Certification Summary | MCSD Analyzing Requirements and Defining .NET Solutions Architectures Study Guide (Exam 70-300 (Certification Press)

In this chapter, we discussed the gathering and analysis of business requirements. We started with the examination of the current business state. To examine the current business state, you have to start by examining business process, organization structures, and position. The examination of market position includes the assessment of the industry, competing markets, and the current reach and scope of the business.

Next, after gathering information about the business, we need to start the process of gathering requirements from the user’s point of view. Some techniques that were discussed were interviewing, prototypes, and user surveys. With each of these techniques there are different advantages and drawbacks. They have to be carefully weighted into the current situation. After starting the requirement-gathering process, the identification of dependencies with other systems and outside systems is important for determining features and extensibility requirements. We next examined different types of design goals and their impact. The definition of data requirements led to the creation of data flow diagrams (DFD).

To refine the process further, use cases and usage scenarios are created. We then examined the requirements of a global application. This included the examination of what is required for creating a global application, such as localization issues and globalization requirements gathering. Along with these issues is the determination of accessibility requirements on how the application handles using different devices for handicapped individuals and mobile devices.

Lastly, we examined the role of operational requirements. The examination of operational requirements required the viewing of the current state of the technology for the business. This was the examination of maintainability, scalability, availability, reliability, deployment, and security issues at a high-level point of view. Operational requirements do not require the examination of specifics of “how” it will be implemented but the examination of why the requirements are needed and defining constraints for operations.

All of this information is gathered in preparation for the creation of the functional requirements, which will be discussed in the next chapter. This chapter should provide adequate basis for gathering and analyzing the specified requirements for your project.

Two-Minute Drill

Gathering and Analyzing Business Requirements

Use case diagrams define a sequence of actions a system performs that yields an observable result of value to a particular actor.
High-level requirements define tasks that drive processes. The focus is on business requirements.
The actor is an individual or group of individuals that interacts with the system.
User profiles identify categories of users and determine tasks that are performed. This would also include expectations and skill levels.
Market analysis is the examination of the business to determine its strengths and weaknesses in the marketplace.
Competitive analysis is the examination of the market competition within the business’s target range.
Examine current legislature to determine if new or existing legislation rules determine constraints and processes.
Industry regulation information defines standards and rules that define how the business operates.
An interview is a one-on-one session with individual users.
A user survey is a non-intrusive mechanism to get information about the system.
A prototype creates a viewable system to convey understanding of the new system.
User instruction is when the user instructs the interviewer on how they perform their tasks.
Focus groups are a collaboration of different types of users discussing the solution to determine how tasks are performed and gathering information.
Extensibility is the ability of features of an application to evolve over time.
Security is the ability of an application to protect its resources.
Maintainability is the ability of an application to handle small changes.
Reusability is the ability of components of an application to be reused in other systems or within the same system.
Manageability is the ability of an application to be administered.
Scalability is the ability of an application to match increasing demand with an increase in resources.
Availability is the ability of an application to be present and ready for use.
Reliability is the ability of an application to perform in a predictable manner.
Integration is the ability of two different systems to communicate in a predictable manner.
Data flow diagrams describe how data flows within the system.
Data types describe the types of data that are defined and used in the system.
A use case is a sequence of actions a system performs that yields observable results of value to a particular actor.
Use case scenarios are used to describe the flow of events during a use case.
Globalization is the process of designing and developing a solution that functions in multiple cultures/locales.
Localization is the process of adapting a globalized solution to a particular culture/locale.
Accessibility is the ability of an application to handle users with disabilities and other types of viewing devices.
Authentication is the process of discovering and verifying the identity of a principal by examining the user’s credentials and validating those credentials against some authority.
Denial of service means to deny service to invalid users trying to access your application.
Deployment is the process by which you distribute a finished solution on other computers.
Technology review is an analysis of the current hardware and software in place at the business.
Requirements are created if the system needs to integrate with other systems and determine dependencies.
The current and future impact of the hardware, software, and network help determine how the current state of the business technology needs to evolve to meet the solution needs.

Self Test

The following questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully because there might be more than one correct answer. Choose all correct answers for each question.

Gathering and Analyzing Business Requirements

Using Scenario 3.1, identify the appropriate main actors from the case study.

Job seeker account
Database administrator
Network administrator
Warehouse user

You are gathering requirements for the solution. Identify the correct items that describe use cases. (Choose all that apply.)

