The exam is a closed-book Monday (12/5) at 8:00AM in our regular classroom.
Final Exam Late Policy: Beginning at 8:15 AM, once the first person leaves the exam, no one will be permitted to start an exam and will have to take a 0 on the exam. PU-LEEZ be on time! No make-ups will be given, and no excuses without official documentation (e.g. a doctor’s note, etc.).
Set three alarms. Have your mom call to make sure you get up!
The questions on this review guide are not directly the questions that will be on the exam. However, if you thoroughly answer and understand the questions on this review sheet and on the question sheet for the review game, you should be in good shape for the exam.
What are the pros and cons of waterfall vs. spiral vs. incremental software models. What are the pros and cons of agile and lean software development methodologies vs. plan-driven methodologies? Understand the methodology presented for choosing between an agile/lean methodology versus a plan-driven methodology.
What are some examples of plan-driven methodologies? What are some examples of agile/lean methodologies? Have an understanding of each of the methodologies in your course pack, the practices and roles of the methodologies, and how they are different from each other.
Know the different types of testing: black box, white box, unit test, integration, system, regression, and acceptance. Who writes each of these test cases? When in the development process are they generally done? What is test-driven development? What is validation? What is verification? What is the difference between validation and verification? What is a fault? What is a failure? What is the difference between mistake, fault and failure?
What does the black box test case template look like? Know how to write black box test cases.
Understand the terms equivalence class partitioning, boundary value analysis, diabolical testing. Of these three types of testing, what order would you run the test cases in and why? Understand the terms stub, driver, basis set, cyclomatic number/complexity (how to calculate and what it tells you).
Understand method, statement, branch, condition unit test coverage.
Know the following UML diagrams in detail: class diagrams, use case diagram (know how to create a use case flow of events), sequence diagram, state diagram. Be able to draw them given a description of a class structure or a (set of) scenarios. Know the meaning of and how to draw the following: actor, association, use case, class, generalization, multiplicity, aggregation, method, attribute. Know the proper use of <<extends>> and <<includes>> on a use case diagram. Understand which phase of development each type of diagram is used for. You will definitely have a class diagram question.
What are functional and nonfunctional requirements? What are requirements constraints? What are the items that are included in every software requirement specification (SRS) – no matter what the style (traditional, user story, use case)? What criteria are examined in order to validate requirements? What kind of requirements are privacy requirements? Security requirements? Understand all the parts of a software requirement specification (SRS) (hint: go look at the iTrust SRS and be familiar with all the sections or go look at the SRS in the Requirements Engineering or Use Case-based Requirements chapters of your course pack).
Know the purpose of HIPAA and of privacy policies. Understand the role of customer requirements vs. standards vs. regulation/law vs. policies in determining what will go into a product.
What does CRC stand for? How is a CRC card session beneficial? What are the items that are written on the card/how are they placed/what is their value? How are these items put into the UML diagram of the previous question? What is the motivation behind writing the “main responsibility” sentence on the CRC card? (What does it mean if writing this sentence is difficult?)
Compare use cases and user stories – format and content. What is a scenario? What is the relationship between a scenario and a use case? Know all the parts of a use case-based specification (use case = diagram and flow-of-events plus normal parts of a software requirements specification (SRS) – see your book) and be able to create a use-case based SRS as you were provided for your team project.
Briefly explain the process of becoming ISO 9001 certified. Explain the process of becoming appraised at a CMM level. Compare ISO and CMM – how are they alike, how are they different?
What is Sarbanes-Oxley? How are Sarbanes-Oxley and HIPAA similar?
What are the roles played in a software inspection? What software artifacts can be inspected? Why inspect?
Know how to analyze the economics of software prevention/removal techniques (see the pair programming/inspection chapter in the course pack). What is the cost-of-change curve? How does agile/lean and continuous deployment change this curve and why?
What is a Gantt chart? How does the use of a Gantt chart compare with the project management techniques done on our final class project? How is project management done with an agile project? What are the pros/cons of the different techniques? What is a burn down chart?
What is the purpose of risk management? How is risk exposure calculated? Protection poker (PP) looks at security risk. How is risk computed in PP? Understand how to "play" PP.
How is security testing fundamentally different from other forms of testing (unit, functional, system)? What are forms of input validation vulnerabilities and how can we remove these types of vulnerabilities? What is a black list and what is a white list? Which of these two types of lists is more practical to use for input filtering?
Understand the concept of story points, velocity, ideal days/ideal hours, and planning poker.
Understand the various kinds of maintenance: perfective, preventative, corrective, adaptive. What type of maintenance is refactoring?
Understand the OWASP Top 10 security vulnerabilities.