Part I: Multiple Choice. Encircle the correct answer. No erasure and alterations.

28 points

1. What is the primary purpose of the Software Development Life Cycle (SDLC)?

A) To organize team meetings

B) To design, develop, and test good-quality software
C) To create marketing plans
D) To evaluate hardware specifications
2, Which SDLC stage involves gathering requirements from customers and stakeholders?
A) Product Testing
B) Defining Requirements
C) Designing Architecture
D) Deployment and Maintenance
3, In which document are all software requirements specified?
A) DDS
B) Project Charter
(C)SRS
D) User Guide
4, Which of the following is NOT a stage in SDLC?
A) Product Development
B) Team Management
C) Planning and Requirement Analysis
D) Product Testing
5, What is the primary feature of the Waterfall model?
A) Allows for flexible changes
B) It is sequential and rigid
C)Uses feedback loops
D) Is iterative
6, Which stage of SDLC focuses on coding and following protocols to develop the
product?
A) Planning and Requirement Analysis
B) Product Testing
C) Developing Product
D) Deployment and Maintenance

7, What type of tool is Selenium in the context of Agile methodology?

A Collaboration tool
B Testing tool
C Documentation tool
D Project management tool

8) Which tool is commonly used for team communication in Agile, offering channels and
message threads?
A) GitHub
B) Slack
C) Jira
D) Lucidchart

9) Which of the following is NOT a version control system

A) Git
B) Gitlab
C) Miro
D) Bitbucket

10) Which SDLC stage is responsible for verifying that the product meets quality requirements?
A) Developing Product
B) Product Testing and Integration
C) Defining Requirements
D) Deployment and Maintenance

11) What does the Agile model primarily focus on?

A Adapting to changes quickly

B Risk management
C Sequential development
D Security protocols

12) What is a key feature of the V-shaped SDLC model?

A) It is flexible
B) It uses spirals
C) It pairs each development stage with a testing phase
D) It has no testing phase

13) Which SDLC model is informal and lacks structured planning?

A) Agile Model
B) Waterfall Model
C) Big Bang Model
D) Iterative Model

14) In the Deployment and Maintenance stage, what is typically gathered to improve the
product?
A) New coding languages
B) Budget approvals
C) Feedback from users
D) Security policies
15) Which of the following symbols represents an entity in an ERD?

A) Circle
B) Rectangle
C) Triangle
D) Dashed line

16) Which type of ERD model focuses on the business objects and their relationships, without
detailing tables or attributes?

A) Logical ERD
B) Physical ERD
C) Relational ERD
D) Conceptual ERD

17) In which ERD model would you include the column types and data length for each attribute?

A) Physical ERD
B) Conceptual ERD
C) Logical ERD
D) Entity-Attribute ERD

18) Which ERD model would a database designer most likely create before moving to the
physical implementation?

A) Conceptual ERD
B) Logical ERD
C) Operational ERD
D) Relational ERD
19) In a physical ERD, what type of key combines two or more attributes to uniquely identify a
record?
A) Primary Key
B) Composite Key
C) Foreign Key
D) Relational Key
20) Which type of DFD that is NOT concerned with how the system will be constructed?
A) Physical DFD
B) Logical DFD
C) Entity-Relationship Diagram
D) Context Diagram
21) In which DFD level is the entire system represented by a single process?
A) Level 1
B) Context Diagram
C) Level 2
D) Functional Primitive
22) Which of the following is NOT a common mistake in DFDs?
A) Transparent flows
B) Black holes
C) Miracles
D) Grey holes
23) What is the difference between a logical and physical DFD?
A) A logical DFD shows data storage, while a physical DFD shows functions.
B) A physical DFD represents a business activity, while a logical DFD shows implementation.
C) A logical DFD focuses on business functions, while a physical DFD shows the system's
construction.
D) A logical DFD contains hardware details, while a physical DFD contains process names.
24) What symbol is used in UML to denote a private member in a class?
A) +
B) #
C) *
D)-
25) Which of the following is NOT a type of UML Behavioral Diagram?
A) Use Case Diagram
B) Activity Diagram
C) Component Diagram
D) Sequence Diagram

26, What type of LM diagram is best suited to show the order of interactions over Time Between
objects?
A)Al Component Diagram
B)Sequence Diagram
C)Class Diagram
D)Package Diagram
27. What type of association is represented when both classes are aware of each other and their
relationship?
A) Unidirectional Association
B) Aggregation
C) Bidirectional Association
D) Composition

28, In UML, which type of relationship between two by classes is used to indicate strong
ownership, where the lifetime of one class depends on the other?

