Certification Summary

1.

The technical team has diagnosed that the web application gets very slow when more than 1,000 people are concurrently using the application. Choose the correct methods to scale the application without adding additional servers.

1. Add more processors

2. Add more servers

3. Upgrade to a more powerful computer

4. None of the options available

2.

While consulting with a client to design a scalable web application, what should be considered?

1. Design synchronous processes

2. Design processes that do not compete for resources

3. Design components for interchangeability

4. Partition resources and activities

3.

The solution that is being designed needs to run 24 hours a day and 7 days a week. Which of the following considerations are correct?

1. Reduce planned downtime

2. Reduce unplanned downtime without clustering

3. Use network load balancing

4. Use queuing

1.

A and B. These options are for scaling up. Scaling up either upgrades components or replaces machines with more powerful machines.
x C and D. Adding more servers is incorrect because this is a scaling out option.

2.

B, C, and D. Designing processes that do not compete for resources allows for a minimum set of hardware and increases performance. Partitioning resources and activities allows applications to minimize the shared resources needed.
x A. Synchronous processes are an incorrect process type for scalability; it should be asynchronous.

3.

A, C, and D. The purpose of availability is to keep an application running continuously. This can be performed by reducing planned downtime, using network load balancing, and queuing.
x B. Clustering is a needed option for availability. Clustering allows applications to shut down a machine in the cluster and still maintain the services needed.

4.

The current application’s availability is about 50 percent. The application needs to be redesigned to reduce the planned downtime. Which are the correct techniques?

1. Promote untested code to production

2. Take all servers off-line for updates

3. Use clustered servers

4. Use network load balancing

5.

While identifying requirements for the new application, you want to show the customer the importance of reliability considerations. Which of these items are correct?

1. Deploy untested code

2. Prevent operational errors

3. Prevent lost revenue and customers

4. Isolate mission-critical applications

6.

The client is having problems with code that consistently has errors and is designed incorrectly. What techniques can be suggested to improve the reliability of the application?

1. Lack of requirements documents

2. Using quality development tools

3. Lack of quality software engineering processes

4. Implementing error handling

7.

After gathering requirements for the new solution, you are asked to identify performance requirements and techniques for the new solution. Which of these apply?

1. Apply forms authentication

2. The # of orders that can be created in an hour

3. Implement performance counters in the application

4. Use existing technology investments

8.

You are writing the technical specifications document for your solution. The customer needs to understand the need for interoperability with the existing mainframe, which stores its current order data. Which of these concepts are correct?

1. Ignore existing technologies

2. Remove the mainframe hardware

3. Enable optimal deployments

4. Use existing investments

9.

The new application being designed needs to support multiple languages. What must be identified in the technical specifications document on how to prepare the application for globalization?

1. Update user documentation

2. Design features that support those cultures and locales

3. Write code that executes properly in all of the supported cultures and locales

4. Performance monitoring

4.

C and D. When planning downtime, you want to minimize the time services are not available. Using rolling updates allows for the release of updates in phases. Clustering and load balancing allow machines to be taken down without loss of services.
x A and B. Taking all the servers off-line makes services completely unavailable and can negatively affect business. Putting untested code into production will eventually lead to downtime for fixing bugs.

5.

B and C. Reliability is concerned with the correctness of the application. Applications that contain errors in code and in operational logic can be very costly to fix and maintain.
x A and D. Isolating mission-critical applications is an availablity design goal. Deploying untested code is one of the major reasons for establishing reliable code.

6.

B and D. Implementing reliability goals for an application requires error handling, quality testing, and reuse of reliable components.
x A and C. Lack of quality software engineering is a cause of reliability failure.

7.

B and C. Performance requirements are concerned with identifying critical features that need to have metrics assigned to how they perform.
x A and D. The use of existing technology investments is not a design goal of performance. Applying forms authentication is a security requirement.

8.