High-level overview of processes
Use case actors
Defines boundaries for systems
Defines a sequence of events

You are gathering requirements for the solution. Which of the following techniques are valid for gathering information? (Choose all that apply.)

Interviewing
Focus groups
Online presentation
Company meeting

You are gathering and analyzing information about the hardware, software, and network infrastructure. Identify which of the following terms are correct about the interim milestone technology validation. (Choose all that apply.)

Provide input into the design process
Identify issues and technical risks
Identify main business processes
Identify use case constraints

You are analyzing the current business processes. You need to analyze the market position. Which of the following is the correct definition of market position?

The degree to which a business shall protect itself and its sensitive data and communications from accidental, malicious, or unauthorized access or destruction.
Examination of the current environment and external systems and data that the solution will cross processes with.
How the solution handles certain components being intentionally damaged or destroyed. An example would be that the application will not have a single point of failure.
The marketplace in which the business organization currently competes and plans to compete.

You are determining the security requirements for the solution. Identify the correct definition of security requirements.

Specifies the degree to which a business shall protect itself and its sensitive data and communications from accidental, malicious, or unauthorized access or destruction.
Examination of the current environment and external systems and data that the solution will cross processes with.
Defines how the solution handles certain components being intentionally damaged or destroyed. An example would be that the application will not have a single point of failure.
Documents the marketplace in which the business organization currently competes and plans to compete.

You are creating integration requirements for the solution. Identify the correct definition of integration requirements.

Specifies the degree to which a business shall protect itself and its sensitive data and communications from accidental, malicious, or unauthorized access or destruction.
Examination of the current environment and external systems and data that the solution will cross processes with.
Defines how the solution handles certain components being intentionally damaged or destroyed. An example would be that the application will not have a single point of failure.
Documents the marketplace in which the business organization currently competes and plans to compete.

You are creating security requirements for the solution. Identify the correct definition of physical damage requirements.

Specifies the degree to which a business shall protect itself and its sensitive data and communications from accidental, malicious, or unauthorized access or destruction.
Examination of the current environment and external systems and data that the solution will cross processes with.
Defines how the solution handles certain components being intentionally damaged or destroyed.
Documents the marketplace in which the business organization currently competes and plans to compete.

While creating security requirements, identify the correct definition of intrusion security requirement.

Specifies the extent to which a solution shall identify its users and external applications before interacting with them.
Specifies the extent to which the solution shall verify the identity of users and external interactions.
Determines to what degree a business application shall prevent a user or system interaction from denying participation in the interaction.
Specifies how to detect and record attempted access or modification by unauthorized individuals or programs.

10.

You are writing security requirements for the solution. Identify the correct definition of authentication security requirement.

Specifies the extent to which a solution shall identify its users and external applications before interacting with them.
Specifies the extent to which the solution shall verify the identity of users and external interactions.
Determines to what degree a business application shall prevent a user or system interaction from denying participation in the interaction.
Specifies how to detect and record attempted access or modification by unauthorized individuals or programs.

11.

While creating security requirements, identify the correct definition of authorization security requirement.

Specifies the extent to which a solution shall identify its users and external applications before interacting with them.
Specifies the extent to which the solution shall verify the identity of users and external interactions.
The access and usage privileges of authenticated users and client applications.
Specifies how to detect and record attempted access or modification by unauthorized individuals or programs.

12.

While creating security requirements, identify the correct definition of immunity security requirement.

Specifies the extent to which a solution shall identify its users and external applications before interacting with them.
Specifies the extent to which the solution shall verify the identity of users and external interactions.
Determines to what degree a business application shall prevent a user or system interaction from denying participation in the interaction.
Specifies how to detect and record attempted access or modification by unauthorized individuals or programs.

13.

You are gathering requirements for the application. While examining the design goals of the solution, identify the correct example of an availability requirement.

The average person-time required to fix a category 3 defect (including regression testing and documentation update) shall not exceed two person-days.
The average person-time required to make a significant enhancement (including testing and documentation update) during the development of a major new version of the application shall not exceed five person-weeks.
The application shall not have a single point of failure.
Credit card authorizations shall have an operational availability of 99.99 percent.

14.

Which of the following is the correct reliability requirement?

