Which of the transitions shown in Fig.

11-34 are policy decisions, as opposed to required moves

forced by system events (e.g., a process exiting and freeing its pages)?

Even when there is plenty of free memory available, and the memory manager does not need to
trim working sets, the paging system can still frequently be writing to disk. Why?

In a microkernel-based client-server system, the microkernel just does message passing and
nothing else. Is it possible for user processes to nevertheless create and use semaphores? If so,
how? If not, why not?

Listing 2.6, ShowCurrentTime.java, gives a program that displays the current time in GMT.
Revise the program so that it prompts the user to enter the time zone offset to GMT and displays
the time in the specified time zone. Here is a sample run: Enter the time zone offset to GMT: -5
The current time is 4:50:34

Write a program that reads in an investment amount, the annual interest rate, and the number of
years, and displays the future investment value using the following formula:
futureInvestmentValue = investmentAmount * (1 + monthlyInterestRate)numberOfMonths For
example, if you enter the amount 1000, an annual interest

See Full Question And Answer at solutionrank.com

The mitigation strategy for improving security despite the continuing presence of vulnerabilities
has been very successful. Modern attacks are very sophisticated, often requiring the presence of
multiple vulnerabilities to build a reliable exploit. One of the vulnerabilities that is usually
required is an information l

An extension model used by many programs (Web browsers, Office, COM servers) involves
hosting DLLs to hook and extend their underlying functionality. Is this a reasonable model for an
RPC-based service to use as long as it is careful to impersonate clients before loading the DLL?
Why not?

As described in Sec. 11.4, there is a special handle table used to allocate IDs for processes and
threads. The algorithms for handle tables normally allocate the first available handle
(maintaining the free list in LIFO order). In recent releases of Windows this was changed so that
the ID table always keeps the free li

In the text we showed how caching path names can result in a significant speedup when looking
up path names. Another technique that is sometimes used is having a daemon program that opens
all the files in the root directory and keeps them open permanently, in order to force their i-nodes
to be in memory all the time. D

Explain under what situations a process may request a shared lock or an exclusive lock. What
problem may a process requesting an exclusive lock suffer from?
See Full Question And Answer at solutionrank.com

Win32 does not have signals. If they were to be introduced, they could be per process, per
thread, both, or neither. Make a proposal and explain why it is a good idea.

Suppose that a dispatcher object representing some type of exclusive lock (like a mutex) is
marked to use a notification event instead of a synchronization event to announce that the lock
has been released. Why would this be bad? How much would the answer depend on lock hold
times, the length of quantum, and whether th

On multi-CPU platforms, Linux maintains a runqueue for each CPU. Is this a good idea? Explain
your answer?

Based on the information presented in this chapter, if a Linux ext2 file system were to be put on
a 1.44-MB floppy disk, what is the maximum amount of user file data that could be stored on the
disk? Assume that disk blocks are 1 KB.

In Fig. 12-5, a flag, found, is used to tell whether the PID was located. Would it b possible to
forget about found and just test p at the end of the loop to see whether it got to the end or not?

See Full Question And Answer at solutionrank.com

Name three reasons why a desktop process might be terminated. What additional reason might
cause a process running a modern application to be terminated?

1. Which the following statements about the base keyword is false?

a.A constructor can use at most one base statement.

b.A constructor cannot use both a base statement and a this statement.

c.The base keyword lets a constructor invoke a different constructor in the same class.

See Full Question And Answer at solutionrank.com

d.If a constructor uses a base stateme

For each of the following Visual Basic code snippets, identify the syntax error. a. If intX > 100
lblResult.Text = "Invalid Data" End If b. Dim str As String = "Hello" Dim intLength As Integer
intLength = Length(str) c. If intZ < 10 Then lblResult.Text = "Invalid Data" d. Dim str As String
= "123" If str.IsNu

As memory gets cheaper and cheaper, one could imagine a computer with a big battery- backed-
up RAM instead of a hard disk. At current prices, how much would a low-end RAM-only PC
cost? Assume that a 100-GB RAM-disk is sufficient for a lowend machine. Is this machine likely
to be competitive?
When an i-node is read in from the disk during the process of opening a file, it is put into an i-
node table in memory. This table has some fields that are not present on the disk. One of them is
a counter that keeps track of the number of times the i-node has been opened. Why is this field
needed?

1.Which of the following methods is the best way to store an integer value typed by the user in a
variable? a.ToString b.Convert c.ParseInt d.TryParse 2.The statement object obj = 72 is an
example of which of the following? a.Explicit conversion b.Immutable conversion c.Boxing
d.Unboxing 3.If Employ

See Full Question And Answer at solutionrank.com

The following algorithm is designed to print the beginning of what is known as the Fibonacci
sequence. Identify the body of the loop. Where is the initialization step for the loop control? The
modification step? The test step? What list of numbers is produced? Last ← 0; Current ← 1;
while (Current < 100) do

If you are designing something like Android's zygote process for a system that will have multiple
threads running in each process forked from it, would you prefer to start those threads in zygote
or after the fork?

A file has the following mapping. Give the MFT run entries.

Why does the self-map used to access the physical pages of the page directory and page tables
for a process always occupy the same 8 MB of kernel virtual addresses (on the x86)?

1. Which object does the variable mySet inherit from? Int[] mySet = new int[5];
a.System.Collection b.System.Collection.List c.System.Array d.None, this is a value type. 2.
Which type should you use to store objects of different types but do not know how many
elements you need at the time of creation? a.C

See Full Question And Answer at solutionrank.com

1. Which the following statements about the base keyword is false?

a.A constructor can use at most one base statement.

b.A constructor cannot use both a base statement and a this statement.

c.The base keyword lets a constructor invoke a different constructor in the same class.

d.If a constructor uses a base stateme

See Full Question And Answer at solutionrank.com

If a region of virtual address space is reserved but not committed, do you think a VAD is created
for it? Defend your answer.

Windows uses a facility called Autoboost to temporarily raise the priority of a thread that holds
the resource that is required by a higher-priority thread. How do you think this works?

In Sec. 11.3.3 we described the problems caused by multithreaded applications closing handles
in one thread while still using them in another. One possibility for fixing this would be to insert a
sequence field. How could this help? What changes to the system would be required?

Imagine you use Android's Binder IPC to send an object to another process. You later receive an
object from a call into your process, and find that what you have received is the same object as
previously sent. What can you assume or not assume about the caller in your process?

If you are writing networking code on Android that uses a socket to download a file, what should
you consider doing that is different than on a standard Linux system?

See Full Question And Answer at solutionrank.com

In Windows it is easy to implement a facility where threads running in the kernel can temporarily
attach to the address space of a different process. Why is this so much harder to implement in
user mode? Why might it be interesting to do so?

