An employee working at home complains that some of her messages to fellow employees at the

firm's headquarters site are not getting through. What might be the problem?

Why is data mobility a security threat to businesses?

See Full Question And Answer at solutionrank.com

How should a corporation decide the appropriate level of resources to devote to securing its
data?

a) What is an IDS? b) Is an IDS a preventative, detective, or restorative control? c) What are

false positives? d) Why are false positives problems for IDSs?

a) What is the Danvers Doctrine? b) Distinguish between security in SNMP V1 and security in
SNMP V2. c) Distinguish between security in SNMP V2 and security in SNMP V3. d) What still
needs to be done for SNMP security?

a) Why must you know a server's role to know how to protect it? b) Why is it important to
minimize both main applications and subsidiary applications? c) Why are security baselines
needed for installing applications? d) Why is it important to minimize permissions for
application programs? e) Why is application-

How could corporations guard against threats from new IP-enabled devices?

See Full Question And Answer at solutionrank.com

What is a concurrency flaw?

Critique the safety of each of the following passwords, giving your specific reasoning. a)
Swordfish b) Lt6^ c) Processing1 d) Nitt4aGm^?

a) Distinguish between WWW service and e-commerce service. b) What kinds of external access
are needed for e-commerce? c) Does the webmaster or e-commerce administrator have control
over the security of other servers? d) Why are custom programs especially vulnerable?

a) What software must be patched on an e-commerce server? b) What three other webserver
protections were mentioned in the text? c) Where is an application proxy firewall placed relative
to the webserver?

A company is warned by its credit card companies that it will be classified as a high-risk firm
unless it immediately reduces the number of fraudulent purchases made by its e-commerce
clients. Come up with a plan to avoid this outcome?

See Full Question And Answer at solutionrank.com

a) Distinguish between file/directory data backup and image backup. b) Why is file/directory
backup attractive compared with image backup? c) Why is image backup attractive compared
with file/directory data backup? d) What is shadowing? e) What is the advantage of shadowing
over file/directory data backup? f)

a) Distinguish between transport and signaling? b) In Figure 8-25, is the packet shown a
transport packet or a signaling packet? c) What are the two main signaling standards in VoIP? d)
What does the registrar server do? (Don't say, "It registers things.") e) What type of SIP message
does a VoIP phone use when i

Would IT security policies need to be adjusted for corporate offices in different countries? Why
or why not?

Why would Web threats see such a drastic six-fold (600%) increase?

a) What authentication mechanisms are common on IP telephones? b) What does SIP Identity
ensure? c) How can eavesdropping be thwarted? d) What sound quality problem may encryption
create? e) Why do firewalls have problems with typical VoIP traffic? f) For SIP signaling, what
port has to be opened on firewalls

See Full Question And Answer at solutionrank.com

How will diverse computing platforms affect IT security?

Why do you think UNIX has such a limited ability to assign permissions compared with
Windows?

Could a ban on all IP-enabled devices from outside the corporation be a workable policy? Why
or why not?

a) What is case law? b) What are jurisdictions? c) What is cyberlaw? d) What are the three levels
of U.S. federal courts? e) Which levels can create precedents? f) Does federal jurisdiction
typically extend to computer crimes that are committed entirely within a state and that do not
have a bearing on interst

a) Why is spreadsheet security an IT security concern? b) What two protections should be

applied to spreadsheets? c) Briefly list the functions of a vault server? d) Comment on vault
server authorizations? e) Describe vault server auditing?

See Full Question And Answer at solutionrank.com

a) What is a DBMS? b) Can a DBMS manage multiple databases? Why? c) How can validation
protect against a SQL injection attack? d) How can sanitation protect against a SQL injection
attack?
How much data would you lose if your computer's hard drive crashed right now? Could you
reduce the amount of data that would be lost? How?

a) What should backup creation policies specify? b) Why are restoration tests needed? c) Where
should backup media be stored for the long term? d) What should be done about backup media
until they are moved? e) Why is the encryption of backup media critical? f) What three dangers
require control over access t

a) What is the major attraction of a HIDS? b) What are the two weaknesses of host IDSs? c) List
some things at which host operating system monitors look?

a) Why don't most companies do full backup every night? b) What is incremental backup (be
precise)? c) A company does a full backup one night. Call this backup Cardiff. On three
successive nights, it does incremental backups, which it labels Greenwich, Dublin, and Paris. In
restoration, what backups must be restor

See Full Question And Answer at solutionrank.com

Why have the incidents of data loss seen a rise in the past few years?

a) What are the advantages of RAID 5 over RAID 1? b) Which RAID level discussed in this
chapter has the fastest read-write speeds? c) Is RAID 5 appropriate for home users? Why, or why
not?

What is the purpose of a "hidden" volume? (This was an option when you created the first
volume.)?

a) What are the four functions of IDSs? b) What are the two types of analysis that IDSs usually
do? c) What types of action did this section mention? d) What information should alarms
contain? e) What is the purpose of log summary reports? f) Describe interactive log file analysis?

What password-cracking method would be used for each of the following passwords? a)
Swordfish b) Lt6^ c) Processing1 d) Nitt4aGm^?

See Full Question And Answer at solutionrank.com

Do you think programmers should be allowed to develop server-side dynamic webpages, given
the dangers that are involved in their doing so?

a) What is the difference between data and information? b) How can data be protected while it is
being transmitted? c) How can data be protected while it is being processed? d) What are some
ways that data can be attacked when it is stored? e) How can data be protected while it is being
stored?

a) How is the diversity of Linux/UNIX offerings bad? b) How is it good?

a) What different actions do criminal and civil law deal with? b) How do punishments differ in
civil and criminal law? c) Who brings lawsuits in civil and criminal cases? d) What is the normal
standard for deciding a case in civil and criminal trials? e) What is mens rea? f) In what type of
trial is mens rea

a) What is Data Loss Prevention (DLP)? b) Are there some types of data that are too risky to
collect? c) What is PII? Please give a couple examples of PII. d) What is data masking?

See Full Question And Answer at solutionrank.com

a) How does a SQL injection attack work? b) What is SQL? c) What is error-based inference? d)
What is the difference between in-band and out-of-band SQL injection? e) What is blind SQL
injection? f) How can SQL injection be prevented?

How can organizations limit their exposure to malware?

a) What is eavesdropping? b) Why can DoS attacks be successful even if they only increase
latency slightly? c) Why is caller impersonation especially dangerous in VoIP? d) Why are
hacking and malware dangerous in VoIP? e) What is toll fraud? f) What is SPIT? g) Why is SPIT
more disruptive than e-mail SPAM?

What are keyfiles and how do they work?

a) Why should a senior manager head the CSIRT? b) Why should members of affected line
departments be on CSIRT? c) Who is the only person who should speak on behalf of the firm? d)
Why should the firm's legal counsel be on the CSIRT? e) Why should a firm's human resource
department be on the CSIRT?

