q

Software Construction
Questions Bank
Choose the right answers
1. What is software?
a) set of programs b) documentation and configuration of data
c) set of programs, documentation & configuration of data d) None of the mentioned
2. Which of these software engineering activities are not a part of software processes?
a)Software dependence b) Software development
c) Software validation d) Software specification
3. Which of these is true?
a) Generic products and customized products are types of software products
b) Generic products are produced by organization and sold to open market
c) Customized products are commissioned by particular customer
d) All of the mentioned
4. Early increments act as a prototype to help elicit requirements for later increments.
a)true b)false
5. A weakness in a computer-based system that may be exploited to cause loss or harm is known as?
a. Vulnerability b. Attack c. Threat d. Exposure
6. A password checking system that disallows user passwords that are proper names or words that are normally
included in a dictionary is an example of ___________ with respect to security systems.
a. Risk b. Control c. Attack d. Asset
7. At which stage of risk analysis specification, the additional security requirements take account of the
technologies used in building the system and system design and implementation decisions?
a. Preliminary risk analysis b. life-cycle risk analysis
c. Operational risk analysis d. All of the mentioned
8. Which of the following known as the ability of the system to deliver service as specified?
a. Availability b. reliability c. security d. safety
9. Which one of the following threats allow an attacker to make part of the system unavailable?
a. Interruption b. Interception c. Fabrication d. Modification
10. A system resource that has a value and has to be protected is known as
a. Asset b. Control c. Vulnerability d. Attack
11. The records of each patient that is receiving or has received treatment resembles which security concept?
a. Asset b. Threat c. Vulnerability d. Control
12. Circumstances that have potential to cause loss or harm is known as
a. Attack b. Threat c. Vulnerability d. Control
13. Threats that allow an attacker to insert false information into a system known as ….
a. Interruption b. Interception c. Fabrication d. Modification
14. The determination of the identity or role that someone has Known as….
a. Authentication b. Authorization c. Accounting d. Intrusion detection
15. In computer security, ……. means that the information in a computer system only is accessible for reading by
authorized users
a. Confidentiality b. Integrity c. Availability d. Authenticity
16. Possible loss or harm to a computing system known as……………………..
a. Attack b. Vulnerability c. Threat d. Exposure
17. Which security requirements used to specify what mechanisms should be used to detect attacks on the system?
a. Security auditing b. Immunity c. Non-repudiation d. Intrusion detection
18. Which security requirements used to specify how a system should protect itself against viruses, worms, and
similar threats?
a. Authentication b. Immunity c. Non-repudiation d. Intrusion detection
19. Which security requirements used to specify that a party in a transaction cannot deny its involvement in that
transaction?
a. Privacy b. Integrity c. Non-repudiation d. Intrusion detection
20. Which security design guideline means that you should not rely on a single mechanism to ensure security;
rather, you should employ several different techniques?
a. Avoid a single point of failure b. fail securely c. Compartmentalize your assets d. Log user actions
21. Which of these is true?
a. Interruption threats allow an attacker to make part of the system unavailable.
b. Fabrication threats attackers alters or destroys data.
c. Modification threats allow an attacker to add false information to system
d. Interruption threats allow an attacker to gain access to an asset.

22. In computer security … means that computer system assets can be modified only by authorized parities.
a. Confidentiality b. Authenticity c. Availability d. Integrity
23. Which risk assessment process assesses the potential losses associated with each asset?
a. Feasibility assessment b. Asset value assessment c. Attack assessment d. Exposure assessment
24. Which risk assessment process decompose threats into possible attacks on the system and the ways that these
may occur?
a. Threat identification b. Asset value assessment c. Attack assessment d. Exposure assessment
25. Which security design guideline means that you keep multiple copies of data?
a. Avoid a single point of failure b. fail securely c. Compartmentalize your assets d. Use redundancy

26. Which security design guideline means that you should organize the system so that assets are in separate areas?
a. Avoid a single point of failure b. fail securely c. Compartmentalize your assets d. Use redundancy
27. A security test in which a tester looks for ways to exploit vulnerabilities and gain access to a system and include
a post-test report describing vulnerabilities to the developer/programmer. known as
a. Ethical Hacking b. Scanning c. Exploitation d. Confidentiality
28. Which of the following tool used to scan the ports on each of the IP addresses ?
a. Whois b. harvester c. Nmap d. Hmap
29. Which phase concerned with gathering information’s in pen test?
a. Reporting b. Reconnaissance c. Pre engagement d. Scanning
a. Malicious software b. Security software c. Bad software d. Dependable software
30. The probability that the system will be up and running and able to deliver useful services to users known as ….
a. Security b. Availability c. Error tolerance d. Reliability