One way to handle tables whose size is not known in advance is to make them fixed, but when
one fills up, to replace it with a bigger one, copy the old entries over to the new one, then release
the old one. What are the advantages and disadvantages of making the new one 2 × the size of
the original one, as compared to

Write a Python program in which the user enters either 'A', 'B', or 'C'. If 'A' is entered, the
program should display the word 'Apple'; if 'B' is entered, it displays 'Banana'; and if 'C' is
entered, it displays 'Coconut'. Use nested if statements for this as depicted in Figure 3-13.

When the file /usr/ast/work/f is opened, several disk accesses are needed to read i-node and
directory blocks. Calculate the number of disk accesses required under the assumption that the i-
node for the root directory is always in memory, and all directories are one block long.

Can reentrant procedures have private static global variables? Discuss your answer.

See Full Question And Answer at solutionrank.com

Windows contains a hypervisor which allows multiple operating systems to run simultaneously.
This is available on clients, but is far more important in cloud computing. When a security
update is applied to a guest operating system, it is not much different than patching a server.
However, when a security update is appl
List four activities of a typical operating system.

Pdflush threads can be awakened periodically to write back to disk very old pages- older than 30
sec. Why is this necessary?

a. In what way are general-purpose registers and main memory cells similar? b. In what way do
general-purpose registers and main memory cells differ?

The discussion of Windows User-Mode Scheduling mentioned that user-mode and kernel- mode
threads had different stacks. What are some reasons why separate stacks are needed?

See Full Question And Answer at solutionrank.com

When a process unmaps a clean stack page, it makes the transition (5) in Fig. 11-34. Where does
a dirty stack page go when unmapped? Why is there no transition to the modified list when a
dirty stack page is unmapped?

A Student object should validate its own data. The client runs this method, called validateData(),
with a Student object, as follows: String result = student.validateData(); if (result == null) else
System.out.println(result); If the student's data are valid, the method returns the value null;
otherwise, the meth

Identify all the errors in the following repetition statements. Some errors are syntactical while
others are logical (e.g., infinite loops). a. for (int i = 10; i > 0; i++) { x = y; a = b; } b. int sum =
0; Scanner scanner = new Scanner(System.in); do { num = scanner.nextInt(); sum += num; }
until (sum > 1000

Windows swaps the processes for modern applications rather than reducing their working set and
paging them. Why would this be more efficient?

In the text it is stated that locality can often be exploited to improve performance. But consider a
case where a program reads input from one source and continuously outputs to two or more files.
Can an attempt to take advantage of locality in the file system lead to a decrease in efficiency
here? Is there a way aroun

See Full Question And Answer at solutionrank.com

1.What is the parameter in this method known as? public void displayAbsoluteValue(int value =
1) a.Modified b.Optional c.Named d.Default 2.When you create an abstract method, how do you
use that method in a derived class? a.You must overload the method in your derived class. b.You
must override the meth

In Fig. 12-6, the differences between the x86 and the UltraSPARC are hidden by conditional
compilation. Could the same approach be used to hide the difference between x86 machines with
an IDE disk as the only disk and x86 machines with a SCSI disk as the only disk? Would it be a
good idea?

A mouse can have one, two, or three buttons. All three types are in use. Does the HAL hide this
difference from the rest of the operating system? Why or why not?

In view of all the trouble that students can cause if they get to be superuser, why does this
concept exist in the first place?

On a Linux system, go to /proc/#### directory, where #### is a decimal number corresponding

to a process currently running in the system. Answer the following along with an explanation: (a)
What is the size of most of the files in this directory? (b) What are the time and date settings of
most of the files? (c) What

See Full Question And Answer at solutionrank.com

As we have seen, absolute path names are looked up starting at the root directory and relative
path names are looked up starting at the working directory. Suggest an efficient way to
implement both kinds of searches.

Some tape drives hav e numbered blocks and the ability to overwrite a particular block in place
without disturbing the blocks in front of or behind it. Could such a device hold a mounted Linux
file system?

When initializing a global variable in a multithreaded program, a common programming error is

to allow a race condition where the variable can be initialized twice. Why could this be a
problem? Windows provides the InitOnceExecuteOnce API to prevent such races. How might it
be implemented?

Operating systems often do naming at two different levels: external and internal. What are the
differences between these names with respect to (a) Length? (b) Uniqueness? (c) Hierarchies?

Give a couple of examples where an application might be able to recover easily from a backup
based on a volume shadow copy rather the state of the disk after a system crash.

See Full Question And Answer at solutionrank.com

Name some features of a conventional operating system that are not needed in an embedded
system used inside an appliance.

Suppose that we need a way of computing whether the number of bits in a 32-bit word is odd or
even. Devise an algorithm for performing this computation as fast as possible. You may use up
to 256 KB of RAM for tables if need be. Write a macro to carry out your algorithm. Extra Credit:
Write a procedure to do the computa
Suppose that a page is shared and in two working sets at once. If it is evicted from one of the
working sets, where does it go in Fig. 11-34? What happens when it is evicted from the second
working set?

Many components of the executive (Fig. 11-11) call other components of the executive. Give
three examples of one component calling another one, but use (six) different components in all.

Give two examples of the advantages of relative path names over absolute ones.

See Full Question And Answer at solutionrank.com

Consider the locked file of Fig. 10-26(c). Suppose that a process tries to lock bytes 10 and 11 and
blocks. Then, before C releases its lock, yet another process tries to lock bytes 10 and 11, and
also blocks. What kinds of problems are introduced into the semantics by this situation? Propose
and defend two solutions.

Write a program that creates a Random object with seed 1000 and displays the first 50 random
integers between 0 and 100 using the nextInt(100) method.

Write a program that displays all the prime numbers less than 120 in decreasing order. Use the
StackOfIntegers class to store the prime numbers (e.g., 2, 3, 5,... ) and retrieve and display them
in reverse order.

Write a program that receives an ASCII code (an integer between 0 and 127) and displays its
character. For example, if the user enters 97, the program displays the character a. Here is a
sample run: Enter an ASCII code: 69 The character is E

Consider the MFT record of Fig. 11-41. Suppose that the file grew and a 10th block was
assigned to the end of the file. The number of this block is 66. What would the MFT record look
like now?

See Full Question And Answer at solutionrank.com

The Win32 API call WaitForMultipleObjects allows a thread to block on a set of synchronization
objects whose handles are passed as parameters. As soon as any one of them is signaled, the
calling thread is released. Is it possible to have the set of synchronization objects include two
semaphores, one mutex, and one crit

A Linux i-node has 12 disk addresses for data blocks, as well as the addresses of single, double,
and triple indirect blocks. If each of these holds 256 disk addresses, what is the size of the largest
file that can be handled, assuming that a disk block is 1 KB?