See Full Question And Answer at solutionrank.com

a) What is Skype? b) Why is Skype's use of proprietary software problematic? c) What problem
is there with Skype's encryption for confidentiality? d) Does Skype control who can register a
particular person's name? e) Why do firewalls have a difficult time controlling Skype? f) Does
Skype's file transfer gener

a) What is DRM? Give an example of how DRM works. b) Why is DRM desirable? c) Give
some examples of use restrictions that a company may wish to impose on a document. d) How
can many DRM protections against unauthorized printing be circumvented? e) What is the
purpose of data extrusion management? f) How can DL

a) What are the advantages of centralized backup compared with local backup? b) Define CDP.
c) Why is CDP attractive? d) Why is it expensive? e) Why is backup over the Internet to a
backup storage provider attractive for client PC users? f) What security risk does it create? g)
What is mesh backup? h) Wha
Client-side scripting attacks usually require the client to visit a webserver with malicious content.
How do you think attackers get users to visit such webpages?

In their purest form, netbooks are PCs designed to have little or no software stored on them.
Instead, they are designed to use cloud computing, in which the software and data are both stored
on Internet servers. Netbooks in this pure form can only work when they have an Internet
connection. Based on what you learned i

See Full Question And Answer at solutionrank.com

a) Why are HTML bodies in e-mail messages dangerous? b) What is spam? c) What three
problems does spam create? d) Why is spam filtering dangerous? e) For what legal reason should
companies filter sexually or racially harassing message content? f) What is extrusion prevention?
g) Why is extrusion prevention

a) Why was Walmart able to respond quickly? b) List at least three actions that Walmart took
that you might not have thought of.

a) List the ways in which data can be lost, adding some of your own. b) How does backup ensure
availability?

a) What is a multi-tiered architecture? Why is it important? b) How could a multi-tiered

architecture stop or mitigate the effects of an attack? c) Why is changing the default database
listening port important?

a) Why is magnetic tape desirable as a backup medium? b) Why is tape not desirable? c) Why is
backup onto another hard drive attractive?

See Full Question And Answer at solutionrank.com

a) What is precision in an IDS? b) What are false positives, and why are they bad? c) What are
false negatives, and why are they bad? d) How can tuning reduce the number of false positives?
e) What does an IDS do if it cannot process all of the packets it receives? f) What may happen if
a system runs out of s

Why do you think companies often fail to harden their clients adequately?

What are the advantages for IT security professionals having a training environment like the
WebGoat platform?

How might a corporation be hurt by acknowledging a large-scale data loss?

a) What is website defacement? b) Why is it damaging? c) In directory access commands and

URLs, what does ".." represent? d) What are directory traversal attacks? e) Create a URL to
retrieve the file aurigemma.htm under the rainbow directory on the host www.pukanui.com. The
WWW root is three levels below the sy

See Full Question And Answer at solutionrank.com

a) What is the advantage of a distributed IDS? b) Name the elements in a distributed IDS. c)
Distinguish between the manager and agents. d) Distinguish between batch and real-time
transfers for event data. e) What is the advantage of each type? f) What two types of
communication must be secure?

a) What is VoIP? b) Distinguish between IP telephones and soft phones. c) A soft phone is a
computer with hardware and software for VoIP. d) What does RTP add to compensate for the
limitations of UDP?

Could a subcontractor with weak security practices make a corporation more vulnerable? How?

Could you get enough information from the Internet to take out a loan in another person's name?

How can malware writers adapt to software detection techniques?

See Full Question And Answer at solutionrank.com

Why are corporations worried about insider threats with respect to data loss?

What do you think the impact of social networking will have on data security? Provide your
reasoning?

Why do so many data thefts originate from outside the victim's host country (Hint: Extradition)?

a) Could web scraping be a threat to a corporation? Why? b) What are mashups? Give an
example. c) What is the difference between a spider and a web scraper? d) Is web scraping
ethical, legal, criminal? Why?

Why isn't this functionality included with Windows?

See Full Question And Answer at solutionrank.com

a) Why do hackers attack browsers? b) What is mobile code? c) Why is it called mobile code? d)
What is a client-side script? e) What is a Java applet? f) Why is Active-X dangerous? g) How do
scripting languages compare to full programming languages? h) Is JavaScript a scripted form of
Java?

After seeing the impact of the hacked Twitter account, would news organizations become even
more attractive targets? Why or why not?
a) At what information do NIDSs look? b) Distinguish between stand-alone NIDSs and switch-
based or router-based NIDSs. c) What are the strengths of NIDSs? d) What are the two
weaknesses of NIDSs?

a) Are e-mail messages sent by employees private? b) What should employees be trained not to
put in e-mail messages?

a) How are linking attributes used to connect disparate databases? b) Explain information
triangulation? c) What are the odds of correctly identifying a person based on their ZIP code,
date of birth, and gender? Why? d) What is profiling?

See Full Question And Answer at solutionrank.com

a) Why is encryption usually attractive for sensitive data from a legal standpoint? b) How long
must an encryption key be to be considered strong today? c) What happens if the encryption key
is lost? d) How do companies address this risk? e) Why is entrusting users to do key escrow
risky? f) In what sense is e

a) What can users do to enhance browser security? b) Under Internet Options in IE, what can the
user do on the Security tab? d) In which tab are cookies controlled?

How could highly integrated information systems be a threat to corporations?

a) In staged development, what three servers do companies use? b) What permissions does the
developer have on the development server? c) On the testing server? d) On the production
server? e) On what servers does the tester have access permissions?

a) What is parity? b) How does the XOR operator work? c) How can parity be used to restore
lost data? d) How long would it take to recalculate the data on a lost disk?

See Full Question And Answer at solutionrank.com

a) Why is it important to destroy data on backup media and PCs before discarding them or
transferring them to someone else? b) What is the difference between basic file deletion and
wiping? c) Is it safe to wipe a hard disk and then give it to someone else? Why, or why not? d)
What does degaussing do? e) Name some

a) Can good planning and protection eliminate security incidents? b) Name three terms that
successful attacks are commonly called?

a) What section of which title of the U.S. Code prohibits hacking? b) What other attacks does it
prohibit? c) Does it protect all computers? d) What are damage thresholds? e) What types of acts
does 18 U.S.C. § 2511 prohibit?
a) In IM, what does a presence server do? b) What does a relay server do? c) For corporate IM,
what are the advantages of using a relay server instead of only a presence server?

a) What types of database events should be audited? b) How could SQL triggers be used to
secure a database? c) What is a DDL trigger? d) What is a DML trigger?

See Full Question And Answer at solutionrank.com

a) Why are integrated log files good? b) Why are they difficult to create? c) Explain the time
synchronization issue for integrated log files. d) How do companies achieve time
synchronization? e) What is event correlation? f) Distinguish between aggregation and event
correlation. g) Why is analyzing log fil

a) What is a buffer? b) What is a buffer overflow attack? c) What impacts can buffer overflows
have? d) In a stack overflow, what is overwritten by the overflow? e) To where does the
overwritten return address point? f) In the IIS IPP buffer overflow attack, what buffer is
overflowed?

As data loss admissions become more widespread, how would they affect consumers' willingness
to share information with corporations?

