FACULTY OF SCIENCE
ACADEMY OF COMPUTER SCIENCE AND SOFTWARE ENGINEERING
MODULE
IFM03B3 & IFM3B10
INFORMATICS 3B:
ADVANCED SOFTWARE ENGINEERING
CAMPUS
APK
EXAMINATION (MAIN)
NOVEMBER 2020
2020-11-09
DATE
DOWNLOAD/READING
WRITING TIME
PREPARATION/UPLOAD
ASSESSORS
PROF W.S. LEUNG
DR F.F. BLAUW
EXTERNAL MODERATOR
PROF A. VAN DER MERWE
(UNIVERSITY OF PRETORIA)
DURATION
DOWNLOAD TIME
WRITING
UPLOAD TIME
10 minutes
3 Hours
50 minutes
MARKS
INSTRUCTIONS
08:30–08:40
08:40–11:40
11:40–12:30
150
Length of this question paper (including this cover page): 8 (eight) pages.
ALL Questions (Questions 1-9) must be answered.
This test must be completed by yourself within the prescribed time limit.
Submissions must be successfully made to Eve by 12:30 (South African Standard Time)
on the day.
You may NOT copy and paste answers from any source. All answers must be written by
yourself during this assessment.
You are bound by all university regulations. Please take special note of those regarding
assessment, plagiarism, and ethical conduct.
You must complete and submit the Honesty Declaration document to EVE. Submissions
without an accompanying declaration will NOT be marked.
Further instructions are provided on page 2 of this question paper.
No communication concerning this assessment is permissible during the assessment
session except with your lecturers.
It is recommended that you provide a minimum of ONE fact for each mark a
question is out of. Take note of what each question is out of.
INFORMATICS 3B 2020 – EXAMINATION (NOVEMBER)
Hello,
Welcome to your Exam.
Please read and follow the instructions below:
Complete your Exam Honesty Declaration and upload it.
This is an application question paper with questions for a VERY specific case
study created JUST for this exam. Do not seek answers on the Internet.
Provide the following information at the front of your script:
• Your Student Number AND ID Number / Passport
• Your Surname, Initials (optional)
Need help clarifying a question? DM wsleung or FransBlauw on the
Informatics Inn Discord server.
Do NOT communicate with anyone else during the duration of the exam. This
will be regarded as a violation of the University’s assessment regulations.
ANY PART of your submission is
HANDWRITTEN
Your submission is COMPLETELY
TYPED OUT
Upload to the Exam Handwritten slot
Upload to the Exam Typed slot
• Number each page (e.g. 1 / 6) where
you indicate the current page number,
and the total pages it represents
• Take clear images of each of your
handwritten pages
• Order your images according to the
questions that are asked
• Combine the images in a single file
(preferably a SINGLE PDF)
• Check your file to ensure that:
• All your pages are in the file
• Each page is clear
• Upload to Eve (Exam Handwritten)
• Check your upload
• Start each question on a brand new
page.
• Order your answers according to the
questions that are asked.
• Upload to Eve (Exam Typed)
• Check your upload
OUR
T Y.
E
R
V
I
FA
NT
E
A
R
S
I
ELVE IN THE
S
R
OU IONS
Y
DO UEST
Q
AR,
E
E
L
H
NC
DT
U
A
E
S
I
R
IF IT
ASK
2 of 8
INFORMATICS 3B 2020 – EXAMINATION (NOVEMBER)
Please note that the case study below is FICTIONAL. It is NOT a true reflection of the application on which the
case study is based. Please do your own research to make responsible, informed decisions in the real world.
To: consultant@protondevs.co.za
From: ministry@4IRHealth.gov.za
Subject: External Input into Project COVIDify South Africa
Hello,
Thank you once again for agreeing to assist the Department
of Fourth Industrial Revolution Health (4IRHealth) with
this time-sensitive project. As briefly discussed during my
partner’s concert performance last night, the South African
government views the release of the COVIDidfy South Africa
application as being instrumental in the fight against the
spread of COVID-19 in the country. 4IRHealth is therefore
concerned that HealthSurance, the medical aid company tasked
with developing COVIDify has missed the agreed-upon deadline,
followed by two further subsequent extensions. HealthSurance
claims that the issue lies with the 4IRHealth representatives
who are liaising with them.
Regardless of who is at fault, the health of the country is
at stake. We need COVIDify out there and operational. Your
job is to act as an independent consultant who can assess the
current state of the project, and guide the people behind
it to deliver the app and get it running on as many South
African phones as possible.
Yours in Technology and Health
Dr E. Lonmas
th Africa
Minister: Fourth Industrial Revolution
V IDify Sou Health
tion to
MO : CO
cing” applica
H!