Hierarchical file names always start at the top of the tree. Consider, for example, the file name
/usr/ast/books/mos2/chap-12 rather than chap-12/mos2/books/ast/usr. In contrast, DNS names
start at the bottom of the tree and work up. Is there some fundamental reason for this difference?
In Sec. 11.10, providing new memory to the process heap was mentioned as one of the scenarios
that require a supply of zeroed pages in order to satisfy security requirements. Give one or more
other examples of virtual memory operations that require zeroed pages.

To support POSIX, the native NtCreateProcess API supports duplicating a process in order to
support fork. In UNIX fork is shortly followed by an exec most of the time. One example where
this was used historically was in the Berkeley dump(8S) program which would backup disks to
magnetic tape. Fork was used as a way of c

See Full Question And Answer at solutionrank.com

1.Suppose the MovedEventHandler delegate is defined by the statement delegate void

MovedEventHandler(). Which of the following correctly declares the Moved event? a.public
MovedEventHandler MovedEvent; b.public event MovedEventHandler MovedEvent; c.public
event Action MovedEvent; d.Both b and c are correct. 2

Write a Linux pipeline that prints the eighth line of file z on standard output.

A professor shares files with his students by placing them in a publicly accessible directory on
the Computer Science department's Linux system. One day he realizes that a file placed there the
previous day was left world-writable. He changes the permissions and verifies that the file is
identical to his master copy. T

Modern applications must save their state to disk every time the user switches away from the
application. This seems inefficient, as users may switch back to an application many times and
the application simply resumes running. Why does the operating system require applications to
save their state so often rather than

Consider a system that hoards references to remote files as hints, for example as (name, remote-
host, remote-name). It is possible that a remote file will quietly be removed and then replaced.
The hint may then retrieve the wrong file. How can this problem be made less likely to occur?

See Full Question And Answer at solutionrank.com

Give one advantage and one disadvantage of the registry vs. having individual .ini files.

Careful optimization can improve system-call performance. Consider the case in which one
system call is made every 10 msec. The average time of a call is 2 msec. If the system calls can
be speeded up by a factor of two, how long does a process that took 10 sec to run now take?

It is stated in the text that a paging partition will perform better than a paging file. Why is this
so?

1.To parse a string that might contain a currency value such as $1,234.56, you should pass the
Parse or TryParse method which of the following values?
a.NumberStyles.AllowCurrencySymbol b.NumberStyles.AllowThousands
c.NumberStyles.Currency d.A combination of all NumberStyles values 2.Which of the following
st

An alternative to using DLLs is to statically link each program with precisely those library
procedures it actually calls, no more and no less. If this scheme were to be introduced, would it
make more sense on client machines or on server machines?

See Full Question And Answer at solutionrank.com

Describe agility (for software projects) in your own words.

Using Brooks' figure of 1000 lines of code per programmer per year, make an estimate of the
amount of money it took to produce Windows 8. Assume that a programmer costs $100,000 per
year (including overhead, such as computers, office space, secretarial support, and management
overhead). Do you believe this answer? If n

What are some new risks facing "hyper-extended" organizations?

a) What is a state? b) Are most packets part of the connection-opening state or the ongoing
communication state? c) Why is the answer to Question 5b important for stateful packet
inspection's efficiency? d) What is a connection? e) How is a connection between two programs
on different computers represented?

Most IP addresses are public, in the sense that they can appear on the public Internet. However, a
few IP addresses have been designated as private IP addresses. One private IP address range is
172.16.0.0 to 172.31.255.255. Private IP addresses can only appear within a firm. In Figure 6-20,
internal hosts have private

See Full Question And Answer at solutionrank.com

a) What are the three UNIX permissions? b) Briefly characterize each? c) Compare the number
of UNIX directory and file permissions with that of Windows? d) To which three individual
accounts or groups can permissions be assigned for a particular directory in UNIX? e) How does
the number of accounts or groups to w

Windows uses 2-MB large pages because it improves the effectiveness of the TLB, which can
have a profound impact on performance. Why is this? Why are 2-MB large pages not used all the
time?

a) What packets are usually logged in log files? b) What are the fields in the log file shown in
Figure 6-25? c) In the examples given, by what field was the log file sorted? d) From the log file,
what could we infer about the Echo probe attack? e) Did this attack seem to be serious? Explain.
f) From the log
a) Distinguish between IDSs and IPSs. b) Why is the attack identification confidence spectrum
important in deciding whether to allow IPSs to stop specific attacks?

a) What is a vulnerability? b) What is an exploit? c) What is a zero-day attack? d) Why is the

quick application of critical fixes important?

See Full Question And Answer at solutionrank.com

What is the likely future of passwords?

a) List the four types of fixes for vulnerabilities. b) Distinguish between work-arounds and
patches. c) What is a service pack in Microsoft Windows? d) Why is upgrading to a new version
of an operating system usually good for security?

a) What does a firewall do if it cannot keep up with the traffic volume? b) Why is this action
good? c) Why is this action bad? d) Why can a firewall keep up with traffic in general but fail to
do so during a major attack? e) As processing power increases in the future, what will this mean
for firewall filterin

(a) What is the book's recommended password policy for length and complexity? (b) How can
password-cracking programs be used to enforce password strength policy? (c) Before you run a
password-cracking program on your company's computers to check for weak passwords, what
should you do?

Do you use the same password for multiple accounts? Why would this be a security risk?

See Full Question And Answer at solutionrank.com

A firm has the following firewall policy: Employee access to Internet servers should be
unrestricted and external clients should only be able to access the firm's public webserver. The
firm also has a finance server that should only be accessible to people in the finance department.
The server and the finance departmen

Why should businesses shift their focus from protecting their containers to protecting their data?

Why is cyber espionage so attractive?

If you were in an industry listed as a primary target for cyber espionage, what additional steps
would you take to improve the security of your company?

Could malware rename itself in order to get through a firewall? Why would this work?

See Full Question And Answer at solutionrank.com

Redo the ACL in Figure 6-10 to add rules for the following conditions. After Rule 1, create a
rule that permits all connections to internal DNS servers. After the original Rule 2, create rules
that permit connections to all Trivial File Transfer Protocol (TFTP) servers and that permit
access to FTP Server 60.33.17.1. (

Why does a change of case help make a stronger password?

a) What are the two limitations of static packet filtering? Explain why each limitation is bad. b)
For what two reasons do companies not use static packet filtering as the main filtering
mechanism in border firewalls today? c) In what two secondary ways do corporations sometimes
use static packet filtering?

a) Why is UNIX systems security difficult to describe generally? b) Distinguish between UNIX
and Linux. c) What is the LINUX kernel? d) What is a LINUX distribution? e) Comment on the
cost of Linux. f) Does a particular version of UNIX have a single user interface? g) What are
UNIX CLIs called? h) How are

a) Can you create a truly random password? Will it be used? b) Should passwords be tested by
systems administrators? Why?

See Full Question And Answer at solutionrank.com

a) Distinguish between firewall policies and ACL rules. b) Why is creating firewall policies
desirable compared to just creating a list of ACL rules? c) Create three firewall policies not listed
in the text?