Could an insider use the fact that news feeds are scanned for trading decisions to manipulate the
stock market? How?

a) Is encryption widely used in e-mail? b) What part of the e-mail process does SSL/TLS usually
secure? c) Is this end-to-end security? Explain. d) What standards provide end-to-end security?
e) Compare PGP and S/MIME in terms of how applicants learn the true party's public key? f)
Describe the advantages and

See Full Question And Answer at solutionrank.com

a) How can disk arrays ensure data reliability and availability? b) Explain RAID 0. c) Explain
RAID 1. d) Explain RAID 5.

How could new IP-enabled devices pose a security risk for a corporation?

a) Why is retaining e-mail for a long period of time useful? b) Why is it dangerous? c) What is
legal discovery? d) What are courts likely to do if it would be very expensive for a firm to
discover all of its e-mail pertinent to a case? e) What can happen if a firm fails to retain required
e-mail? f) What is

a) What is a login screen bypass attack? b) What is a cross-site scripting (XSS) attack? c) What
is an SQL injection attack? d) What attitude should programmers have about user input? e) What
training should programmers who do custom programming have?
How must IT security evolve to address the development of new devices?

See Full Question And Answer at solutionrank.com

a) What are the three major recovery options? b) For what two reasons is repair during
continuing operation good? c) Why may it not work? d) Why is the restoration of data files from
backup tapes undesirable? e) What are the potential problems with total software reinstallation?
f) How does having a disk imag

Exercise 2.7 explored simple register renaming: when the hardware register renamer sees a
source register, it substitutes the destination T register of the last instruction to have targeted that
source register. When the rename table sees a destination register, it substitutes the next available
T for it. But superscal

(a) What is the purpose of SNMP? (b) Distinguish between the SNMP GET and SET commands.
(c) Why do many organizations disable the SET command?

Why does your computer send so many packets? Why not send just one really big packet?

Computers spend most of their time in loops, so multiple loop iterations are great places to
speculatively find more work to keep CPU resources busy. Nothing is ever easy, though; the
compiler emitted only one copy of that loop's code, so even though multiple iterations are
handling distinct data, they will appear to u

See Full Question And Answer at solutionrank.com

List the four security problems with protocols. Write one sentence describing each.

a) What must be done to restore data at a backup site via tapes? b) How does this change if a
firm uses continuous data protection?

a) What is a honeypot? b) How can honeypots help companies detect attackers? c) Could a
honeypot attract unwanted attention from attackers?

After you restore files following an incident, users complain that some of their data files are
missing. What might have happened?

(a) Distinguish between LANs and WANs. (b) Why do companies use carriers for WAN
transmission? (c) What two WAN technologies are illustrated in the figure (Figure A-4)? (d)
Why is carrier WAN traffic generally considered safe?

See Full Question And Answer at solutionrank.com

(a) What kind of IP addresses do servers get? (b) Why are DHCP servers used? (c) Will a PC get
the same dynamic IP address each time it uses the Internet? (d) Both DHCP servers and DNS
servers give IP addresses. How do these IP addresses differ?
(a) Why would a host contact a DNS server? (b) If a local DNS server does not know the IP
address for a host name, what will it do? (c) What kind of organization must maintain one or
more DNS servers? (d) What is DNS cache poisoning? (e) Describe the status of DNSSEC. (f)
Why are root servers attacked?

Let us now consider less favorable scenarios for extraction of instruction-level parallelism by a
run-time hardware scheduler in the hash table code in Figure 3.14 (the general case). Suppose
that there is no longer a guarantee that each bucket will receive exactly one item. Let us
reevaluate our assessment of the para

On August 24, 2005, three Web sites managed by the Gap-Gap.com, OldNavy.com, and
BananaRepublic.com-were taken down for improvements [AP 2005]. These sites were virtually
inaccessible for the next two weeks. Using the statistics in Figure 1.25, answer the following
questions, which are based in part on hypothetical ass

You are advising a small company. a) Would you recommend using a firewall? Explain. b)
Would you recommend using antivirus filtering? Explain. c) Would you recommend an intrusion
detection system? Explain.

See Full Question And Answer at solutionrank.com

Do they have honeypots for spammers to keep them from harvesting e-mails from your
webpages?

A firm is trying to decide whether to place its backup center in the same city or in a distant city.
List the pros and cons of each choice?

(a) In what sense is IPsec a general protection strategy for all internet, transport, and application
protocols? (b) Does IPsec work with IPv4, IPv6, or both? (c) Compare IPsec transport mode and
tunnel mode.

Think about what latency numbers really mean-they indicate the number of cycles a given
function requires to produce its output, nothing more. If the overall pipeline stalls for the latency
cycles of each functional unit, then you are at least guaranteed that any pair of back-to-back
instructions (a "producer" followed

Examine the integrated log file shown in Figure 10-19. a) Identify the stages in this apparent
attack. b) For each stage, describe what the attacker seems to be doing? c) Decide whether the
actions in this stage work at human speed or at a higher speed, indicating an automated attack. d)
Decide whether the evidence

See Full Question And Answer at solutionrank.com

a) What four protections can firms provide for people during an emergency? b) Why is
accounting for all personnel important? (The answer is not in the text.) c) Why does human
cognition in crises call for extensive pre-planning and rehearsal? d) Why is it necessary not to
make plans and processes for crisis recove

Consider the advanced directory protocol described above and the cache contents from Figure
4.20. What are the sequence of transient states that the affected cache blocks move through in
each of the following cases? a. P0: read 100 b. P0: read 120 c. P0: write 120 <-- 80 d. P15: write
120 <-- 80 e. P1: read 110 f

Figure 1.24 gives a comparison of power and performance for several benchmarks comparing
two servers: Sun Fire T2000 (which uses Niagara) and IBM x346 (using Intel Xeon processors).
a. Calculate the performance/power ratio for each processor on each benchmark. b. If power is
your main concern, which would you choose?

(a) Which organization creates Internet standards? (b) What is the name of its standards
architecture? (c) What is an RFC? (d) How can you tell which RFCs are Internet Official
Protocol Standards?

For each part of this exercise, assume the initial cache and memory state in Figure 4.42. Each
part of this exercise specifies a sequence of one or more CPU operations of the form: P#: [<-- ]
Where P# designates the CPU (e.g., P0), is the CPU operation (e.g., read or write), denotes the
memory address, and indic

See Full Question And Answer at solutionrank.com

What other recovery options does Recuva come with?

Exercise 4.5 asks you to add the Exclusive state to the simple MSI snooping protocol. Discuss
why this is much more difficult to do with the simple directory protocol. Give an example of the
kinds of issues that arise.

Every cycle that does not initiate a new operation in a pipe is a lost opportunity, in the sense that
your hardware is not "living up to its potential." a. In your reordered code from Exercise 2.5,
what fraction of all cycles, counting both pipes, were wasted (did not initiate a new op)? b. Loop
unrolling is one stan

Consider the advanced directory protocol described above and the cache contents from Figure
4.42. What are the sequence of transient states that the affected cache blocks move through in
each of the following cases? In all cases, assume that the processors issue their requests in the
same cycle, but the directory order

(a) What is an octet? (b) What is a host? (c) Is a home PC connected to the Internet a host? (d)
Distinguish between the terms internet and Internet.