31. The system’s ability to protect itself from external attacks which may be accidental or deliberate known as ……
a. Safety b. Usability c. Security d. Reliability
32. Which of the following is true with respect to the harvester tool?
a. The harvester is a web-based tool used to obtain information about subdomains of the target.
b. The harvester used to scan the ports on each of the IP addresses.
c. The harvester retrieves emails, subdomains, and hosts that are associated with the target.
d. The harvester identify which ports are open and determine what services are available on our target system.
33. Which phase resembles knocking on the various doors and windows of a house and seeing who answering in
pen test?
a. Reporting b. Reconnaissance c. Pre engagement d. Scanning
34. In MVC pattern which component manages how the data is presented to the user?
a. View b. Controller c. Model d. View and model
35. In MVC pattern which component manages user interaction?
a. View b. Controller c. Model d. View and model
36. Which architecture pattern describes how a set of interacting components can share data?
a. Model-view-controller b. Architecture pattern c. Repository pattern d. Client server pattern
37. Which of the following pattern is the basis of interaction management in many web-based systems?
a. Model-view-controller b. Architecture pattern c. Repository pattern d. Client server pattern
38. If ……….is a critical requirement, a layered structure for the architecture should be used.
a. Performance b. Usability c. Reliability d. Security
39. In MVC pattern which component manages the system data and associated operations on that
data?
a. View b. Controller c. Model d. View and model
40. In Pipe and filter architecture filter is
a. Data Flow b. Component c. Connector d. None of the mentioned
41. Which phase concerned with plan and prepare the scope of the penetration test?
a. Reporting b. Reconnaissance c. Pre engagement d. Scanning
42. Which of the following property does not correspond to a good Software Requirements Specification
(SRS)?
a. Verifiable b. Ambiguous c. Complete d. Traceable
43. Scenarios that represent malicious interactions with a system is …….
a. Test case b. Misuse cases c. Up use case d. Use case
44. The ability of system to work without catastrophic failures ……

a. Maintainability b. Usability c. Security d. Safety

45. Data input to the Cipher or output from the Inverse Cipher.

a. Ciphertext b. Cipher text c. Plaintext d. Black text

46. In the _____ development process, the various phases of development are completed sequentially; one after
the other.
A) iterative B)waterfall C) agile D) spiral
47. User requirements are expressed as ……..in Extreme programming
A) Implementation task B)User stories C) Functionality D) Test case
48. Acceptance testing is also known as
a. Grey box testing b. White box testing c. Alpha Testing d. Beta testing
49. Beta testing is done at
b. User’s end b. Developer’s end c. User’s & Developer’s end d. tester’s end
50. Unit testing is done by
Users b. Developers c. Customers d. Debugger
51. Which of the following term describes testing?
a. Modifying a program after it has been put into use
b. Specifications of the inputs to the test and the expected output from the system
c. Executing a program with the intention of finding errors
d. Analysis of the static system representation to discover problems
52. White Box techniques are also classified as
a. Design based testing b. Structural testing c. Error guessing technique d. Specification based testing
53. Which of the following is Black box technique?
a. Equivalence partitions b. Statement coverage c. Exhaustive testing d. Beta testing
54. Alpha testing is done at
a. User’s end b. Developer’s end c. User’s & Developer’s end d. System’s end
55. In agile methods, the user/customer is
a. Alpha tester b. Beta tester c. System tester d. Management tester
56. Test Suite is …..
a. Specifications of the inputs to the test and the expected output from the system
b. A set of test cases for a system
c. The inputs that have been devised to test a system.
d. Stories to be tested
57. Which of the following is said to be the inability of the system to perform the desired task?
a. Error b. Fault c. Failure d. Bug
58. Testing an application under extreme workloads Know as……
a. Load testing b. Stress testing c. System testing d. Regression Testing
59. The process of testing individual components in isolation Know as ….
a. Unit test b. Integration test c. System test d. Object test
60. Specifications of the inputs to the test and the expected output from the system know as …..
a. Test data b. Test cases c. Test scenarios d. Test suite
61. Testing with tries to find all errors by using every possible inputs know as….
a. Regression Testing b. Exhaustive testing c. Integration Testing d. Unit Testing
62. Which of the following statements about software inspections is true ?
a. Software inspections can check non-functional characteristics such as performance, usability
b. Software inspections require execution of a system
c. Software inspections is dynamic verification
d. Software inspections may be applied to any representation of the system
63. Verification means ……….
a. The software should conform to its specification.
b. The software should do what the user really requires.
c. Are we building the right product
d. None of the mentioned
64. Validation means ……….
a. The software should conform to its specification.
 b. The software should do what the user really requires.
c. Are we building the product right
d. None of the mentioned
65. ……………… tests are designed to validate functional requirements without regard to the internal working of
program.
a. White-box test b. Control structure test c. Black-box test d. Gray-box test
66. Which of the following statements about release testing is true?
a. Release testing is usually a black-box testing process where tests are derived from the program’s
implementation
b. In some companies, Release testing may involve a separate testing team with no involvement from designers
and programmers.
c. Release testing is the process of testing a particular release of a system that is intended for use outside of the
development team.
d. It should focus on testing the functionality of objects or methods.
67. Which test refers to the retesting of a unit, integration and system after modification, in order to ascertain that
the change has not introduced new faults?
a. Integration testing b. Beta testing c. System testing d. Regression Testing
68. Which automated testing part comparing the result of the called object with the expected result?
a. A setup part b. An assertion part c. A call part d. Both assertion and call parts
69. Which of the following determines maximum user load the software application can handle?
a. Stability b. Scalability c. Throughput d. Speed
70. What is the purpose of the evolution phase in the waterfall model?
A) Changing the system in response to changing customer needs.
B) Defining what the system should do
C) Defining the organization of the system and implementing the system
D) Checking that it does what the customer wants
71. The name given to the general process of managing a changing software system is ….
a. Reuse b. Configuration management
c. Development management d. Integrated development environments

72. When Software written in such a way so that it can evolve to meet the changing needs of
customers this known as …….
a. Efficiency b. Dependability c. Security d. Maintainability

73. Open source licensing model that called ‘reciprocal’ license that means that if you use open
source software then you must make that software open source is …..
a. The GNU General Public License (GPL)
b. The GNU Lesser General Public License (LGPL)
c. The Berkley Standard Distribution (BSD) License
d. none of the mentioned

74. Subversion is a widely used example of a centralized Version control systems. (T/F)

75. In customized products the specification of what the software should do is owned by ……
a. Customer b. Developer c. Tester d. none of the mentioned