Why are the industries mentioned in the NCIX report targets of foreign espionage?

a) How can you quickly assess the security posture of your Windows PC? b) What provides a
quick summary of security components needed to harden a client PC? c) Why are multiple types
of protection necessary?

What different baselines does a company need for its client PCs?

a) Is there only one firewall filtering mechanism? b) What filtering mechanisms do almost all
main border firewalls use? c) Do SPI firewalls only do stateful packet inspection?

See Full Question And Answer at solutionrank.com

a) How are permissions applied to a directory in Windows? b) List each standard Windows
privilege and explain it briefly. c) To how many accounts and groups can different permissions
be applied in Windows? d) How can inheritance reduce labor costs in assigning permissions? e)
How can inheritance be modified?

How might outsourcing IT Security functions improve security?

Contrast what sniffers can learn if a company being attacked uses NAT or an application proxy
server?
Suppose that the probability of a false acceptance is 0.0001 per match attempt. Suppose that
there are 1,000 templates in the database. What is the probability of a false acceptance in the case
of verification? What is the probability of a false acceptance in the case of identification? What
is the probability of a fal

a) Why are screening routers used in a firewall architecture? b) Why are internal firewalls
desirable? c) Why is it easier to create appropriate ACL rules for server host firewalls than for
border firewalls? d) How does the use of border, internal, and host firewalls provide defense in
depth?

See Full Question And Answer at solutionrank.com

Can you use foreign language wordlists?

a) What are rainbow tables? b) How would rainbow tables reduce the time needed to crack a
password? c) Would it be possible to create rainbow tables for all possible passwords with 1-20
characters? Would it be practical?

Modify the ACL in Figure 6-10 to permit externally initiated connections to an SNMP network
management server, 60.47.3.103, and to allow both regular and SSL/TLS connections to the
internal webserver 60.47.3.137 but not to other webservers?

A stateful packet inspection border firewall contains a rule that permits external connections to
an internal public webserver. However, the firewall does not permit access to this server. Come
up with at least two hypotheses for the cause of the problem. Describe how you would test each
hypothesis?

List at least six identities for yourself that require different authentication and authorizations.

See Full Question And Answer at solutionrank.com

a) What is a multihomed router? b) What is a DMZ? c) Why do companies use DMZs? d) What
three types of hosts are placed in the DMZ? e) Why do companies put public servers in the
DMZ? f) Why do companies put application proxy firewalls in the DMZ? g) What host names
does the external DNS server know? h) Wh

a) When NAT is used, why can sniffers not learn anything about the internal IP addresses of
internal hosts? b) Why does NAT stop scanning probes? c) Why is NAT traversal necessary? d)
Is a NAT traversal method easy to select?

a) For stateful packet inspection firewalls, what do ingress ACLs permit in general? b) What do
egress ACLs disallow in general in SPI firewalls? c) What do well-known port numbers
designate? d) Is Figure 6-10 an ACL for ingress filtering or egress filtering? e) Why is Rule 2 in
Figure 6-10 safer than Rule 1?
a) What do Trojan horse password capture programs do? b) Can antivirus software detect
keystroke capture software? c) How would you detect a physical keylogger? d) What is shoulder
surfing? e) Does the shoulder surfer have to read the entire password to be successful? Explain.

Some airports are installing face recognition systems to identify terrorists and criminals. About
one in a million people passing through the airport is a terrorist. Suppose the FAR is about 1
percent. The FRR is about 30 percent. Is this system likely to be workable? Explain using a
spreadsheet analysis with reasonabl

See Full Question And Answer at solutionrank.com

How could a nation protect its own corporations from cyber espionage by foreign governments?

Why is state-sponsored espionage more concerning than traditional corporate espionage?

Why do special characters (e.g., @ # $% ^ &*) make passwords difficult to crack?

The ACL in Figure 6-10 is in effect. A packet containing a TCP SYN segment reaches a stateful
packet inspection firewall from the outside. What actions will the SPI firewall take?

a) What distinguishes an application proxy firewall from static packet filtering firewalls and SPI
firewalls? b) Distinguish between proxy programs and application proxy firewalls. c) If you will
proxy four different applications, how many proxy programs will you need? d) How many
application proxy firewalls will

See Full Question And Answer at solutionrank.com

a) What is cloud computing? b) How do cloud computing and mainframe architectures differ? c)
How do cloud computing and client-server architectures differ? d) What are the advantages of
cloud computing? e) Which security concerns are specific to cloud computing? Why? f) How
could attackers use cloud computing?

a) Why is vulnerability testing desirable? b) What two things does vulnerability testing software
do? c) Why is it important to get approval in writing before conducting a vulnerability test? d)
What two things should this written approval specifically mention? e) Why is it important never
to diverge from the t

a) Describe Policy 5 in the firewall policy database shown in Figure 6-24. b) Repeat for Policy 6.
c) Repeat for Policy 7. d) Repeat for Policy 8. e) Repeat for Policy 9.

a) Why are stateful packet inspection firewalls inexpensive? b) In practice, are they fairly safe?
c) Are SPI firewalls limited to SPI filtering? d) What firewall inspection mechanism do nearly all
main border firewalls today use?
(a)Your company installs a face recognition system for door access. a) Its FRR is much worse
than the vendor's claims. What might be causing this? (b) The system's FRR increases over time.
What might be causing this?

See Full Question And Answer at solutionrank.com

What can go wrong with antivirus protection?

Given the ACL in Figure 6-10, what would the firewall do with an incoming ICMP echo
message? (This will require some thought. Think about how ICMP messages are encapsulated
and what field in the IP header indicates that the packet's data field contains an ICMP message)?

The ACL in Figure 6-10 is in effect. A packet containing a TCP ACK segment reaches a stateful
packet inspection firewall from the outside. What actions will the SPI firewall take? Explain.

How would two-factor authentication improve the security of user accounts?

Centralizing authentication and authorization reduces cost, improves consistency, and permits
rapid provisioning and changes. List the technologies on the way toward greater centralization,
beginning with stand-alone authenticators through corporate metadirectory servers.

See Full Question And Answer at solutionrank.com

How can businesses mitigate the negative effects of cross-pollination between organizations?

a) What Windows snap-in is used to manage users and groups? b) On which MMC is this snap-
in available? c) In this snap-in, if the administrator clicks on an account, what may he or she do?
d) How does the administrator create a new account? e) How does an administrator add an
account to a group? f) How does t

(a) In identity management, what are provisioning, reprovisioning, and deprovisioning? (b) Why
is decentralized management desirable? (c) Why are self-service functions desirable? (d) What
changes should be made through self-service functions?