See Full Question And Answer at solutionrank.com

Consider a multiple-issue design. Suppose you have two execution pipelines, each capable of
beginning execution of one instruction per cycle, and enough fetch/decode bandwidth in the front
end so that it will not stall your execution. Assume results can be immediately forwarded from
one execution unit to another, or to

Which forms of fraud are the most costly? Why?

Exercise 4.5 asks you to add the Exclusive state to the simple MSI snooping protocol. Discuss
why this is much more difficult to do with the switched snooping protocol. Give an example of
the kinds of issues that arise.

Your company has just bought a new dual Pentium processor, and you have been tasked with
optimizing your software for this processor. You will run two applications on this dual Pentium,
but the resource requirements are not equal. The first application needs 80% of the resources,
and the other only 20% of the resources

The switched snooping protocol above supports sequential consistency in part by making sure
that reads are not performed while another node has a writeable block and writes are not
performed while another processor has a writeable block. A more aggressive protocol will
actually perform a write operation as soon as it r

See Full Question And Answer at solutionrank.com

a) Why is speed of response important? b) Why is accuracy of response important? c) Define

incident response in terms of planning. d) Why are rehearsals important? e) What is a
walkthrough or table-top exercise? f) Why is a live test better? g) What is the problem with live
tests?

Make the following calculations on the raw data in order to explore how different measures color
the conclusions one can make. (Doing these exercises will be much easier using a spreadsheet.)
a. Create a table similar to that shown in Figure 1.26, except express the results as normalized to
the Pentium D for each benc

Exercise 4.3 asks you to add the Owned state to the simple MSI snooping protocol. Repeat the
question, but with the switched snooping protocol above.

One critical factor in powering a server farm is cooling. If heat is not removed from the computer
efficiently, the fans will blow hot air back onto the computer, not cold air. We will look at how
different design decisions affect the necessary cooling, and thus the price, of a system. Use
Figure 1.23 for your power ca

What effect does the "condition" of the file have on its ability to be recovered?

See Full Question And Answer at solutionrank.com

What impact would more open ports have on the ability of your honeypot to attract hackers?

Would this work on your cell phone if it were connected to your computer?

Assume a five-stage single-pipeline microarchitecture (fetch, decode, execute, memory, write

back) and the code in Figure 2.41. All ops are 1 cycle except LW and SW, which are 1 + 2
cycles, and branches, which are 1 + 1 cycles. There is no forwarding. Show the phases of each
instruction per clock cycle for one iteratio

What would be the baseline performance (in cycles, per loop iteration) of the code sequence in
Figure 2.35 if no new instruction execution could be initiated until the previous instruction
execution had completed? Ignore front-end fetch and decode. Assume for now that execution
does not stall for lack of the next instr

(a) Why are dynamic routing protocols needed? (b) What is the main TCP/IP interior dynamic
routing protocol for large networks? (c) What is the main TCP/IP exterior dynamic routing
protocol? (d) Why is Cisco's EIGRP attractive? (e) Is a company free to select its interior
dynamic routing protocol, exterior dyna

See Full Question And Answer at solutionrank.com

Exercise 4.3 asks you to add the Owned state to the simple MSI snooping protocol. Repeat the
question, but with the simple directory protocol above.

a) List the four steps in business process analysis? b) Explain why each is important?

(a) Distinguish between physical links and data links. (b) What advantage of optical fiber over
UTP was listed in the text? (c) Why is spread-spectrum transmission used in wireless LANs? (d)
Why are switch supervisory frames needed? (e) Why does optical fiber have better inherent
security than UTP? (f) What danger

The performance of a snooping cache-coherent multiprocessor depends on many detailed

implementation issues that determine how quickly a cache responds with data in an exclusive or
M state block. In some implementations, a CPU read miss to a cache block that is exclusive in
another processor's cache is faster than a mis

When IDSs generate alerts, it can send them to a console in the security center, to a mobile
phone, or via e-mail. Discuss the pros and cons of each?

See Full Question And Answer at solutionrank.com

(a) What is the TCP/IP internet layer supervisory protocol? (b) Describe ping. (c) Describe
ICMP error messages. (d) What information does ping give an attacker? (e) What information
does tracert give an attacker? (f) What information does an ICMP error message give an
attacker?
(a) What is the purpose of the TCP window field? (b) How does the window field automatically
control congestion? (c) Does TCP use options frequently?

Sequential consistency (SC) requires that all reads and writes appear to have executed in some
total order. This may require the processor to stall in certain cases before committing a read or
write instruction. Consider the following code sequence: Write A Read B Where the write A
results in a cache miss and the re

(a) What two standards agencies govern OSI? (Just give their acronyms.) (b) Distinguish
between OSI and ISO. (c) How many layers does the OSI architecture have? (d) Which of these
layers are similar to the layers in TCP/IP? (e) Compare the TCP/IP application layer with
comparable OSI layers.

(a) What is the attraction of UDP? (b) What kinds of applications specify the use of UDP at the
transport layer? (c) Why is UDP more dangerous than TCP?

See Full Question And Answer at solutionrank.com

Can hackers tell that you have a honeypot running?

The main reliability measure is MTTF. We will now look at different systems and how design
decisions affect their reliability. Refer to Figure 1.25 for company statistics. a. We have a single
processor with an FIT of 100. What is the MTTF for this system? b. If it takes 1 day to get the
system running again, what is

Why are merchants usually responsible for merchandise purchased with stolen credit cards?

Which forms of fraud are the most common? Why?

(a) How long are traditional IP addresses? (b) What are the three parts of an IP address? (c) Why
are masks needed? (d) What is the main advantage of IPv6?

See Full Question And Answer at solutionrank.com

You are trying to figure out whether to build a new fabrication facility for your IBM Power5
chips. It costs $1 billion to build a new fabrication facility. The benefit of the new fabrication is
that you predict that you will be able to sell 3 times as many chips at 2 times the price of the old
chips. The new chip will

(a) What architecture do most firms actually use? (b) In the hybrid TCP/IP-OSI architecture,
which layers come from OSI? (d) From what standards architecture do application layer
standards come?

Reorder the instructions to improve performance of the code in Figure 2.35. Assume the two-
pipe machine in Exercise 2.3, and that the out-of-order completion issues of Exercise 2.4 have
been dealt with successfully. Just worry about observing true data dependences and functional
unit latencies for now. How many cycles

(a) A packet has the source socket 1.2.3.4:47 and the destination socket 10.18.45.123:4400. Is
the source host a client or a server? Explain. (b) Is the destination host a client or a server?
Explain. (c) A server sends a packet with the source socket 60.32.1.79:25. What kind of server is
it? Explain. (d) What is so

(a) If the header length field's value is 6 and the total length field's value is 50, how long is the
data field? Show your work. (b) What is the general function of the second row in the IPv4
header? (c) Why is a TTL field needed? (d) If a router receives a packet with a TTL value of 1,
what will it do? (e) Wha

See Full Question And Answer at solutionrank.com

(a) What is a local area network? (b) What is the customer premises? (c) Distinguish between
workgroup switches and core switches. (d) Why is UTP dangerous? (e) Why is 802.1X needed?