The application shall be usable by persons with mild cognitive disabilities.
The average person-time required to fix a category 3 defect (including regression testing and documentation update) shall not exceed two person-days.
The application’s mean time between failures shall be at least one month.
The average effort required by a typical user to install the application shall not exceed 15 minutes.

15.

You are gathering requirements for the application. Identify the correct definition of maintainability requirement.

The application shall not have a single point of failure.
The application shall be usable by persons with mild cognitive disabilities.
The average effort required by a typical user to install the application shall not exceed 15 minutes.
The average person-time required to fix a category 3 defect (including regression testing and documentation update) shall not exceed two person-days.

16.

You are gathering requirements for the application. Identify the correct definition of scalability requirement.

All timestamps associated with user interactions shall be accurate to the nearest second.
The application shall be usable by persons with mild cognitive disabilities.
The average effort required by a typical user to install the application shall not exceed 15 minutes.
The application shall be able to scale as specified in the following table:

Release	Open Sales	Sales Per Year	Total Employees	Total Customers	Simultaneous Interactions
0	10	N/A	10	10	10
1	10,000	50,000	50	500,000	10,000
2	25,000	250,000	250	5,000,000	50,000
3	100,000	1,000,000	500	10,000,000	250,000

17.

You are gathering requirements for the application. Identify the correct definition of deployment requirement. (Choose all that apply.)

All timestamps associated with user interactions shall be accurate to the nearest second.
The average person-time required to make a significant enhancement (including testing and documentation update) during the development of a major new version of the application shall not exceed five person-weeks.
The average effort required by a typical user to install the application shall not exceed 15 minutes.
The user should be authenticated before using the application.

18.

You are preparing to gather requirements for the solution. Which of the following interviewing techniques would be less intrusive to the users? (Choose all that apply.)

Interviewing
Shadowing
User surveys
Online chat
Having users teach you

19.

You are preparing to gather requirements for the solution. Which of the following interviewing techniques is the examination of artifacts? (Choose all that apply.)

Interviewing
User surveys
Focus groups
Existing documentation and diagrams

20.

You are preparing to gather requirements for the solution. Which of the following techniques allows for group communication and collaboration of users? (Choose all that apply.)

Interviewing
Prototyping
User instruction
Focus groups

21.

You are preparing to gather requirements for the solution. What are important attributes to consider when examining techniques for gathering information? (Choose all that apply.)

Sensitivity of information
Intrusion into work
Injecting your opinions on how it should work
Cost effectiveness

22.

You are writing requirements from information gathered from customers. Which of the following attributes would be needed when creating requirements? (Choose all that apply.)

Requirement identification
Categorization
Criticality to customer (high, medium, or low)
Globalization

23.

You are starting the initial phase of the project to determine the high-level requirements. What tasks are involved in gathering the high-level requirements? (Choose all that apply.)

Use techniques such as interviewing, observing, and prototyping
Identify category of users
Identify the importance of requirements
Evaluate user skill levels

24.

You are interviewing users and analyzing their needs. What tasks are involved with gathering the user profiles? (Choose all that apply.)

Use techniques such as interviewing, observing, and prototyping
Identify category of users
Identify the importance of requirements
Evaluate user skill levels

25.

You are processing information gathered from the users and have some reporting samples to examine. Which items are correct about data types? (Choose all that apply.)

Attributes
Initial default values
Range (i.e., possible values)
Understand the meaning of the data specified within the requirements