(a) Why is it a problem to use the same password at multiple sites? (b) Why is it difficult to
enforce a policy of using a different password at each site? (c) Why are password duration
policies important? (d) What are password resets? (e) Why are password resets dangerous? (f)
How can password resets be auto

a) What is the name of Microsoft's server operating system? b) What security protections do
recent versions of this operating system offer? c) Why is Microsoft Windows Server easy to
learn? d) What are MMCs? (Do not just spell out the acronym.) e) On what object does an icon
bar icon operate? f) What is in th

See Full Question And Answer at solutionrank.com

a) What filtering actions were listed to protect clients from malicious webservers? b) What
filtering action was mentioned to prevent internal client misbehavior in HTTP? c) What two
filtering actions were mentioned for protecting webservers from malicious clients? d) What three
automatic protections do applicati

Your friend wants to secure his or her desktop PC with fingerprint scanning or password access
protection. Give your friend the information that he or she should know to make the decision.
Consider alternatives. This is not very short answer.

a) How can attackers avoid the border firewall? b) How has the perimeter extended outside the
site? c) How can firms react to this decline in the effectiveness of border firewall filtering?

a) Distinguish between firewalls and IDSs. b) Why are IDS alarms often a problem? c) What is a
false positive? d) What two types of filtering do IDSs use? e) Why is deep packet inspection
important? f) Why is deep packet inspection processing-intensive? g) Why is packet stream
analysis important? h) Why d

a) How do firewalls and antivirus servers work together? b) Are antivirus servers limited to
looking for viruses? Explain. c) What may the antivirus server do after it performs filtering? d)
What type of firewall does both traditional firewall filtering and antivirus filtering use?

See Full Question And Answer at solutionrank.com

a) Give the simple stateful packet inspection firewall rule for packets that do not attempt to open
connections? b) UDP is connectionless. How is it possible for an SPI firewall to handle UDP
connections? c) Is SPI filtering for packets that are part of ongoing communications usually
simple and inexpensive? Explain.

Why does your computer send so many packets? Why not send just one big packet?

(a) What is siting? (b) Distinguish between UPSs and electrical generators. (c) If wiring cannot
be run through walls, what should be done to protect the wiring? (d) What should be done to
protect laptops taken off premises? (e) What controls should be applied to off-site equipment
maintenance? (f) What controls

a) What are the three dangers created by notebook computer loss or theft? b) When should
backup be done for mobile computers? c) What four policies are necessary to protect sensitive
information? d) To what should these policies be applied? e) What training should be provided?
f) What does computer recovery s

a) Why is central PC security management desirable? b) Why are standard configurations

attractive? c) What does NAC do when a computer attempts to connect to the network? d) If a
PC fails its initial health assessment, what are a NAC system's two options? e) Does NAC
control usually stop after access is granted
See Full Question And Answer at solutionrank.com

a) Distinguish between signature detection and anomaly detection. b) What is a zero-day attack?
c) Why are zero-day attacks impossible to stop with attack signatures? d) What is the promise of
anomaly detection? e) Why is anomaly detection becoming critical for firewalls?

a) What SPI firewall has come with client version of Windows since Windows XP SP2? b) What
improvements come with Windows Firewall with Advanced Security?

a) Compare firewall hardening needs for firewall appliances, vendor-provided systems, and
firewalls built on general-purpose computers. b) List what centralized firewall management
systems do. c) What columns does the firewall policy database described in the text contain? Be
able to describe each and what options

How might the weak security practices in one organization harm other organizations?

How could outsourcing IT security functions reduce costs?

See Full Question And Answer at solutionrank.com

Someone says that they wish to protect their desktop PC from a walk-up attacker with a
password or passwords. Give them advice and reasons for your advice. This is not very short
answer.

a) What two actions can IPSs take when they identify an attack? b) Which can be the most
effective? c) Which can do the most damage?

Why would nation states sponsor cyber espionage?

a) Do stateful packet inspection firewalls automatically do application content filtering? Explain.

b) Do they have the slow speed of relay operation? c) What three advantages do application
proxy firewalls have in protection that SPI firewalls with content inspection not have? d) Why
are SPI content filtering fir

a) Why do firms have a difficult time applying patches? b) Why do many firms prioritize
patches? c) How do patch management servers help? d) What two risks does patching raise?

See Full Question And Answer at solutionrank.com

(a) In what sense is identity management really just another form of risk management? (b) How
can identity management reduce risk? (c) How much should companies spend on identity
management?

How can cross-pollination of user credentials be harmful to users and businesses?

What do FRRs mean when fingerprint scanning is used to secure a PC against walk-up attacks?
What might produce high FRRs? Can you think of a way that this problem could be reduced in
fingerprint scanning?

a) In Windows Server 2003 and 2008, how automatic can patching be? b) What patch
downloading method is commonly used in Linux?

Give two reasons why assigning security measures to groups is better than assigning security
measures to individuals within groups?

See Full Question And Answer at solutionrank.com

(a) What are reusable passwords? (b) Why is password cracking over a network difficult to do?
(c) In what two ways can password-cracking programs be used? (d) Which is safer for the
cracker? Why?

a) What is a pass/deny decision? b) What type of packet does a firewall drop and log? c) What
does the firewall do about packets that it suspects (but cannot prove) are attack packets? d) Why
does the firewall log information about dropped packets? e) Distinguish between border firewalls
and internal firewalls?

a) What is our definition of a host? b) Why is host hardening necessary? c) What major
categories of hosts did this section mention? d) List the elements of host hardening. e) Why is it
important to replace default passwords during configuration? f) What is a security baseline, and
why is it important? g) W

Sort the log file in Figure 6-25 by source IP address. What do you conclude from the analysis?
This is not a trivial question.

Why is cyber espionage difficult to prevent?

See Full Question And Answer at solutionrank.com

Why do you think companies often fail to harden their servers adequately?

How could a business proactively embrace new technology in a secure manner?

a) Why is it important to implement security policy? b) What are the advantages of

implementing password policies? c) What are the advantages of implementing account policies?
d) What are the advantages of implementing audit policies?

(a) What special controls are required by terrorism threats? (b) Why is it necessary to prevent
piggybacking? (c) What advice would you give a company about CCTV? (d) What is
DumpsterTM diving? (e) How should trash bins be protected? (f) What can be done to reduce the
dangers of desktop PC theft and unauthori
a) What is brute-force password guessing? b) Why is it important to not simply use all lowercase
letters in passwords? c) What are complex passwords? d) Why is password length important? e)
What is a dictionary attack? f) Why are dictionary attacks faster than brute-force guessing? g)
What are hybrid dictionary

See Full Question And Answer at solutionrank.com

(a) Give two situations in which the risk of deception is high. (b) Give two situations in which
the risk of deception is low.

What is meant by system value? Explain how various systems can have a different value to the
organization.

What is meant by a DFD semantic error? Provide an example.

Draw a level 0 data flow diagram (DFD) for the video store system in Exercise F, Chapter 4.

