perform penetration testing of a system, and the tiger team is an old name for the red team.
63. Which of the following is the most important function of software inventory tools in maintaining a consistent baseline configuration?
a. Track operating system version numbers.
b. Track installed application systems.
c. Scan for unauthorized software.
d. Maintain current patch levels.
63. c. Software inventory tools scan information for unauthorized software to validate against the official list of authorized and unauthorized software programs. The other three choices are standard functions of software inventory tools.
64. A user’s session auditing activities are performed in consultation with which of the following?
a. Internal legal counsel and internal audit
b. Consultants and contractors
c. Public affairs or media relations
d. External law enforcement authorities and previous court cases
64. a. An information system should provide the capability to capture/record, log, and view all the content related to a user’s session in real time. Session auditing activities are developed, integrated, and used with internal legal counsel and internal audit departments. This is because these auditing activities can have legal and audit implications.
Consultants and contractors should not be contacted at all. It is too early to talk to the public affairs or media relations within the organization. External law enforcement authorities should be contacted only after the session auditing work is completed and only after there is a discovery of high-risk incidents.
65. Regarding access restrictions associated with changes to information systems, which of the following makes it easy to discover unauthorized changes?
a. Physical access controls
b. Logical access controls
c. Change windows
d. Software libraries
65. c. Change windows mean changes occur only during specified times, and making unauthorized changes outside the window are easy to discover. The other three choices are also examples of access restrictions, but changes are not easy to discover in them.
66. Which of the following is an example of software reliability metrics?
a. Number of defects per million lines of source code with comments
b. Number of defects per function point