The switched interconnect increases the performance of a snooping cache-coherent

multiprocessor by allowing multiple requests to be overlapped. Because the controllers and the
networks are pipelined, there is a difference between an operation's latency (i.e., cycles to
complete the operation) and overhead (i.e., cycles

Your company's internal studies show that a single-core system is sufficient for the demand on
your processing power. You are exploring, however, whether you could save power by using two
cores. a. Assume your application is 100% parallelizable. By how much could you decrease the
frequency and get the same performance

If you ever get confused about what a register renamer has to do, go back to the assembly code
you're executing, and ask yourself what has to happen for the right result to be obtained. For
example, consider a three-way superscalar machine renaming these three instructions
concurrently: ADDI............. R1, R1, R1 A

To get out of taking exams, students occasionally phone in bomb threats just before the exam.
Create a plan to deal with such attacks. This should take one single-spaced page. It should be
written by you (a policy advisor) for your dean to approve and post in your college?

See Full Question And Answer at solutionrank.com

Why are workers in accounting, operations, sales, executive/upper management, customer

service, and purchasing functions most likely to commit fraud?

a) What do business continuity plans specify? b) Distinguish between business continuity plans
and IT disaster recovery plans.
Directory protocols are more scalable than snooping protocols because they send explicit request
and invalidate messages to those nodes that have copies of a block, while snooping protocols
broadcast all requests and invalidates to all nodes. Consider the 16-processor system illustrated
in Figure 4.42 and assume that a

Let's consider what dynamic scheduling might achieve here. Assume a microarchitecture as
shown in Figure 2.42. Assume that the ALUs can do all arithmetic ops (MULTD, DIVD, ADDD,
ADDI, SUB) and branches, and that the Reservation Station (RS) can dispatch at most one
operation to each functional unit per cycle (one op to

Imagine that your company is trying to decide between a single-processor system and a dual-
processor system. Figure 1.26 gives the performance on two sets of benchmarks-a memory
benchmark and a processor benchmark. You know that your application will spend 40% of its
time on memory-centric computations, and 60% of its

See Full Question And Answer at solutionrank.com

(a) What are the functions of an access router? Explain each function in one sentence. (b)
Describe the technology of 4-pair UTP wiring. (c) What is an Internet access line? (d) What is a
broadband modem? (e) Why is wireless transmission dangerous?

Imagine that the government, to cut costs, is going to build a supercomputer out of the cheap
processor system in Exercise 1.9 rather than a special purpose reliable system. What is the
MTTF for a system with 1000 processors? Assume that if one fails, they all fail?

a) What are the four severity levels of incidents? b) What is the purpose of a CSIRT? c) From
what parts of the firm do its members come? d) What is business continuity? e) Who should head
the business continuity team?

a) Distinguish between detection and analysis? b) Why is good analysis important for the later
stages of handling an attack? c) What is escalation?

a) What are the main alternatives for backup sites? b) What is the strength of each? c) What
problem or problems does each raise? d) Why is CDP necessary?

See Full Question And Answer at solutionrank.com

a) Why are business continuity plans more difficult to test than incident response plans? b) Why
is frequent plan updating important? c) Why must companies update contact information even
more frequently? d) For what two reasons is a business continuity staff necessary?

Why does a perpetrator's level of authority in the organization, or time working for the
organization, affect the average amount of money stolen?

a) What is IT disaster recovery? b) Why is it a business concern?

For each part of this exercise, assume the initial cache and memory state as illustrated in Figure
4.37. Each part of this exercise specifies a sequence of one or more CPU operations of the form:
P#: [ <-- ] Where P# designates the CPU (e.g., P0), is the CPU operation (e.g., read or write),
denotes the memory ad

Figure 1.23 presents the power consumption of several computer system components. In this
exercise, we will explore how the hard drive affects power consumption for the system. a.
Assuming the maximum load for each component, and a power supply efficiency of 70%, what
wattage must the server's power supply deliver to

See Full Question And Answer at solutionrank.com

Figure 1.22 gives the relevant chip statistics that influence the cost of several current chips. In
the next few exercises, you will be exploring the trade-offs involved between the AMD Opteron,
a single-chip processor, and the Sun Niagara, an 8-core chip. a. What is the yield for the AMD
Opteron? b. What is the yiel

In the multiple-issue design of Exercise 2.3, you may have recognized some subtle issues. Even
though the two pipelines have the exact same instruction repertoire, they are not identical nor
interchangeable, because there is an implicit ordering between them that must reflect the
ordering of the instructions in the ori

(a) Why are there usually two protocols for each application? (b) In e-mail, distinguish between
SNMP and POP. (c) Why are Telnet and FTP dangerous? (d) What secure protocol can be used
instead of Telnet and FTP? (e) What is the security standards situation in e-mail?

(a) Which organization created the Internet? (b) What is the function of a router? (c) Distinguish
between frames and packets. (d) If two hosts are separated by five networks, how many packets
will there be along the way when a host transmits a packet to another host? (e) If two hosts are
separated by five networks

a) Is it easier to punish employees or to prosecute outside attackers? b) Why do companies often

not prosecute attackers? c) What is forensics evidence? Contrast what cybercrimes the FBI and
local police investigate. d) Why should both be called? e) Under what conditions will you need
to hire a forensics expert

See Full Question And Answer at solutionrank.com

VLIW designers have a few basic choices to make regarding architectural rules for register use.
Suppose a VLIW is designed with self-draining execution pipelines: once an operation is
initiated, its results will appear in the destination register at most L cycles later (where L is the
latency of the operation). There a
In a server farm such as that used by Amazon or the Gap, a single failure does not cause the
whole system to crash. Instead, it will reduce the number of requests that can be satisfied at any
one time. a. If a company has 10,000 computers, and it experiences catastrophic failure only if
1/3 of the computers fail, what

(a) What are the three core standards layers? (b) Distinguish between the single-network core
layer and the internet core layer. (c) At what core layer do you find LAN standards? (d) At what
core layer do you find WAN standards? (e) At what core layer do you find standards for the
global Internet?

Do you think law enforcement agencies (e.g., CIA, FBI, NSA, etc.) in the United States run
honeypots to track criminal behavior?

(a) Describe a TCP session opening. (b) Describe a normal TCP closing. (c) Describe an abrupt
TCP closing. (d) Describe how reliability is implemented in TCP. (e) Describe a TCP half-open
DoS attack. (f) What information does a RST segment give an attacker?

See Full Question And Answer at solutionrank.com

What three things should a firm do about disaster recovery planning for office PCs?