(a) What is identity management? (b) What are the benefits of identity management? (c) What is
SSO? (d) Why is full SSO generally impossible? (e) What is reduced sign-on? (f) What is an
identity? (g) Why is providing minimum identity data an important principle?

See Full Question And Answer at solutionrank.com

a) What privileges does the super user account have? b) What is the super user account in
Windows? c) What is the super user account in UNIX? d) What is hacking root, and why is it
desirable to hackers? e) When should a Windows systems administrators use the Administrator
account? f) How does the administrato

Creating use cases when working with users is a recent development in systems analysis
practice. Why is the trend today to employ use cases in user interviews or JAD sessions?

Draw a level 0 data flow diagram (DFD) for the Picnics R Us system in Exercise H, Chapter 4.

How can you make a DFD easier to understand?

Explain the client-based architecture.

See Full Question And Answer at solutionrank.com

Consider the accompanying system, which was described in Chapter 4. Use the use cases and
process models that you created in Chapters 4 and 5 to help you answer the questions that follow.
The Campus Housing Service helps students find apartments. Owners of apartments fill in
information forms about the rental units the

What is the purpose of a request for proposal (RFP)? How does it differ from the RFI?
What is meant by creating a workaround for a software package? What are the disadvantages of
workarounds (if any)?

Define what is meant by an attribute in a data model. How should an attribute be named? What
information about an attribute should be stored in the CASE repository?

Pretend that you have been asked to build a system that tracks student involvement in activities
around campus. You have been given a file with information that needs to be imported into the
system, and the file contains the following fields: â– Student Social Security number (identifier)
â– Activity 1 code (identi

See Full Question And Answer at solutionrank.com

Draw data models for the following entities: • Movie (title, producer, length, director, genre)
• Ticket (price, adult or child, show-time, movie) • Patron (name, adult or child, age)

Value-added contracts can be quite rare-and very dramatic. They exist when a vendor is paid a
percentage of revenue generated by the new system, which reduces the up-front fee, sometimes
to zero. The landmark deal of this type was signed several years ago by the City of Chicago and
EDS (a large consulting and systems i

Think about the course registration system in your university. First, develop a set of
nonfunctional requirements as if the system were to be developed today. Consider the
operational requirements, performance requirements, security requirements, and cultural and
political requirements. Then create an architecture desi

What is the purpose of an intersection entity? How do you know whether one is needed in an
ERD?

Explain the term Virtualization.

See Full Question And Answer at solutionrank.com

Develop a hardware and software specification for the university course registration system
described in “Your Turn 8-1.”

Draw a level 0 data flow diagram (DFD) for the Of-the-Month Club system in Exercise I,
Chapter 4.

Describe the role of application service providers (ASPs) in obtaining new systems. What are
their advantages and disadvantages?

A team of developers is considering including "warehouse" as an entity in its data model. The
company for whom they are developing the system has just one warehouse location. Should
"warehouse" be included? Why or why not?
Describe the types of performance requirements and how they may influence architecture design.

See Full Question And Answer at solutionrank.com

Lithonia Lighting, located just outside of Atlanta, Georgia, is the world's largest manufacturer of
light fixtures, with more than $1 billion in annual sales. One afternoon, the power transformer at
its corporate headquarters exploded, leaving the entire office complex, including the corporate
data center, without powe

Assume that you are developing a new system for a local real estate agency. The agency wants to
keep a database of its own property listings and also wants to have access to the citywide
multiple listings service used by all real estate agents. Which design strategy would you
recommend for the construction of this syst

Develop a hardware and software specification for the global e-learning system described in
“Your Turn 8-2.”

List and describe the contents of the system specification.

Suppose that your goal is to create a set of DFDs. How would you begin an interview with a
knowledgeable user? How would you begin a JAD session?

See Full Question And Answer at solutionrank.com

Describe the assumptions that are implied from the data model shown at the top of this page.

Draw a level 0 data flow diagram (DFD) for the dentist office system in Exercise B, Chapter 4.

Create metadata entries for the following data model components and, if possible, input the
entries into a computer-aided software engineering (CASE) tool of your choosing: •
Entity—product • Attribute—product number • Attribute—product type •
Relationship—company makes many products, and any one produc

A wealthy businessman owns a large number of paintings that he loans to museums all over the
world. He is interested in setting up a system that records what he loans to whom so that he
doesn't lose track of his investments. He would like to keep information about the paintings that
he owns as well as the artists who p

Describe the types of security requirements and how they may influence architecture design.

See Full Question And Answer at solutionrank.com

What type of high-level business rule can be stated by an ERD? Give two examples.

What is a CRUD matrix? How does it relate to process models and data models?
What is meant by the term scalable? What is its importance in architecture selection?

Apply the steps of normalization to validate the models you drew in Exercise D.

Is an intersection entity dependent or independent? Explain your answer.

See Full Question And Answer at solutionrank.com

Distinguish between the two-tier, three-tier, and n-tier client-server architectures.

Explain the client-server architecture.

Draw a level 0 data flow diagram (DFD) for the health club system in Exercise G, Chapter 4.

List and describe the three primary hardware components of a system.

Describe the three-step process of creating an intersection entity.

See Full Question And Answer at solutionrank.com

You have been given a file that contains fields relating to CD information. Using the steps of
normalization, create a logical data model that represents this file in third normal form. The
fields include the following: • Musical group name • Musicians in group • Date group
was formed • Group’s agent • CD t

What circumstances favor using outsourcing to obtain the new system?

Distinguish between a traditional ASP and a provider of software as a service. What are the pros
and CMS of each solution approach?

Resolve the M:N relationship between the sale and available tune that is shown in Figure 6-14.
What kinds of information could you capture about this relationship? What would the new ERD
look like? Would the intersection entity be considered dependent or independent? Can you think
of other kinds of M:N relationships th

What are some problems associated with using packaged software? How can these problems be
minimized?

See Full Question And Answer at solutionrank.com

I've had the opportunity to develop two multilingual systems. The first was a special-purpose
decision support system to help schedule orders in paper mills called BCW-Trim. The system
was installed by several dozen paper mills in Canada and the United States, and it was designed
to work in either English or French. Al

A large direct health and insurance medical provider needed an enterprise information
management (EIM) system to enable enterprise wide information management and to support the
effective use of data for critical cross-functional decision making. In addition, the company
needed to resolve issues related to data redunda

Professional and Scientific Staff Management (PSSM) is a unique type of temporary staffing
agency. Many organizations today hire highly skilled technical employees on a short-term,
temporary basis to assist with special projects or to provide a needed technical skill. PSSM
negotiates contracts with its client companies

Create a data model for one of the processes in the end-of-chapter Exercises for Chapter 4.
Explain how you would balance the data model and process model.

Describe the three primary strategies that are available to obtain a new system.