C and D. Interoperability is the leveraging of existing hardware and software that can exist in different environments and require various protocols for communication.
x A and B. Ignoring existing technologies is very costly and time consuming. Removing the mainframe hardware is not an option in this situation; the goal is to preserve the hardware.

9.

B and C. Globalization is the beginning of the process of localization. To create a world-ready application requires the preparation of resource files and identifying features that are culturally correct.
x A and D. Performance monitoring is clearly an incorrect globalization consideration. Updating user documentation is a factor, but is not correct for this stage of the project.

10.

After creating the functional specifications, the customer is asking what the next step is in the process. Identify the purposes of the development plan.

1. Determine development objectives

2. Determine vision of project

3. Document guidelines and standards

4. Identify design patterns to be used

11.

You are creating the technical specifications document. Identify for the support team the purpose of the test plan.

1. Implement testing

2. Identify methodologies

3. Identify tools

4. Identify versioning and source control standards

12.

You are writing the deployment plan for the new application. What are the correct items that are needed to be identified in the deployment plan?

1. Determine licensing

2. Architecture

3. Resource threshold monitoring

4. Installation instructions

13.

You are writing the technical specifications document. Identify the correct items about the technical specifications.

1. Define scope of work

2. Define configuration settings

3. Define user training

4. Define assembly names

14.

You are writing the functional specifications document. The user is trying to understand the purpose of this document. Identify the correct items about the functional specifications document.

1. Consolidate a common understanding of the business and user

2. Develop an incomplete product

3. Break down the problem and modularize the solution logically

4. Serve as a contract between the team and the customer for what will be delivered

15.

While writing the functional specifications document, identify the correct risks associated with not creating functional specifications.

1. Developing a solution that does not completely address the customer requirements

2. Unable to clearly define customer expectations

3. Lower risk because it is unnecessary

4. Unable to validate solution to customer requirements

16.

You are writing the functional specifications document. The first step in conceptual design is the analysis phase. Identify the correct items about this phase.

1. Reviewing the user and business research

2. Documenting and modeling the context, workflow, task sequence, and environmental relationships

3. Defining candidate requirements

4. Validating and testing the improved business processes

17.

You are in the process of restating the business requirements gathered in the initial phase of the project. Identify the common characteristics of the restated requirements.

1. Requirements must be incomplete sentences not using will, may, must, or should.

2. Requirements should be clear and concise.

3. Requirements created in a testable manner.

4. Organized in a hierarchy of related requirements

18.

You are in the process of restating the business requirements gathered in the initial phase of the project. During the restatement of requirements, they are grouped into categories. Identify the main categories of requirements.

1. User

2. System

3. Operations

4. Support

19.

The current application is not very secure. The new application will be used by a broader range of users and systems within the organization. You are writing the technical specifications document and need to identify security strategies for the application. Identify the correct security strategies.

1. Trust external input

2. Apply the principle of most privilege

3. Rely on tested and proven security systems

4. Default to secure mode

20.

You are writing the functional specifications for the new application. The existing application had many security problems. Identify the correct security principles associated with STRIDE.

1. Spoofing identity

2. Repudiation

3. Information tampering

4. Degradation of privileges

10.

A, C, and D. The development plan is the road map for the design, standards, and features of the application.
x B. The vision must be clearly defined before creating the development plan and finalizing the business requirements.

11.

B and C. The test plan identifies what will be tested, how it will be tested, and what types of results are needed.
x A and D. Identifying versioning and source control standards is a development plan element. Testing happens during the development stage.

12.

A, B, and D. Deployment plans are used to determine what is needed to deliver the product to production, how this will be accomplished, and who is responsible for the deployment and support.
x C. Resource threshold monitoring is an important technique for performance testing and requirements.

13.

A, B, and D. The technical specifications document identifies what work will be performed and how the environments will be set up.
x C. The technical specifications are not concerned with user training because this is handled by the deployment plan.

14.