Internal ME
ra
IG
T
H
ct
:
e
ta
c
n
n
o
to
C
Importa
me form of “
n is developed
o
so
ti
g
ca
n
li
si
p
u
p
n
a
n
ee
benefit if a
someone
ntries have b
also stand to
contact with
dif ferent cou
n
s)
ca
w
o
ay
a
h
d
ic
f
4
o
fr
1
A
es
st
ri
sus is the la
ve that South
e success sto
edical consen
-19, we belie
Following th
m
e
ID
h
V
(t
O
t
n
C
f
ce
o
read
e been in re
combat the sp
ould they hav
sh
s
n
a
ic
fr
A
g:
9.
notify South
re this
o the followin
for COV ID -1
d
ve
ld
ti
u
si
o
o
p
ange and sto
sh
)
s
ch
”
st
fy
ex
ti
,
o
n
n
o
“
who te
ti
d
ra
n
u
certain d
COV ID” a
ch other for a
manteau of “
ea
rt
o
to
p
y
(a
it
y
if
im
x
ro
V ID -19
COV ID
are in close p
ntracted CO
rs
co
se
e
u
In a nutshell,
av
p
p
h
a
ey
d
th
fication
o registere
the app that
receive a noti
n
l
o
il
w
te
a
p
p
ic
• W hen tw
a
d
r
in
ei
ation
them to
stored on th
contact inform tive for COV ID -19, allow
ntact details
co
s
r’
se
u
si
ve
o
ti
tests p
ID -19 posi
• If a user
er is
ave the COV
h
o
h
w
rs
essful tender
se
cc
u
su
p
e
p
h
a
T
ll
A
y.
•
to launch
of COV IDif
to get tested
ss conference
development
re
e
p
adv ising them
th
a
r
st
fo
o
h
er
l
d
il
Lonmas w
anies to ten
this year.
inister Dr E.
nolog y comp
M
ch
e
te
er
l
h
id-November
ra
w
m
ve
0
y
2
se
b
0
g
2
rs
in
st
se
it
u
u
v
g
n
u
in
We will be
out on 31 A
of 5.5 millio
ready for roll
odest uptake
p
m
p
a
a
e
ch
th
a
e
re
l
av
to h
at we wil
anticipate th
the app. We
3 of 8
INFORMATICS 3B 2020 – EXAMINATION (NOVEMBER)
Question 1: Quality Concepts
[15]
Your first (virtual) meeting with HealthSurance development team leader Donald, and 4IRHealth representative
Joe does not take long to descend into a screaming match with the two talking over each other.
Donald:
COVIDify was completed on time. Mostly. We handed it over midSeptember but Judging Joe here kept nitpick-
Joe:
It was far from “completed”. Even now, COVIDify is absolute garbage.
You have NO clue what developing quality software entails.
Consider the user “sign-up” process in which the app is installed and the user indicates their consent
while granting permissions (such as access to Bluetooth and the phone’s storage) to the app. What must
COVIDify do (or how should it behave) during this aforementioned process for it to be considered
“quality software”? Discuss in terms of the following five “quality in use” characteristics as defined by
the ISO 25010 model:
1.1. Effectiveness
(3)
1.2. Efficiency
(3)
1.3. Satisfaction
(3)
1.4. Freedom from risk
(3)
1.5. Context coverage
(3)
Question 2: Conducting Technical Reviews
[10]
To get a sense of how Donald’s development team performs, you ask for any metrics that they may collect in
measuring their work outputs. It takes a lot of coaxing but Donald eventually provides you with technical review
reports from his last five projects. You decide to focus on the HealthSurance team’s design work products.
Technical Review: Contact Exchange Design
Reviewer: Nosipho (Preparation time: 2 hours)
In Attendance: Donald (team lead), Thabang, Gail, Arno, Mbulelo, John, Nosipho
Date of Review: 21 May 2020, 13:00–13:30 (30 minutes)
Findings: A 20-page design document with 14 UML diagrams was reviewed. A total
of 22 minor errors and 5 major errors uncovered by Nosipho were discussed. It
was concluded that there were really only 3 minor errors. The design document
is accepted provisionally and no further reviews will be required on condition
that Donald will oversee the correction of the minor errors.
You observe that Donald always gives the task of preparing for the technical review to the newest member of the
team. Donald explains that this is how he gets the newcomer to learn and grow into their role. Nosipho is a new
hire at HealthSurance and this is her first time working on a project. You also notice that the average error density
of design work products of the last five projects is 2.06 per UML diagram.
2.1. What is the error density of the Contact Exchange Design that was agreed upon
during the actual technical review meeting? Show your full calculations.
2.2. Discuss the above technical review. Your commentary should cover:
a) Its conformance to technical review guidelines.
b) The performance of the team on the design work product, in comparison to
previous projects.
c) Nosipho’s prepared review (how she carried it out and her results).