See Full Question And Answer at solutionrank.com

West Star Marinas is a chain of 12 marinas that offer lakeside service to boaters; service and
repair of boats, motors, and marine equipment; and sales of boats, motors, and other marine
accessories. The systems development project team at West Star Marinas has been hard at work
on a project that eventually will link a

Provide three different options that are available for selecting an identifier for a student entity.
What are the pros and cons of each option?

Draw an entity relationship diagram (ERD) for the following situations: 1. Whenever new
patients are seen for the first time, they complete a patient information form that asks their name,
address, phone number, and insurance carrier, all of which are stored in the patient information
file. Patients can be signed up

Describe the types of operational requirements and how they may influence architecture design.

What is involved with systems integration? When is it necessary?

See Full Question And Answer at solutionrank.com

What is meant by customizing a software package?

Define what is meant by an entity in a data model. How should an entity be named? What
information about an entity should be stored in the CASE repository?

Draw a data model for the following entities, considering the entities as representing a system for
a patient billing system and including only the attributes that would be appropriate for this
context: • Patient (age, name, hobbies, blood type, occupation, insurance carrier, address,
phone) • Insurance carrier (na
Locate the dependent entities on Figure. Locate the identifying relationships. How did you find
them? Can you create a rule that describes the association between dependent entities and
identifyingrelationships?

Define what is meant by a relationship in a data model. How should a relationship be named?
What information about a relationship should be stored in the CASE repository?

See Full Question And Answer at solutionrank.com

Compare and contrast the server-based, client based, and client-server architectures.

Suppose that your university were interested in creating a new course registration system that
could support Web-based registration. QUESTION: What should the university consider when
determining whether to invest in a custom, packaged, or outsourced system solution?

Quinnipiac University is a four-year university in Hamden, Connecticut, with about 7400

students. The IT staff has to support academic functions- but, since the university has residence
halls, the IT staff has to be an "Internet service provider" (ISP) for students as well. The IT staff
can shape much of the academic u

Many multinational organizations provide global Web-based e-learning courses to their

employees. First, develop a set of nonfunctional requirements for such a system. Consider the
operational requirements, performance requirements, security requirements, and cultural and
political requirements. Then create an architect

What is meant by a concatenated identifier?

See Full Question And Answer at solutionrank.com

Draw the relationships that follow. Would the relationships be identifying or non identifying?
Why? • A patient must be assigned to only one doctor, and a doctor can have many patients.
• An employee has one phone extension, and a unique phone extension is assigned to an
employee. • A movie theater shows many dif

Draw a level 0 data flow diagram (DFD) for the real estate system in Exercise E, Chapter 4.

Explain the server-based architecture.

Describe the primary activities of the design phase of the SDLC.

Explain the distinction between identifying and non-identifying relationships.

See Full Question And Answer at solutionrank.com

List and describe the four primary functional components of a software application.
Locate the independent entities on Figure. How do you know which of the entities are
independent? Locate the nonidentifying relationships. How did you find them? Can you create a
rule that describes the association between independent entities and nonidentifyingrelationships?

Draw a level 0 data flow diagram (DFD) for the process of buying glasses in Exercise A, Chapter
4.

I have two very different stories regarding data models. First, when I worked with First
American Corporation, the head of Marketing kept a data model for the marketing systems
hanging on a wall in her office. I thought this was a little unusual for a highlevel executive, but
she explained to me that data was critical

What information is typically conveyed in an RFP?

See Full Question And Answer at solutionrank.com

I worked with a large financial institution in the southeast that suffered serious financial losses
several years ago. A new chief executive officer was brought in to change the strategy of the
organization to being more customer-focused. The new direction was quite innovative, and it
was determined that custom systems

Assume that you are developing a new system for a multistate chain of video stores. Each store
will run a fairly standardized set of video store processes (cataloging video inventory, customer
registration, video rentals, video returns, overdue fees, etc.). In addition, each store's system will
be networked to the corp

The Hatcher Company is in the process of developing a new inventory management system. One
of the event handling processes in that system is Receive Supplier Shipments. The
(inexperienced) systems analyst on the project has spent time in the warehouse observing this
process and developed the following list of activitie

What circumstances favor the use of packaged software?

What circumstances favor the custom design strategy?

See Full Question And Answer at solutionrank.com

Susan, president of MOTO, Inc., a human resources management firm, is reflecting on the client
management software system her organization purchased four years ago. At that time, the firm
had just gone through a major growth spurt, and the mixture of automated and manual
procedures that had been used to manage client a

A charter company owns boats that are used for charter trips to islands. The company has created
a computer system to track the boats it owns, including each boat's ID number, name, and seating
capacity. The company also tracks information about the various islands, such as their names and
populations. Every time a boa

Describe cloud computing and how it is impacting architecture choices.

What is an independent entity? What is a dependent entity? How are the two types of entities
differentiated on the data model?

Draw a level 0 data flow diagram (DFD) for the university library system in Exercise J, Chapter
4.

See Full Question And Answer at solutionrank.com

What are metadata? Why are they important to system developers?

Summarize the distinctions between the analysis phase and the design phase of the SDLC.

Examine the data models that you created for Exercise D. How would the respective models
change (if at all) on the basis of these corresponding new assumptions? • Two patients have
the same first and last names. • Researchers can be associated with more than one institution.
• The store would like to keep track o

Draw a level 0 data flow diagram (DFD) for the university system in Exercise D, Chapter 4.

At the end of 1997, Oxford Health Plans posted a $120 million loss to its books. The company's
unexpected growth was its undoing because the system, which was originally planned to support
the company's 217,000 members, had to meet the needs of a membership that exceeded 1.5
million. System users found that processing

See Full Question And Answer at solutionrank.com

Explain the distinctions between time and arrangements, fixed-price, and value-added
outsourcing contracts. What are the pros and cons of each?

The system development team at the Wilcon Company is working on developing a new customer
order entry system. In the process of designing the new system, the team has identified the
following data entity attributes: Inventory Order Order Number (identifier) Order Date Customer
Name Street Address City State Zip Custome

Describe how the data model and process model should be balanced against each other.

What is the purpose of developing an identifier for an entity?

Should the analysis phase be eliminated or reduced when we intend to use a software package
instead of custom development or outsourcing?
See Full Question And Answer at solutionrank.com

What is the purpose of normalization?

Explain the purpose and contents of interface metaphors, interface objects, interface actions,
interface icons, and interface templates.

How would you improve the form inFigure?

Compare and contrast batch processing and online processing. Describe one application that
would use batch processing and one that would use online processing.

What is the purpose of the weighted alternative matrix? Describe its typical content.

See Full Question And Answer at solutionrank.com

Describe, in terms a businessperson could understand, what are meant by the cardinality and
modality of a relationship between two entities.

Explain three important user interface design principles.

Using the Web, investigate the term, virtual desktop infrastructure (VDI). Write a short memo
explaining the concept to your boss.