The switched snooping protocol of Figure 4.40 assumes that memory "knows" whether a
processor node is in state Modified and thus will respond with data. Real systems implement this
in one of two ways. The first way uses a shared "Owned" signal. Processors assert Owned if an
"Other GetS" or "Other GetM" event finds the

Your colleague at Sun suggests that, since the yield is so poor, it might make sense to sell two
sets of chips, one with 8 working processors and one with 6 working processors. We will solve
this exercise by viewing the yield as a probability of no defects occurring in a certain area given
the defect rate. For the Niag

This part of our case study will focus on the amount of instruction-level parallelism available to
the run time hardware scheduler under the most favorable execution scenarios (the ideal case).
(Later, we will consider less ideal scenarios for the run time hardware scheduler as well as the
amount of parallelism availab

a) What is containment? b) Why is disconnection undesirable? c) What is black holing?

See Full Question And Answer at solutionrank.com

1. Describe the pros and cons of the UP approach versus XP and Scrum development approaches
to upgrading the existing systems or developing new ones. Do the pros and cons change if the
systems are replaced instead of upgraded? Do the pros and cons vary by system? If so, should
different development approaches be used f
In what ways do components make software development faster?

The South Dakota Department of Labor, Workers' Compensation division was sinking under a
load of paper files. As a state agency which ascertains that employees are treated fairly when
they are injured on the job, the agency had a plethora of paper files and filing cabinets. If a
person (or company) called to see the st

Compare and contrast BPA, BPI, and BPR. Which is most risky? Which has the greatest
potential value?

List two intangible benefits. Describe how these benefits can be quantified.

See Full Question And Answer at solutionrank.com

What is the difference between a methodology and a work plan? How are the two terms related?

What is the difference between intangible value and tangible value? Give three examples of
each.

Consider the Amazon.com website. The management of the company decided to extend its
Webbased system to include products other than books (e.g., wine, specialty gifts). How would
you have assessed the feasibility of this venture when the idea first came up? How "risky" would
you have considered the project that impleme

Review the description of the South Dakota workers' compensation project in Your Turn 1-3.
There were legal hurdles to implementing a digital solution to handle workers' compensation
claims. One hurdle was that the previous paper method had physical signatures from employees
signing off that they had received treatment

Compare and contrast phases, steps, techniques, and deliverables.

See Full Question And Answer at solutionrank.com

List two tangible benefits and two operational costs for a system. How would you determine the
values that should be assigned to each item?

The Unified Process (UP) was first developed by a company called Rational, which is now
owned by IBM. On the IBM Web site, find any information about UP tools available through
IBM/Rational. Briefly describe the suite of tools available. Also look on the IBM Web site and
other Web sites (such as the Agile Modeling Web

Describe the four steps of business process management. Why do companies adopt BPM as a
management strategy?

Explain how an expected value can be calculated for a cost or benefit. When would this be done?
Describe the major phases in the systems development life cycle (SDLC).

See Full Question And Answer at solutionrank.com

What does gradual refinement mean in the context of SDLC?

Explain the net present value and return on investment for a cost-benefit analysis. Why would
these calculations be used?

Describe a "risky" project in terms of technical feasibility. Describe a project that would not be
considered risky.

1. Which of the development approaches described in this chapter seem best suited to the
project? Why? Plan the first six weeks of the project under your chosen development approach.
2. What role will components play in the system being developed for Reliable? Does it matter on
which component related standards they’

What are the key factors in selecting a methodology?

See Full Question And Answer at solutionrank.com

Travelers Insurance Company of Hartford, Connecticut has adopted agile development

methodologies. The insurance field can be competitive, and Travelers wanted to have the
shortest “time to implement” in the field. Travelers set up development teams of six
people—two systems analysts, two representatives from the

Visit the Web sites of the Agile Alliance (www. agilealliance.com/home) and Agile Modeling
(www. agilemodeling.com/). Find some articles on project management in an agile environment.
Summarize key points that you think make project management more difficult in this
environment than in a traditional, predictive project

Describe the major elements and issues with waterfall development.

Describe the major elements and issues with throwaway prototyping.

Describe the three steps of the function point approach.

See Full Question And Answer at solutionrank.com

Describe the roles of the project sponsor and the approval committee.

Select a computer-aided software engineering (CASE) tool—either one that you will use for
class, a program that you own, or a tool that you can examine over the Web. Create a list of the
capabilities that are offered by the CASE tool. QUESTION: Would you classify the CASE as
upper CASE, lower CASE, or integrated CAS
System projects are notorious for being late and over budget. When should management stop a
project that is late or costing more than the intended budget? Consider this case: Valley
Enterprises opted to implement Voice over Internet Protocol (VoIP) service in its Phoenix,
Arizona, service area. The company has 15 locat

Some companies hire consulting firms to develop the initial project plans and manage the
project, but use their own analysts and programmers to develop the system. Why do you think
some companies do this?

Describe the factors that the project manager must evaluate when a project falls behind schedule.

See Full Question And Answer at solutionrank.com

Describe the principal steps in the planning phase. What are the major deliverables?

A major retail store recently spent $24 million dollars on a large private satellite communication
system that provides state-of-the-art voice, data, and video transmission between stores and
regional headquarters. When an item gets sold, the scanner software updates the inventory
system in real time. As a result, stor

Describe the principal steps in the implementation phase. What are the major deliverables?

Describe three technical skills and three interpersonal skills that would be very important to have
on any project.

What are the purposes of the system request and the feasibility analysis? How are they used in
the project selection process?

See Full Question And Answer at solutionrank.com

In April 1999, one of Capital Blue Cross' health-care insurance plans had been in the field for
three years, but hadn't performed as well as expected. The ratio of premiums to claims payments
wasn't meeting historic norms. In order to revamp the product features or pricing to boost
performance, the company needed to un

Name two ways to identify the tasks that need to be accomplished over the course of a project.

Which phase in the SDLC is the most important?

What is stakeholder analysis? Discuss three stakeholders that would be relevant for most
projects.

Barbara Singleton, manager of western regional sales at the WAMAP Company, requested that
the IS department develop a sales force management and tracking system that would enable her
to better monitor the performance of her sales staff. Unfortunately, due to the massive backlog of
work facing the IS department, her req
See Full Question And Answer at solutionrank.com

What is a service? How does a service differ from a component? How are services similar to
components?

1. Consider the criteria discussed in this chapter for choosing among the adaptive approaches to
system development. Which CSS project characteristics favor a predictive approach? Which
favor the UP? What characteristics might indicate use of a more agile approach? Which approach
is best suited to the CSS development p

What factors are used to determine project size?

The Amberssen Specialty Company is a chain of 12 retail stores that sell a variety of imported
gift items, gourmet chocolates, cheeses, and wines in the Toronto area. Amberssen has an IS
staff of three people who have created a simple, but effective, information system of networked
point-of-sale registers at the stores

What belongs in the project binder? How is the project binder organized?

See Full Question And Answer at solutionrank.com

What is the difference between upper CASE (computer aided software engineering) and lower
CASE?

Examine the technical description of a complex end-user software package such as Microsoft
Office. In what ways was component-based software development used to build the software?