A) Association
B) Composition
C)Aggregation
D) Generalization
Part II. Write TRUE if the statement is true, and write FALSE if the statement is false after each
question.
32 Points

●​ Monolithic architecture is suitable for small applications where performance and

simplicity are prioritized.
Answer: True
●​ 2 Event-driven architecture relies on synchronous communication between components.
Answer: True
●​ Client-server architecture does not involve any form of data management.
Answer: FALSE
●​ In peer-to-peer architecture, nodes depend on a centralized server to share resources.
In peer-to-peer arc
Answer false
●​ Service-oriented architecture (SOA) emphasizes interoperability and flexibility through
the use of services.
Answer: True
●​ Design patterns are specific pieces of code that can be directly reused in different
programs.
Answer: True
●​ An algorithm provides a clear set of actions to achieve a goal, while a design pattem is a
high-level description of a solution.
Answer: True
●​ Design patterns can only be classified into two categories: creational and structural.
Answer false
●​ Design patterns can only be applied in object-oriented programming languages.
Answer: false
●​ Advanced Object-Oriented Programming (OOP) only covers basic concepts such as
classes and Inheritance.
Answer: false
●​ Defensive programming focuses on handling invalid inputs by crashing the system when
 errors occur
Answer: False
●​ DbC is ideal for trusted systems where components interact in a controlled environment.
answer: True
●​ The Single Responsibility Principle suggests that a class should be responsible for
multiple aspec of an application to avoid unnecessary dependencies.
Answer: false
●​ Defense programming is preferred when handling untrusted inputs from users or external
system
Answer: true
●​ The open close principle state that classes should be open for modification but close to
extension
Answer: False
●​ the open close principle state that classes should be open for modification but close to
extension
Answer: False
Test 3

Adapter Pattern: This design pattern allows objects with incompatible interfaces to collaborate.​

Observer Pattern: This design pattern lets you define a subscription mechanism to notify multiple
objects about any events that happen to the object they're observing.​

Structural Pattern: These patterns explain how to assemble objects and classes into larger
structures while keeping these structures flexible and efficient.​

Factory Method: It provides an interface for creating objects in a superclass but allows
subclasses to alter the type of objects that will be created.​

Creational: These patterns provide object-creation mechanisms that increase flexibility and reuse
of existing code.​

Singleton Pattern: This pattern lets you ensure that a class has only one instance while providing
a global access to this instance.​
Design Pattern: They are like premade blueprints that you can customize to solve a recurring
design problem in your code.​

Architectural Style: It refers to a set of principles that shapes and guides the design of a system.
Behavioral Pattern: Those patterns take care of effective communication and the assignment of
responsibilities between objects.​

Idiom: Most basic low-level pattern.

Here are the answers for both Part I (Multiple Choice) and Part II (True or False):