4 of 8
(2)
(8)
INFORMATICS 3B 2020 – EXAMINATION (NOVEMBER)
Question 3: Software Quality Assurance
[15]
Joe has been examining the data generated by the small group of closed beta testers comprising several 4IRHealth
and HealthSurance employees and is concerned that almost everyone (98%) is getting notifications that they have
been in contact with someone who has now tested positive for COVID-19. On closer inspection, only 27% of testers
should realistically have been alerted.
One of the customer requirements is that COVIDify must accurately maintain data and ensure that
only the relevant individuals who have been in contact with a user reporting that they have tested
positive in the last 14 days should receive a notification. You decide that Six Sigma would be an
appropriate strategy to guiding the HealthSurance team in ironing out this issue.
(6)
3.1. Identify and describe two different processes and their “outputs” in COVIDify that
you would measure to determine current quality performance (and to collect defect
metrics) in relation to the above notification feature.
3.2. Choosing one of the two different processes that likely is the cause of the error,
(3)
describe how you would analyse the defect metrics to determine the cause(s).
3.3. Propose how you would improve the process to eliminate the root cause of the defect.
(3)
3.4. Describe how you would ensure that future work does not reintroduce the cause(s) of
(3)
the defect.
Question 4: Software Testing
[40]
Donald’s team is currently working on testing the Contact Notification unit. Given how it serves the core
functionality of the app, both parties agree that this is one component that MUST be tested extensively. The
following algorithm has been provided (each line of code is numbered for your convenience):
1. COVIDFlag ← Check app input
2. If COVIDFlag = True Then
3. Contact ← fetch next on Stored Contact List
4. While Contact != Null
5. If ContactTime <= 14 days Then
6. Send Alert to Contact
7. Contact ← fetch next on Stored Contact List
8. EndWhile
9. Else
10.Thank user for checking in
11.EndIf
12.Show COVID-19 social distancing reminder
4.1. Using basis path testing, demonstrate how Donald may derive adequate test cases for
conducting white-box testing of the above unit. Your answer (which should show your
FULL working out) should include:
a)
Establishing the number of independent paths present. Note that marks will ONLY
be awarded for ONE method of establishing the number of independent paths. Be sure to
SHOW which lines are being referenced in your working out. e.g. if you are counting the
number of times a line of code comprises only one word, you would mention that there are
3, being lines 8, 9, and 11.
b)
Defining the set of independent paths. Hint: not ALL numbered lines of code will
feature as part of your independent paths.
5 of 8
(10)
INFORMATICS 3B 2020 – EXAMINATION (NOVEMBER)
Question 4: Software Testing (Continued)
4.2. Describe how black-box testing will complement the white-box testing done on the
Contact Notification unit. Your discussion should reference the three black-box testing
techniques used during component level software testing.
4.3. Donald is opting for a depth-first, top-down integration approach for COVIDify. With
specific reference to COVIDify, explain to Joe what this entails. Why is the approach
suitable for the current circumstances? (Hint: consider the current frosty relationship between
Joe and Donald).
4.4. Joe has indicated that the South African government wishes for COVIDify to be made
available in all eleven official languages. It is currently available in...English (which
requires extensive editing). Discuss a resource-effective option that may achieve this.
4.5. At present, only an Android native app is available for deployment, with an Apple
version planned once the Android one is released to the public. Would developing a
hybrid app have been a better choice?
(10)
(7)
(5)
(8)
Construct a Weighted Device Platform Matrix (WDPM), basing this on how 97% of
all South Africans have a smart phone and that Android and Apple represent 82%
and 13% of the market share respectively, to justify your answer. Simply constructing the
WDPM is not enough – provide an interpretation of what the WDPM suggests before answering
the above question.
Question 5: Software Metrics and Analytics
[5]
A review of the COIVDify app shows that the final solution comprises 64 pages, most of which are static,
containing educational and awareness content concerning COVID-19 (wash your hands, practise social
distancing!). Only 5 pages are dynamic, generated based on what the end-user has input.
5.1. What is the customisation index for COVIDify?
5.2. Describe how typing effort could be measured as an interface metric on the COVIDify
app.
Question 6: Project Management and Creating Viable Software Plans
(2)
(3)
[10]
Donald has not been engaging in any project management at all. In fact, his original assessment that COVIDify
would take his team a month seems to have been a wildly random guess at best.
(6)
6.1. A count of the lines of code behind COVIDify reveals that there is an estimated 5700
lines of code. By considering HealthSurance’s experience on similar projects, the
organisation’s average productivity is about 560 lines of code per person month. The
burdened labour rate is estimated to be R65 000 a month. Calculate (show your full
working out – 2 marks for each calculation):
a) The estimated person months (round off to nearest person-month).
b) The cost per line of code (round off to nearest whole number).
c) (Using b), the estimated project cost (round off to nearest 1000).