A, C, and D. The functional specifications document is generally a contract between the project team and the customer to determine if all features are defined correctly, and is presented in business terms.
x B. Developing an incomplete product is always a danger associated with not gathering proper requirements.

15.

A, B, and D. By not creating the functional specifications, you run the risk of developing a solution that meets the requirements but is unusable or creating a solution then finding out too late that the business processes were incorrect.
x C. Defining candidate requirements is a step performed during the creation of the functional specifications.

16.

A, B, and C. The analysis of the conceptual design is the reexamination of the original requirements and creating a more detailed modeling diagram and requirements.
x D. Validation and testing the improved business process is a task performed later in the optimization of the conceptual design.

17.

B, C, and D. Restating business requirements is the breaking down of requirements into simpler forms and groups. These restated business requirements will be the basis for the test plan.
x A. The requirements should be complete sentences and use will, may, must, or should.

18.

A, B, and C. Requirements are grouped by their functionality, whether they are for the user, for the operation of the application, or for the system.
x D. Support is a subcategory that can fit under the User category.

19.

C and D. Security strategies are designed around the goals of protecting the data and the application. This involves applying the minimal amount of permissions and proven security methods and models.
x A and B. Trusting external input is always a problem. If the external system has information that can change data incorrectly, it would be very difficult to determine if it was authenticated to do this unless security was involved. The principle of most privilege is incorrect; the correct concept is applying security of least privilege. Give the minimal amount of permissions necessary.

20.

A and B. Spoofing identify and repudiation are correct STRIDE principles.
x C and D. Information tampering and degradation of privileges are incorrect STRIDE principles.

1.

Create a C#.NET console application to copy web server log files from remote locations. The application should preprocess the log files and load them into a warehouse table. The information is then generated to rollup information from the warehouse table and populate the report structures. The source servers and file locations will be stored multiple key nodes in the config file that define: A) the web server name, B) the file location of the logs and c) the web site URL that the logs describe traffic for. All temporary files must be destroyed upon completion of processing and all system notifications, success or failure, should be written to the event log. The application config file should define a Panic E-mail key which should be used when a catastrophic failure occurs.

Refine the following requirements:

• The application will be configured by using a configuration file that will determine the characteristics needed for the application to execute.

• The logger application will notify the Panic E-mail Address when catastrophic errors occur. All other notifications will be sent to the event log of the running machine.

• The parsing of the web logs will be handled on a file-by-file basis. This allows for the possibility that certain web servers are not configured correctly and for future expansion. The only files that can be parsed are files that are at least one day old.

• Storing of resulting processed web logs.

1.

The following is an example of how the requirements should be refined:

• Req 1.0 The application will be configured by using a configuration file that will determine the characteristics needed for the application to execute.

User Services

• 1.1 User Services. Run application from command line and derive parameters from configuration file.

Business Services

• 1.2 Implement configuration file.

• 1.2.1 Define key for remote web server locations. Required information includes web server name, location of log files, and web site URL.

• 1.2.2 Define e-mail key for catastrophic failures.

Data Services

• 1.3 Define key for data access.

• 1.4 Define functionality for multiple keys in database to hold web server settings.

The logger application will notify the Panic E-mail Address when catastrophic errors occur. All other notifications will be sent to the event log of the running machine.

User Services

• 2.0 Verify event log entries.

Business Services

• 2.1 Create event log entries on success and failure.

• 2.2 Create e-mails when catastrophic events occur in the application.

The parsing of the web logs will be handled on a file-by-file basis. This allows for the possibility that certain web servers are not configured correctly and for future expansion. The only files that can be parsed are files that are at least one day old.

Business Services

• 3.0 Parse web logs based on configuration key information. Each web server instance will have a different name for the respective web log information directory. This information must be contained in the configuration file.

• 3.1 Reverse lookups must be performed against the IP address to determine location.

Storing of resulting processed web logs.

Business Services

• 4.0 Store web logs based on URL information.