Answers

1.	A. From the case study, the job seeker account is the only valid option from the list. The other options would be supporting actors. x B, C, and D. Database administrator and network administrator would not be considered main actors for the system. They are not the primary users of the system. The warehouse user does not exist in this use case.
2.	A, B, and C. The high-level overview of the processes, use case actors, and boundaries for systems are the essential elements of a business use case. x D. The sequence of events is a lower-level detail that is contained in the use case scenario instead of in high-level use cases diagrams.
3.	A and B. Interviewing and focus groups are valid techniques for gathering information. x C and D. Online presentation is a technique of instructional teaching. A company meeting is not designed for user feedback, which is the main use of gathering information.
4.	A and B. Providing input into the design process and identifying issues and technical risks are correct elements of the technology validation milestone. x C and D. Identifying the main business processes and use case constraints are tasks for other milestones in the envisioning phase.
5.	D. Determining the marketplace in which the business competes is the correct definition of market position requirement. x A, B, and C. These are definitions of security, integration, and survivability requirements.
6.	A. Security requirements specify the degree to which a business shall protect itself. x B, C, and D. These are definitions of integration, survivability, and market position requirements.
7.	B. Integration requirements examine the current environment and external systems that interact with it. x A, C, and D. These answers identify security, survivability, and market position requirements.
8.	C. Identifying how the solution handles components being intentionally damaged is the correct definition of physical damage requirement. x A, B, and D. These define security, integration, and market position requirements.
9.	D. Intrusion security requirements look at how to detect and record attempts and modifications from unauthorized users and programs. x A, B, and C. A defines an identity security requirement. B is an authorization security requirement, which follows in the security process after authentication. C defines a nonrepudiation security requirement.
10.	B. The identification of users and systems is an authentication requirement. This requirement starts the security process. x A, C, and D. These answers define identity, nonrepudiation security, and intrusion security requirements.
11.	C. Authorization security requirements define how to verify the users to the system. This follows after security authentication. x A, B, and D. These answers define identity, authentication security, and intrusion security requirements.
12.	D. Immunity requirements define how the solution can protect itself from computer viruses and worms. x A, B, and C. These answers define identity, authentication security, and nonrepudiation security requirements.
13.	D. Availability requirements help minimize the downtime of applications. x A, B, and C. These are examples of maintainability and reliability requirements.
14.	C. Reliability requirements specify how reliably the solution performs. x A, B, and D. These are examples of accessibility, maintainability, and deployment requirements.
15.	D. Maintainability requirements define how quickly bugs or errors are supposed to be repaired and redeployed. x A, B, and C. These are examples of survivability, accessibility, and deployment requirements.
16.	D. Scalability requirements determine how the application will scale to increase performance. x A, B, and C. These are examples of correctness, accessibility, and deployment requirements.
17.	C. Deployment requirements determine how the solution is deployed and the resource and time constraints required. x A, B, and D. These answers define correctness, maintainability, and security requirements.
18.	C. User surveys are an interviewing technique that involves minimal interaction from the user. This allows the user to perform the task during their free time and does not interrupt their daily routine. x A, B, D, and E. Interviewing, shadowing, online chats, and having the users teach you are very intrusive gathering techniques that require more interaction from the user. These techniques require the user to make changes in their daily routines.
19.	B and D. The definition of artifacts is documents that can be examined. The user surveys and existing documents are classified as artifacts. x A and C. Interviewing and focus groups have the primary focus of examining information from multiple users’ point of view.
20.	D. Focus groups are the only information-gathering technique that involves group discussion. x A, B, and C. Interviewing and user instruction are one-on-one interactions. Prototyping is used to present information if necessary to a focus group to show how a part of the system will work.
21.	A, B, and D. Sensitivity of information, intrusion into work, and cost effectiveness are correct considerations when gathering requirements with users. x C. Injecting your opinions on how the solution should work is incorrect because the interviewer or gatherer of information is supposed to be subjective.
22.	A, B, and C. Requirement identification, requirement category, and criticality are very important characteristics of requirements. x D. Globalization is actually a type of requirement, not an attribute of requirements.
23.	A and C. Gathering information and prioritization of requirements are appropriate tasks for creating high-level requirements. x B and D. The identification of users and evaluation of user skill levels are used when creating user profiles.
24.	B and D. Identifying the category of users and evaluating user skill levels are descriptions of user profiles. x A and C. Using techniques like interviewing and identifying the important requirements are tasks for gathering high-level requirements.
25.	A, B, and C. Attributes, default values, and possible ranges are correct descriptions of data types. Data types are types of information the solution uses to handle information. x D. Understanding the meaning of the data specified within the requirements is not at a detailed level that data types are defining.

Lab Question

RecruitmentService.net is an online employment agency dedicated to serving employers and job seekers. RecruitmentService.net maintains information on 50,000 jobs and over 75,000 resumes globally, and has a monthly subscription client base. RecruitmentService.net is headquartered in Chicago and has 150 employees. The year 2001 resulted in annual revenues of $5 million. RecruitmentService.net is undertaking a major renovation of their system, and it has hired you as a consultant as it considers the merits of using .NET-supported technologies and the .NET framework for the next version of their system.