(4)
6.2. With less than one week remaining before COVIDify must be released, is it advised
that Donald requests additional developers to join the COVIDify project to get things
done? Motivate your answer. Provide brief guidelines on what Donald should do.
6 of 8
INFORMATICS 3B 2020 – EXAMINATION (NOVEMBER)
Question 7: Risk Management
[20]
(6)
7.1. Risks are seen to fall into one of the following generic subcategories: product size,
business impact, stakeholder characteristics, process definition, development
environment, technology to be built, and staff size and experience. Selecting two of
the subcategories, identify and briefly describe a potential risk relating to COVIDify
that are relevant to the subcategory selected.
Hint: your answer should be in the format: {subcategory}: description of risk. There should be a
total of two risk descriptions (one for each of the two subcategories you have selected).
7.2. For each risk identified in 7.1, assign a risk probability (as a percentage), and describe
the perceived risk impact (in rand value) to calculate a risk exposure for each. Provide
motivations for each of the values you assign.
7.3. Focusing on ONE of the risks you have identified and provided a motivation for in
7.1 and 7.2 respectively, describe the mitigation, monitoring and management plan for
that ONE risk.
Question 8: About a POPI(A)
(6)
(8)
[20]
Out of the blue, Joe sends you and Donald a meeting request, citing an urgent matter needing to be resolved with
immediate effect. He certainly does not waste his time, accusing Donald of dishonest dealings before everyone even
has a chance to say “hello”.
Joe:
Perhaps Donald can explain why he is deliberately getting the South
African government to pay more for services than is necessary?
Donald:
What do you mean?
Joe:
Don’t think I am clueless. I checked and you are currently hosting
COVIDify on Microsoft Azure servers located in South Africa.
Donald:
I do not deny that. Choosing South African servers is best.
Joe:
Best for whom? Hosting on a East US region server would be about 300
less US dollars that the South African government would have to pay
per month. Why are you being anti-American?
Donald:
Me? No! I love Amer-
Joe:
And that’s not all. I had someone audit COVIDify’s code. Why are you
sending all user data to a HealthSurance server?
Donald:
That’s an experimental feature we are working on. We are hoping to
leverage Artificial Intelligence to extract trends that may advise
all relevant stakeholders on how best to address the next COVID-19
wave that’s coming.
8.1. From a legal perspective, is Joe correct that Donald’s choice of Microsoft Azure
region is costing the South African public purse more than is necessary? Motivate
by discussing the legal rationale for choosing Microsoft Azure services hosted in the
South African region, as opposed to one in the United States of America.
8.2. What compromise would you suggest in response to the deadlock above? Motivate
your answer.
8.3. Comment on the legality of Donald’s Artificial Intelligence-inspired initiative. What
must be done to address the concerns adequately (in a legal manner)?
7 of 8
(8)
(4)
(8)
INFORMATICS 3B 2020 – EXAMINATION (NOVEMBER)
Question 9: A Strategy for Software Support
[15]
Minister Dr E. Lonmas reaches out to you. He wants you to investigate whether your software development
company will be able to take over the rollout of COVIDify from HealthSurance.
9.1. The Minister’s request would effectively require you and your company to take on the
maintenance duties of COVIDify. Compare the approaches of reverse engineering and
refactoring (6). Explain which of the two approaches would appear better-suited should
you need to take over from HealthSurance (2).
9.2. Another aspect to consider is whether the costs involved will still be beneficial to your
client (The Department of 4IRHealth). Use the following information to motivate your
answer, showing your FULL working out:
• Current COVIDify:
• Current maintenance costs for COVIDify is anticipated to be R300 000 a year.
• The annual operating cost of COVIDify is a fixed R302 400.
• The business value linked to running COVIDify is difficult to quantify for
obvious reasons. For the purpose of the exercise, use 1 million rand.
• Re-engineered COVIDify:
• Maintenance costs will be halved.
• Annual operating costs will now be R133 900 a year.
• Predictions suggest that there will be a 25% increase to the existing business
value after re-engineering efforts.
• Your company charges R275 000 for a project of COVIDify’s size.
• It will take your company 2 months to re-engineer COVIDify.
• The risk factor for re-engineering COVIDify is 1.0 (your current involvement
ensures nominal risk).
• It is anticipated that COVIDify will continue to be of use for another 1.5 years.
YOU HAVE REACHED THE END OF THIS QUESTION PAPER
CHECK TO ENSURE YOU HAVE:
• Answered all questions
• Labelled each Question Correctly
8 of 8
(8)
(7)