Match the list of statements with their corresponding terminologies. Place the corresponding
letter after each statement. No erasures or alterations.
1. It is a level of software testing process where individual units are combined and tested as a
group.
Answer. G INTEGRATION TESTING
2.A testing in which the tester doesn't have access to the source code of the software and is
conducted at the software interface without any concern with the internal logical structure of the
software.
Answer: P BLOCK BOX TESTING
3.It is a method to assess the functionality of the software program.
Answer:BB SOFTWARE TESTING
4.What is the sequence of steps generally followed in a Test-Driven Development methodology?
Answer. U RED-GREEN-RETRACTION
5.It a level of the software testing process where individual units/components of a
software/system are tested.
Answer. W UNIT TESTING
6.It is a level of the software testing process where a complete, integrated system/software is
tested.
Answer: CC SYSTEM TESTING
7 A testing in which the tester is aware of the internal workings of the product, has access to its
source code.
Answer. B WHITE BOX TESTING
8. What is the natural language used in a Behavior-Driven Development methodology?
Answer: N GHERKIN SYNTAX
9. The step in software testing where it refers to the set of tasks that ensure that the software
correctly implements a specific function.
Answer. O VERIFICATION
10. The step in software testing where it refers to the set of tasks that ensure that the software has
been built is traceable to customer requirements.
Answer:L VALIDATION
11. In CI/CD operations, if the deployment to production is a manual step, the CD means?
Answer. H CONTINUOUS DELIVERY
12. It provides a set of rules in commits to formulate a consistent commit message structure.
Answer. Q CONVENTIONAL COMMITS
13. A system that records changes to a file or set of files over time so you can recall specific
versions later.
Answer. AA VERSION CONTROL
14. One of the simplest forms of version control systems and has a database that kept all the
changes to files under revision control.
Answer: S LOCAL VERSION CONTROL SYSTEM
15. This version control system contains just one repository globally and every user need to
commit for reflecting one's changes in the repository.
Answer. R CENTRALIZED VERSION SYSTEM
16. This version control system contains multiple repositories.
Answer. Z DISTRIBUTED VERSION CONTROL SYSTEM
17. Git command provides the history of your commits.
Answer. Y git log
18. Git command that copies an existing Git repository.
Answer: V git clone
19. Git command that allows you to retrieve updates from a remote repository but it doesn't
automatically merge the changes into your current branch.
Answer. J git fletch
20. Git command that updates your local version with the latest updates of the remote repository.
Answer. I git pull
21. Default Local branch name.
Answer: C master
22. Default GitHub branch name.
Answer: DD main
23. A draft space where you prepare your changes before committing them.
Answer. F staging area
24. A directory where all the files for a particular project are stored.
Answer. A repository
25. Git command that makes a directory into a git repository.
Answer: M git int
28. A file that lists the other files you want git not to track.
Answer. EE git ignore file
27. Another type of cache that holds unwanted changes you may want to come back later.
Answer:X git stash
28. A unique identifier for each commit.
Answer. K commit ID
29. A reference name for the latest commit.
Answer: E Head
30. Git command that sees changes in the local repository.
Answer: T git status

FALSE 1.Software maintenance is only about fixing errors after software delivery.

TRUE 2.Adaptive maintenance involves modifying software to match changes in the

environment.

FALSE 3.Refactoring adds new functionality to the codebase.

TRUE 4.A long method is considered a code smell.
TRUE 5.Preventive maintenance aims to prevent the system from becoming obsolete.
FALCE 6.The 'Rule of Three' suggests refactoring code the second time you write it.
TRUE 7.Feature Envy' is a code smell where a method accesses the data of another object more
than its own.
TRUE 8.Shotgun Surgery refers to making a single change that requires multiple small changes
across different .' classes

FALSE 9. A'Lazy Class' is one that has too many responsibilities.

False 10.Extract Method is a refactoring technique used to move code from one class to another.
FALSE 11.Software security primarily focuses on external threats and ignores internal
vulnerabilities.
TRUE 12.Malware, such as ransomware and worms, exploits vulnerabilities in software tocause
harm.
TRUE 13.Insider threats involve employees or individuals misusing their access to
organizational software.
False 14Static Application Security Testing (SAST) tools examine active programs to find
vulnerabilities.
TRUE 15.Dynamic Application Security Testing (DAST) tools mimic real-world exploits on
active software.
FALL 16Legacy systems are typically easier to secure than modem systems.
TRUE 17.Authentication and Authorization tools, like multi-factor authentication, enhance
access control security.
TRUE 18.Threat modeling identifies potential vulnerabilities during the software development
lifecycle.

FALSE 19. Regularly patching software and third-party components is unnecessary if secure
coding practices are followed.
FALSE 20. Security awareness training is the sole responsibility of the IT department.