Semester Two 2017

Examination Period

Faculty of Information Technology

EXAM CODES: ENG1003 / MCD4290

TITLE OF PAPER: Engineering Mobile Apps

Sample Exam 1 Sample Answers
Question 1: NMH web app

a)
Some reasons the design might be less than ideal:
1) You can only scroll by dragging on the right side of the screen. This isn’t consistent
with the behaviour of other apps.
2) There is no mention of navigation, i.e., selecting and viewing different publications.
People don’t generally read entire publications
3) If the app just presents a minimalist interface with a long scroll, are people going to
know how to interact with is.

Corresponding suggestions for improvement:

1) Like other apps, this app should be updated to allow scrolling on any part of the
screen.
2) Adding a navigation hierarchy -- list of publications where articles can be selected
and viewed
3) Make the interaction/navigation more obvious. Provide affordances.

b)
● Wireframes are rough sketches of the applications user interface, often hand-drawn.
They allow the software development team to develop a visual prototype of the
system that can be discussed with the client (Sonja). They show the main interface
elements.
● Seeing wireframes at this stage of the project allows interface issues to be detected
before the interface is implemented and therefore before the point where interface
changes would require code to be rewritten. Thereby saving effort.

c)
● In order to sync information between devices the web apps would have to have an
accompanying web service which acted as cloud storage.
● A web app can communicate with the web service via AJAX. This involves including
a script tag with the web service URL, specifying a callback function (JSONP). The
response will be passed as an argument to the callback function.

d)
● A web app can store data locally via Local Storage. Local Storage is a key-value
store of string values provided through the browser.
● The limitations of local storage are that
○ there is a limit on the data that can be stored per site (of around 5MB),
○ the information is stored in Local Storage so not available between browsers
or devices, and
○ Local Storage can only store text.
Question 1: NMH web app (continued…)

e)
This user ended up with repeated subscriptions. They likely hit a button multiple times and
after some delay each of these clicked resulted in a subscription.

Either of the following principles are appropriate:

● Offer informative feedback — Let the user know their button press action was
successful, even if the full effect doesn’t happen immediately. We should show that
button press worked, i.e., show something while performing the slow part of the
operation.
● Prevent errors — The user interface should prevent errors from occurring, where
possible.
Some suggestions for improvement:
● This can be corrected by having a popup appear (or something similar) which says
“subscription added” so that they are aware the change has occurred
● The add subscription button could be greyed out and disabled after the first
subscription and this would prevent the user from being able to have more than one
subscription to the same thing or the software could just check additional presses of
the subscribe button after the first and not treat them as additional subscriptions.
Question 2: Grandparents’ first computer

a)
Some differences between an SSD and spinning hard disks are:
● A spinning hard disk has a platter and magnetic read/write head on arm. SSD are
just flash memory chips and have no moving parts.
● SSDs are much faster than hard disks.
● Hard disks are available in much larger capacities than SSDs
● Hard disks are cheaper than equivalent sized SSDs
● There are other differences we don’t cover in ENG1003. Like SSD’s writing a whole
block at once, and having a limited number of writes.

b)
This password is susceptible to any of the following attacks:
● Dictionary attacks -- common words are tried as possible passwords. This is because
mittens is a dictionary word.
● Brute force attacks -- trying every possible combination of passwords. This is
because the password is short.
● Social Engineering attack -- person finds out password through discussion, e.g.,
asking the name of their pet, e.g., by looking at their social media profile.

A way to mitigate different attacks:

● DIctionary attacks: Don’t use dictionary words or simple substitutions as the basis for
a password. Instead use a mix of symbols, numbers, uppercase and lowercase
letters.
● Brute force attacks: Use a long password. Ideally greater than 10 characters long.
● Social engineering attack: Don’t base password on a piece of information that can be
guessed or researched about you.