Many companies are undergoing server virtualization. This is the concept of putting multiple
"virtual" servers onto one physical device. The payoffs can be significant: fewer servers, less
electricity, less generated heat, less air conditioning, less infrastructure and administration costs,
increased flexibility, less

Suppose that you are an analyst for the ABC Company, a large consulting firm with offices
around the world. The company wants to build a new knowledge management system that can
identify and track the expertise of individual consultants anywhere in the world on the basis of
their education and the various consulting pr

Describe the differences between a technical lead and a functional lead. How are they similar?

See Full Question And Answer at solutionrank.com

Figure shows the increasing number of communication channels that exist as a team grows from
two members to four members. Using the figure as a guide, draw the number of communication
channels that will be needed in a six-member team. Now, determine the number of
communication channels that will be needed in an eight-p
Reread the "Your Turn 1-2" box (Implementing a Satellite Data Network). Create a list of the
stakeholders that should be considered in a stakeholder analysis of this project.

Compare and contrast the role of a systems analyst, business analyst, and infrastructure analyst.

Consider the similarities and differences between component based design and construction of
computer hardware (such as personal computers) and design and construction of computer
software. Can the “plug-compatible” nature of computer hardware ever be achieved with
computer software? Does your answer depend on the

What are the six general skills all project team members should have?

See Full Question And Answer at solutionrank.com

Compare and contrast extreme programming and throwaway prototyping.

Examine the architecture of a typical consumer-oriented e-commerce Web site such as

Amazon.com. How is service oriented architecture employed within the site?

Create a list of potential risks that could affect the outcome of a project.

Describe how projects are selected in organizations.

What are the trade-offs that project managers must manage?

See Full Question And Answer at solutionrank.com

Describe the major elements and issues with agile development.

What is a function point, and how is it used?

Refer to the project size and lines of code that you calculated in "Your Turn 2A-1."
QUESTIONS: 1. Determine the effort of your project in person-months of effort by multiplying
your lines of code (in thousands) by 1.4. 2. Calculate the schedule time in months for your
project by using the formula 3.0 × person-months

What are the major roles on a project team?

Consider a project to replace the student advisement system at your school with one that employs
modern features (for example, Web-based interfaces, instant reports of degree program progress,
and automatic course registration based on a long-term degree plan). Now consider how such a
project would be implemented using

See Full Question And Answer at solutionrank.com

Why do many projects end up having unreasonable deadlines? How should a project manager
react to unreasonable demands?
Describe the three dimensions of feasibility analysis.

Martin is working to develop a preliminary cost–benefit analysis for a new client-server

system. He has identified a number of cost factors and values for the new system, summarized in
the following tables: Development Costs—Personnel 2 Systems Analysts 400 hours/ea @
$50/hour 4 Programmer Analysts 250 hours/e

List three techniques to reduce conflict.

Compare and contrast object frameworks, components, and service-oriented architecture in terms
of ease of modification before system deployment, ease of modification after system
deployment, and overall cost savings from code reuse. Which approach is likely to yield greater
benefits for a unique application system, suc

See Full Question And Answer at solutionrank.com

Compare and contrast structured design methodologies in general with rapid application
development (RAD) methodologies in general.

What are the steps for assessing economic feasibility? Describe each step.

Describe the principal steps in the analysis phase. What are the major deliverables?

What is the break-even point for the project? How is it calculated?

What is the purpose of an approval committee? Who is usually on this committee?

See Full Question And Answer at solutionrank.com

Why should the system request be created by a businessperson as opposed to an IS professional?

Suppose that you are interested in buying yourself a new computer. Create a cost-benefit analysis
that illustrates the return on investment that you would receive from making this purchase.
Computer-related websites (www.dell.com, www.hp.com) should reveal real tangible costs that
you can include in your analysis. Proj

Describe the major elements and issues with system prototyping.

Imagine that job hunting has been going so well that you need to develop a system to support
your efforts. The system should allow you to input information about the companies with which
you interview, the interviews and office visits that you have scheduled, and the offers that you
receive. It should be able to produc

Describe the major elements and issues with parallel development.

See Full Question And Answer at solutionrank.com

I was once on a project to develop a system that should have taken a year to build. Instead, the
business need demanded that the system be ready within 5 months—impossible! On the first
day of the project, the project manager drew a triangle on a white board to illustrate some
tradeoffs that he expected to occur over

Describe three types of standards, and provide examples of each.

Give three examples of business needs for a system.

What is the formula for calculating the effort for a project?

What are the potential benefits of Model-Driven Architecture?

See Full Question And Answer at solutionrank.com

Describe the principal steps in the design phase. What are the major deliverables?

What is scope creep, and how can it be managed?

What is timeboxing, and why is it used?

Describe two special issues that may be important to list on a system request.

What is an object framework? How is it different from a library of components?

See Full Question And Answer at solutionrank.com

Describe the major elements and issues with iterative development.

Car dealers have realized how profitable it can be to sell automobiles by using the Web. Pretend
that you work for a local car dealership that is part of a large chain such as CarMax. Create a
system request that you might use to develop a Web-based sales system. Remember to list
special issues that are relevant to the

Describe the major elements and issues with the V-model.

Describe how project portfolio management is used by IT departments.

Consider the capabilities of the programming language and development tools used in your most
recent programming or software development class. Are they powerful enough to implement
developmental prototypes for single user software on a personal computer? Are they sufficiently
powerful to implement developmental protot

See Full Question And Answer at solutionrank.com

What are the best ways to motivate a team? What are the worst ways?
I conducted a case study at Carlson Hospitality, a global leader in hospitality services,
encompassing more than 1300 hotel, resort, restaurant, and cruise ship operations in 79
countries. One of its brands, Radisson Hotels & Resorts, researched guest stay information and
guest satisfaction surveys. The company was abl

Consider XP’s team-based programming approach in general and its principle of allowing
any programmer to modify any code at any time in particular. No other development approach or
programming management technique follows this particular principle. Why not? In other words,
what are the possible negative implications

The chapter discussed the benefits of using Agile Development techniques. List and explain the
conditions under which it would be unwise to use an Agile Development methodology such as
XP or Scrum.

What role does iteration play in developing use cases?

See Full Question And Answer at solutionrank.com

Discuss the appropriate way to set up and conduct interviews to elicit requirements.

What is the value of producing a requirements definition and having the project sponsor and key
users review and approve it?

Describe the elements of the use case's basic information section.

What is a met model? How is a met model used?

Why is document analysis useful? What insights into the organization can it provide?

See Full Question And Answer at solutionrank.com

Create a set of use cases for the following health club membership system: When members join
the health club, they pay a fee for a certain length of time. Most memberships are for one year,
but memberships as short as two months are available. Throughout the year, the health club
offers a variety of discounts on its re

At my neighborhood Publix grocery store, the cashiers always handwrite the total amount of the
charge on every credit card charge form, even though it is printed on the form. Why? Because
the “back office” staff people who reconcile the cash in the cash drawers with the amount
sold at the end of each shift find it

Suppose that you are the analyst charged with developing a new system for the university
bookstore with which students can order books online and have them delivered to their dorms
and off-campus housing. What requirements-gathering techniques will you use? Describe in
detail how you would apply the techniques.
Refer to the situation in question G. You have been told that recruiting season begins a month
from today and that the new system must be used. How would you approach this situation?
Describe what you can do as the project manager to make sure that your team does not burn out
from unreasonable deadlines and commitments

Suppose that your university is having a dramatic increase in enrollment and is having difficulty
finding enough seats in courses for students so that they can take courses required for graduation.
Perform a technology analysis to identify new ways to help students complete their studies and
graduate.