What do you think are three common mistakes that novice analysts make in interface design?

Develop two use scenarios for a Web site that sells some retail products (e.g., books, music,
clothes).

See Full Question And Answer at solutionrank.com

Why are menus the most commonly used navigation control?

The system development project team at Birdie Masters golf schools has been working on
defining the architecture design for a new system. The major focus of the project is a networked
school location operations system allowing each school location to easily record and retrieve all
school location transaction data. Anot

Pretend that you have been charged with the task of redesigning the interface for the ATM at
your local bank. What type of prototyping and interface evaluation approach would you
recommend?

Police officers in San Jose, California, experienced a number of problems with a new mobile
dispatch system that included a Windows-based touch-screen computer in every patrol car.
Routine tasks were difficult to perform, and the essential call for assistance was considered
needlessly complicated. The new system, costi
Pretend that you have been charged with the task of redesigning the interface for the ATM at
your local bank. Develop an interface standard that includes metaphors, objects, actions, icons,
and a template.

See Full Question And Answer at solutionrank.com

Develop two use scenarios for the DFD in exercise E in Chapter 5.

How can you prevent mistakes?

Why is content awareness important?

Under what circumstances would you use a dropdown menu versus a tab menu?

Locate a consumer products company on the Web and read its company description (so that you
get a good understanding of the geographic locations of the company). Pretend that the company
is about to create a new application to support retail sales over the Web. Create an architecture
design that depicts the locations t

See Full Question And Answer at solutionrank.com

I was involved in the development of several decision support systems (DSS) while working as a
consultant. On one project, a future user was frustrated because he could not imagine what a DSS
looked like and how one would be used. He was a key user, but the project team had a difficult
time involving him in the project

What is the purpose of the hardware and software specification?

Draw an ISD for the DFD in Exercise I in Chapter 5.

Jerry is the project manager for a team developing a retail store management system for a chain
of sporting goods stores. Company headquarters is in Las Vegas, and the chain has 27 locations
throughout Nevada, Utah, and Arizona. Several cities have multiple stores. Stores will be linked
to one of three regional servers

Why do we prototype the user interface design?

See Full Question And Answer at solutionrank.com

What do you think are the most important security issues for a system?

Design a storyboard for Exercise I in Chapter 5.

Pretend that your mother is a real estate agent and that she has decided to automate her daily
tasks by using a laptop computer. Consider her potential hardware and software needs and create
a hardware and software specification that describes them. The specification should be
developed to help your mother buy her hard

Why are interface standards important?

Tots to Teens is a catalog retailer specializing in children's clothing. A project has been
underway to develop a new order-entry system for the company's catalog clerks. The old system
had a character-based user interface that corresponded to the system's COBOL underpinnings.
The new system will feature a graphical us

See Full Question And Answer at solutionrank.com

Ask Jeeves (www.askjeeves.com) is an Internet search engine that uses natural language.
Experiment with it and compare it with search engines that use key words.

What is an interface structure diagram (ISD), and why is it used?

When would you use electronic reports rather than paper reports, and vice versa?

One of the Fortune 500 firms with which I have worked had an 18-story office building for its
world headquarters. It devoted two full floors of this building to nothing more than storing
"current" paper reports (a separate warehouse was maintained outside the city for "archived"
reports such as tax documents). Imagine

Describe four types of navigation controls.

See Full Question And Answer at solutionrank.com

Draw an ISD for a Web site that sells some retail products (e.g., books, music, clothes).

Why is consistency in design important? Why can too much consistency cause problems?

Explain three principles in the design of inputs.

Explain the differences between object-action order and action-object order.

Design an interface template for Exercise E.

See Full Question And Answer at solutionrank.com

What are use scenarios, and why are they important?

Compare and contrast the four types of interface evaluation.

Under what conditions is heuristic evaluation justified?

Describe four devices that can be used for source data automation.
Describe five types of inputs.

See Full Question And Answer at solutionrank.com

Java Masters is an employment exchange agency that has offices in Northern California. Java
Masters operates as a broker that links its client companies with independent software experts
(commonly called contractors) with advanced Java and Web-development skills for short-term
contracts. They are developing a Web-based

The rapid development face-off was a competition between rapid application development
(RAD) teams from the leading consulting firms in the United States. The goal was to see which
team could develop a specific system in the least amount of time. Most teams used a very short
program design step and quickly began progra

Why is it important to perform an interface evaluation before the system is built?

Describe five types of input validation methods.

Pretend that you are designing the new interface for a career services system at your university
that accepts student résumés and presents them in a standard format to recruiters. Describe
how you could incorporate the basic principles of input design into your interface design.
Remember to include the use of online

See Full Question And Answer at solutionrank.com

Describe five types of messages.

What is meant by authentication? What is its role in securing transactions?

Describe the primary components of the interface standards for a Web site that sells some retail
products (metaphors, objects, actions, icons, and templates).

Are some nonfunctional requirements more important than others in influencing the architecture
design and hardware/software specification?

Develop two use scenarios for the DFD in exercise C in Chapter 5.

See Full Question And Answer at solutionrank.com

Develop the interface standards (omitting the interface template) for the DFD in exercise E in
Chapter 5.

Develop two use scenarios for the DFD in Exercise I in Chapter 5.

What is context-sensitive help? Does your word processor have context-sensitive help?
What do you think are three common mistakes that novice analysts make in developing the
architecture design and hardware/software specification?

Compare and contrast on-screen list boxes and dropdown list boxes. When would you use one
versus the other?

See Full Question And Answer at solutionrank.com

Pretend that you have been charged with the task of redesigning the interface for the ATM at
your local bank. Develop two use scenarios for it.

Pretend that you have been charged with the task of redesigning the interface for the ATM at
your local bank. Design an ISD that shows how a user would navigate among the screens.

What is a human-machine boundary?

Under what circumstances should densities be low? high?

Pretend that the admissions office in your university has a Web-based application so that
students can apply for admission online. Recently, there has been a push to admit more
international students into the university. What do you recommend that the application include to
ensure that it supports this global requireme

See Full Question And Answer at solutionrank.com

What are the key factors in designing an error message?

Describe the usefulness of the Internet's public key infrastructure (PKI).

Why is it useful to define the nonfunctional requirements in more detail even if the technical
environment requirements dictate a specific architecture?

Why is capturing data at the source important?

Compare and contrast the three types of interface design prototypes.

See Full Question And Answer at solutionrank.com

One aspect of the new system under development at Holiday Travel Vehicles will be the direct
entry of the sales invoice into the computer system by the salesperson as the purchase transaction
is being completed. In the current system, the salesperson fills out the paper form shown here.
Design and prototype an input sc

Draw an ISD for "Your Turn 9.7," using the opposite grammar order from your original design.
(If you didn't do the "Your Turn" exercise, draw two ISDs, one in each grammar order.) Which is
"best"? Why?