Existing IT Environment

RecruitmentService.net has ten web servers, all of which run Windows 2000 Server. The web sites are built on Pentium III 500 MHz servers with 512 MB of memory, which use IIS 5.0. The data tier consists of a two-node cluster of dual-processor machines running Windows 2000 Advanced Server and SQL Server 7.0. The RecruitmentService.net application was developed using Visual Basic 6, ASP, and SQL. Some of the business functionality is encapsulated into COM objects.

Business Process

RecruitmentService.net is completely dependent on the web servers. To maintain the competitive advance, continuous availability of the entire site is required. Download speed of the HTML and ASP pages is critical to the business. Employers input their job postings to the web site, and the web development content approval team verifies the posting information. The web team then generates a job seekers database. Job seekers have read-only access to the database data. Network administrators maintain the SQL server. RecruitmentService.net would like to both simplify and improve the method by which information is exchanged with employers and job seekers. For example, they would like to make it easier for employers with multiple job openings to submit those listings in a batch, instead of requiring that they fill out a job posting form for each opening. They would also like to allow job seekers to read job postings and check on the status of applications via web-enabled cell phones and other wireless devices.

Interviews

CEO

As the web site grows, so must the increase in performance to meet the needs of today’s user. We must also maintain 100 percent uptime. Though we have clients and users all over the world, up to now we have primarily served the English-speaking world. We are ready to begin expanding into other cultures, and would like to test a Spanish version of our site within the next six months, to be followed soon thereafter by a German version, and then a French version.

Chief Technology Officer

The system must support scalability. With anticipated growth, RecruitmentService.net must be able to add new machines into its racks with minimal cost and no system downtime. The system needs to handle a peak of 1,000 new records of incoming data per hour. We had some requests from large clients, especially those who use non-Windows systems such as Unix and IBM mainframes, to improve the way data can be exchanged between systems. We recently had a large international client post 125 job descriptions, and because of incompatibilities in our system, we had to enter each job listing manually. We suspect XML may be a good solution to this kind of problem. Whatever solution we choose, we would like a database to be able to create data directly in a format we could share with our clients. The following products will be implemented: Windows 2000 Server for the web tier, and Windows 2000 Advanced Server for the infrastructure and data tier. The web servers will continue to run IIS 5.0. We are open to whatever software and hardware we may need to add, provided the switch to .NET makes sense and supports all of our intended functionality. Three times a week the IT department at RecruitmentService.net runs a stored procedure that attempts to locate the redundant accounts, deletes accounts that have been inactive for more that a year, and creates a list of users to receive certain targeted e-mails. This procedure may affect several thousand records in a space of a few minutes.

1.	What type of requirement is the following: “RecruitmentService.net must be able to add new machines into its racks with minimal cost and no system downtime.” Deployment Maintainability Security Scalability
2.	By examining the case study, what type of requirement is met by allowing other means of entering data? Security Globalization Integration Localization
3.	Using the case study, what is a correct example of a globalization requirement? The information should be displayed in English. It should support Spanish and French text. Translator staff is required for each language to determine the culture correctness of the information.
4.	Using the case study, identify the correct example of an integration requirement. RecruitmentService.net must be able to accept data from Unix and IBM systems. The application will be web-based. The web site cannot have any downtime.
5.	Upon examination of the current state of technology, what needs upgrading, assuming web services will be implemented? .NET framework added Additional server hardware Additional user workstations Not applicable to project solution

Answers

1.	D. Scalability is correct because it is the only requirement in the list that details how the system should act toward scaling the application. x A, B, and C. Deployment, maintainability, and security requirements do not pertain to scaling the solution.
2.	C. Integration requirements deal with the interchange of data between systems. x A, B, and D. Security, globalization, and localization are incorrect types of requirements to handle this situation. They do not address how to handle the interchange of data between systems.
3.	C. Requiring translator staff for each language to determine the culture correctness would be defined in a globalization requirement. x A and B. Displaying information in English and supporting Spanish and French text would be defined in localization and internationalization requirements.
4.	A. The integration requirement is the integration between different systems. Thus being able to accept data from Unix and IBM systems would be valid integration requirement examples. x B and C. Requiring that the application will be web-based is a user requirement. Requiring that the web site cannot have any downtime is a maintainability requirement.
5.	A and B. To accomplish the required goals, it is necessary to install the .NET framework and upgrade the server hardware. x C and D. Adding user workstations may not be necessary because we do not have enough information to determine if additional internal users will be needed. D is not a valid option in this situation.