See Full Question And Answer at solutionrank.com

Suppose that you are an analyst developing a new information system to automate the sales
transactions and manage inventory for each retail store in a large chain. The system would be
installed at each store and would exchange data with a mainframe computer at the company's
head office. What methodology would you use?

Suppose that you are an analyst developing a new executive information system (EIS) intended
to provide key strategic information from existing corporate databases to senior executives to
help in their decision making. What methodology would you use? Why?

Describe in very general terms the as-is business process for applying for admission at your
university. Collaborate with another student in your class and evaluate the process using informal
benchmarking. Based on your work, list some example improvements that you identified.

Suppose that you are in charge of the project described in question G, and the project will be
staffed by members of your class. Do your classmates have all of the right skills to implement
such a project? If not, how will you go about making sure that the proper skills are available to
get the job done?

Review the initial Holiday Travel Vehicle functional requirements 2-3-2-6 in Figure 3-3. Now,
based on your study of UC-4 in Figure, revise the list of functional requirements to provide more
clarity and detail for the task of evaluating a customer offer.

See Full Question And Answer at solutionrank.com

Shortly after the Gulf War in 1991 (Desert Storm), the U.S. Department of Defense realized that
there were significant problems in its battlefield logistics systems that provided supplies to the
troops at the division level and below. During the Gulf War, it had proved difficult for army and
marine units fighting toget
The state firefighters' association has a membership of 15,000. The purpose of the organization is
to provide some financial support to the families of deceased member firefighters and to organize
a conference each year bringing together firefighters from all over the state. Annually, members
are billed dues and calls.

Discuss the reasons that question design for questionnaires is so difficult.

Pretend that you are going to build a new system that automates or improves the interview
process for the career services department of your school. Develop a requirements definition for
the new system. Include both functional and nonfunctional system requirements. Pretend that
you will release the system in three diff

A system development project may be approached in one of two ways: as a single, monolithic
project in which all requirements are considered at once or as a series of smaller projects
focusing on smaller sets of requirements. Which approach seems to be more successful? Why do
you suppose that this is true?

See Full Question And Answer at solutionrank.com

What is the distinction between an external trigger and a temporal trigger? Give two examples of
each.

Suppose that you are a project manager using the waterfall development methodology on a large
and complex project. Your manager has just read the latest article in Computerworld that
advocates replacing the waterfall methodology with prototyping and comes to your office
requesting you to switch. What do you say?

Discuss how the analyst knows how to stop decomposing the process model into more and more
levels of detail.

Distinguish between business, user, and functional requirements.

Create a set of use cases for the following system: A Video Store (AVS) runs a series of fairly
standard video stores. Before a video can be put on the shelf, it must be catalogued and entered
into the video database. Every customer must have a valid AVS customer card in order to rent a
video. Customers rent videos for

See Full Question And Answer at solutionrank.com

Compare and contrast outcome analysis, technology analysis, and activity elimination. What
general contribution do these strategies play in determining requirements?

How can informal benchmarking contribute to requirements determination?

Explain the process of balancing a set of DFDs.

Create a set of use cases for the process of buying glasses from the viewpoint of the patient, but
do not bother to identify the steps within each use case. (Just complete the information at the top
of the use case form.) The first step is to see an eye doctor who will give you a prescription.
Once you have a prescript

Review the initial Holiday Travel Vehicle functional requirements 2-7–2-8 in Figure. Now,
based on your study of UC-5 in Figure, revise the list of functional requirements to provide more
clarity and detail for the task of delivering the vehicle to the customer.

See Full Question And Answer at solutionrank.com

Is the primary purpose of requirements determination to discover facts or to discover opinions?

Explain your answer.

Discuss the considerations that should be made when determining who to include in interviews
and/or JAD sessions.

Describe the primary roles involved in JAD sessions. What is the major contribution made by the
person(s) fulfilling each role?

How are mutually exclusive data flows (i.e., alternative paths through a process) depicted in
DFDs?

Define what is meant by an external entity in a process model. How should an external entity be
named? What information about an external entity should be stored in the CASE repository?

See Full Question And Answer at solutionrank.com

What is a process model? What is a data flow diagram? Are the two related? If so, how?

Anne has been given the task of conducting a survey of sales clerks who will be using a new
order entry system being developed for a household products catalog company. The goal of the
survey is to identify the clerks' opinions on the strengths and weaknesses of the current system.
There are about 50 clerks who work in

Create a set of use cases for the following high-level requirements in a housing system run by the
Campus Housing Service. The Campus Housing Service helps students find apartments. Owners
of apartments fill in information forms about the rental units they have available (e.g., location,
number of bedrooms, monthly ren

Why do we outline the major steps performed in the use case?

Give an example of a closed-ended question, an open-ended question, and a probing question.

When would each type of question be used?

See Full Question And Answer at solutionrank.com

What is the meaning of analysis? What is the purpose of the analysis phase of the SDLC?

Describe two ways to handle a situation in which there are a large number of use cases.

What is the purpose of an event-response list in the process of developing use cases?

Define what is meant by a data store in a process model. How should a data store be named?
What information about a data store should be stored in the CASE repository?

What is the purpose of stating the primary actor for the use case?

See Full Question And Answer at solutionrank.com

Early in my consulting career I was sent to a client organization with the goal of interviewing the
only person in the organization who knew how the accounts receivable system worked, and
developing documentation for that system (nonexistent at the time). The interviewee was on
time, polite, and told me absolutely noth

Compare and contrast duration analysis and activity based costing. What role do these activities
play as analysis strategies?

Review the Amazon.com Web site. Develop the requirements definition for the site. Create a list
of functional business requirements that the system meets. What different kinds of nonfunctional
business requirements does the system meet? Provide examples for each kind.

Suppose that a process on a DFD is numbered 4.3.2. What level diagram contains this process?
What is this process's parent process?

Barry has recently been assigned to a project team that will be developing a new retail store
management system for a chain of submarine sandwich shops. Barry has several years of
experience in programming, but has not done much analysis in his career. He was a little nervous
about the new work he would be doing, but w

See Full Question And Answer at solutionrank.com

Create a set of use cases for the following system: Of-the-Month Club (OTMC) is an innovative
young firm that sells memberships to people who have an interest in certain products. People pay
membership fees for one year and each month receive a product by mail. For example, OTMC
has a coffee-of-themonth club that sends

Explain the relationship between a DFD level 0 diagram and DFD level 1 diagram(s).

How do use cases relate to the requirements stated in the requirements definition?

Should a use case be prepared for every item on the event-response list? Why or why not?