c)
● There are several issues with this. If any of the other sites are compromised, all of
your other accounts are at risk. This applies particularly if the site stores them as
plain text, although even if the site stores hashes there is a risk (from rainbow
tables). Not all sites are reliable, some sites may sell your information and this may
include your credentials


d)
● Hashing involves a one-way function that generates a string from a password. Small
differences to the password result in big changes to the hash. Given a particular input
string the same hash will always be produced.
● A hash can be transmitted, stored and compared in place of a password. Unlike a
password, if an attacker gets your account name and hash they can’t use this to log
in as you to other accounts that use the same credentials.
● No hashing does not make password reuse safe. If an attacker get access to your
(unsalted) hash then they may still be able to discover your original password using a
rainbow table (a precomputed table of passwords and corresponding hashes) and
then if you use the same password, login as you to various sites.
e)
● Two factor authentication is a method of validating that someone is who they say
they are. It requires that the user has two things; something they have with them and
something they know.
● In this case, it may correspond to a password (known) and a phone (held), or a PIN
(known) and a code generating device (held). This makes it far more difficult to
attempt to login as another person as there are two things the hacker must obtain.
Question 3: HR and remuneration system

a)
● Git is a version control (configuration management) system that stores the part
versions of all source code files in a software project. It can show differences
between versions or restore the code files to a previous version.
● This could be solved by accessing a previous working version of the system and
using that until the change can be safely joined to the live version or Git can also
show the code differences between the prior working and now broken version of the
code which would be helpful to identify which parts of the code likely contain the
bug(s) causing the problems.

b)
● Regression testing is a process where developers re-test the much of the system
after a change, by testing to see if working parts of the code are still working, i.e., are
free of regressions. Typically these regression tests are unit tests that are known to
work in the prior version.
● In this way, we can ensure that new changes (such as Bruce’s changes) do not
break pre-existing code since these errors would be picked up by one or more of the
regression tests.

c)
Example bugs:
● numHrs is negative (this would increase the amount of leave they have left)
● numHrs is NaN (balance could become NaN, losing the balance)
● numHrs is unfeasibly large (ex. 10000 hours)
● staffId doesn’t correspond to an existing staff member or is NaN (unclear what would
occur here, modify wrong record, cause data corruption?)

d)
● All other things being equal, the O(logN) logarithmic one is preferable.
● Time complexity represents how the time taken to run the algorithm grows as the
size of the input grows. The O(logN) curve is less steep than O(N).

e)
● The function should include header documentation so that anyone writing code that
uses the function knows how to appropriately use the function.
● The header documentation could specify
○ author of code, copyright.
○ the expected type and range of parameters
○ the effect(s) of the function
○ types or explanation of return value
○ any known problems with the function

Question 4: Courier service

a)
● In a Waterfall methodology, each phases of the software development process
(Requirements, Design, Implementation, Verification) are conducted in order,
completing one before moving on to the next.
● Waterfall is not likely to work well here since the requirements are not completely
clear. Waterfall needs requirements to be clear at the project outset, since they are
needed for subsequent stages of the Waterfall methodology. In Waterfall, you can
not generally revise requirements later on

b)
● In an Agile methodology, the phases of the software development process are
conducted in iterations (Requirements, Design, Implementation, Verification,
Evaluation/Prioritisation, repeat) for smaller sections of the software. There is a
focus on having an early working version of the software early, and the client is
involved in directing the development focus.
● Agile is likely to have issues here because of the lack of interest/time of the client.
Clients need to be willing to provide regular feedback to the process in order to do
successive iterations in an Agile methodology.

c)
● Software tests are based on requirements. At the end of the project, you need to be
able to confirm that the system does what was required by the client.
● Each test cases should have a corresponding requirement, otherwise we haven’t
captured all the requirements. Every requirement should be tested, otherwise we
can’t know that requirements are satisfied.

d)
An example user story fitting this might be:
As a user, I want my package to have GPS tracking enabled so that I know whether
my package is still on the way
This user story is negotiable as the rationale makes clear that what the user cares about is
knowing if their package is making progress. This could equally be replaced with a barcode
and anytime the package is seen at a main location it’s location can be updated on the site

e)
A PMP (Project Management Plan) is designed to be given to new team members to give
them information about how to begin working efficiently as part of the team.

f)
Some things commonly contained in a PMP are how the team communicate (eg. intended
methods, expected response time and purpose), how the team shares work (eg. repository
location, what goes there), how the team deals with conflicts, etc)