Stratergies to prepare for the exam?

[ldee]

I don't really like predictions, just study the entire course inside and out imo, anything in there could pop up.

Yeah good move I suppose, I especially in a subject like this.

[Yendall]

Just did the 2011 exam and got 90/100. Not too bad really.
Few questions that I got wrong:

Question 15: Nola's and Ben's computers are part of a network. Recently Nola's computer became infected with a worm. Which statement is most correct?

A.   The work will not spread to Ben's computer because it is not a useful program.
B.   The worm will spread to Ben's computer only if Nola sends an infected file to Ben as an email attachment.
C.   The worm will spread to Ben's computer only if a copy of one of Nola's infected files is opened on his computer.
D.   The worm will spread to Ben's computer by sending a copy of itself through the network and infecting one of his files.
I chose B. My reasons for that answer were that:

• A is ridiculous, we aren't even told what program it is. What defines a useful program? And what has that got to do with anything?
• C is implying that a worm can only travel is a copy is opened on another computer which is incorrect, it can travel through attachments
• I thought D was a little unrealistic. I never thought worms could send themselves? I always thought they had to attach to something that was already being sent?

b.   Provide an example of a criterion that the new PIMS must meet to pass the UAT process.

I said it must "adhere to the standards of user-friendliness, but apparently that's not a criterion, I think? Anyone have any idea on that one?

Question 16:The introduction of the new PIMS at the Bigton City Council will affect a number of stakeholders.
Outline the conflict that may occur between the Council and each of the following stakeholders.

• Parking Officers
• Motorists using parking bays

I wrote for Motorists that "The motorists may get angry for recieving unjustified parking tickets and take it out on the council for not explaining the system", however I don't think that's an acceptable answer so I didn't award myself a mark. Does a question like this have to be quite specific to the actual software solution?

[Lasercookie]

Hmm, I'm not too sure, but here are my thoughts on your responses. I'm not sure if I'm being too nitpicky though, someone else will probably need to double check with what I'm saying.

Question 15: B or D was what I was tossing up.
By D they mean that it's a standalone program, not like a virus where it has to attach itself.

I guess quoting Wikipedia: http://en.wikipedia.org/wiki/Computer_worm

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program.

I said it must "adhere to the standards of user-friendliness, but apparently that's not a criterion, I think? Anyone have any idea on that one?

My first thought is that is a bit too vague as a criterion, like what does "user-friendliness" encompass? You could word it in a way that's a bit more specific, what would you actually test for it to be user-friendly? e.g. things like is the user interface easy to understand etc.

Going by the assessor report, only 45% got this right - my guess for where people lost the mark would have been in how specific they were to the case study. The examples they gave are pretty specific ones, so that's really the main thing that leads me to assume that VCAA want to see specific answers.

Question 16
Your answer looks fine-ish to me. I think you've got the gist of it, but yeah like you said, you'd want to be specific to the actual scenario in the question. Those two points you give are valid though.

So what you're saying is that they might get fined and not know what law they broke because the council didn't communicate to them properly. I think there's an issue with that. Parking tickets did exist before the system was implemented, and motorists would have been aware of those laws. I think you haven't recognised in your answer that there has been a change made (which is the new system - there's your reference to the actual solution).

You seem to somewhat contradict with the case study only because you've been a bit vague with what an 'unjustified parking ticket' actually is. Of course all parking tickets won't be unjustified, so in that case I think it'd be better to explain why the system might give them 'unjustified' parking tickets - e.g. something that they could have gotten away with before and can't now with the new system.

I guess same as above, always try to make it specific to the case study. I think you could probably word 'take it out on the council' a bit better (seems a bit too informal), but the gist of what you're saying I believe is correct.

In fact, look at the example VCAA gave in the report:

The parking officers may resist the council's changes and be angry about the new system since they weren't warned or told why. This could result in for example, strike action or an increase in sick days.

Motorists will complain that the council is deliberately attempting to raise revenue from PIMS and that the software is unfair/unjust.

That first one for parking officers is pretty much what you said, except you said it from the point of view of the motorists. The difference is that the VCAA one is specific about how they get might get angry. Looking at the VCAA response, they went with using the word 'complain', which is what you were getting at with "take it out on the council".

There probably is a balance we have to find with how much information to give though, they don't give all that much space to write and you might end up giving too much detail and not being very concise. I usually find that there's nearly always a better way of wording the answer.

[billyjackson768]

Just did the 2011 exam and got 90/100. Not too bad really.
Few questions that I got wrong:

Question 15: Nola's and Ben's computers are part of a network. Recently Nola's computer became infected with a worm. Which statement is most correct?

A.   The work will not spread to Ben's computer because it is not a use program.
B.   The worm will spread to Ben's computer only if Nola sends an infected file to Ben as an email attachment.
C.   The worm will spread to Ben's computer only if a copy of one of Nola's infected files is opened on his computer.
D.   The worm will spread to Ben's computer by sending a copy of itself through the network and infecting one of his files.
I chose B. My reasons for that answer were that:

• A is ridiculous, we aren't even told what program it is. What defines a useful program? And what has that got to do with anything?
• C is implying that a worm can only travel is a copy is opened on another computer which is incorrect, it can travel through attachments
• I thought D was a little unrealistic. I never thought worms could send themselves? I always thought they had to attach to something that was already being sent?

b.   Provide an example of a criterion that the new PIMS must meet to pass the UAT process.

I said it must "adhere to the standards of user-friendliness, but apparently that's not a criterion, I think? Anyone have any idea on that one?

Question 16:The introduction of the new PIMS at the Bigton City Council will affect a number of stakeholders.
Outline the conflict that may occur between the Council and each of the following stakeholders.

• Parking Officers
• Motorists using parking bays

I wrote for Motorists that "The motorists may get angry for receiving unjustified parking tickets and take it out on the council for not explaining the system", however I don't think that's an acceptable answer so I didn't award myself a mark. Does a question like this have to be quite specific to the actual software solution?

That first question is quite mean. I probably would have said D but thinking about it I'm not that sure about how worms infect others. I would only pick that as A, B and C seem wrong to me. A- What on earth is a "use program" B - It can spread through means other than email attachments surely. C- A description of a trojan? D - Not positive on, but it seems about right when you think about something such as the conficker worm I think was self replicating.

A 90/100 is something to be happy with in my books, that certainly gets you right up there. But have you seen any of the exam questions or done any of the exam before? That would be my major worry, my teacher gave us all the 2011 exam at the start of the year and told us all to take a look. If I got 90/100 I would feel like it should be s 70 or 80. Though I never really saw that much... When I do it tomorrow I'll tell you how I go and give my opinion on the case study question. 

[Yendall]

Thanks for those responses guys!

[billyjackson768]

Well, I just did the 2011 exam and think I'll give myself 86/100 at worst. I may have been a little tough on myself, but then again I had already seen 1/4 of the paper and may have taken a short intermission to have dinner and then go to bed...

Questions I was a little unsure of include:

Section B Question 4
Big O Television's secure computer network was recently breached. Big O Television has hired an independent IT security company, Secure TVtech, to test the security of its network and provide support in identifying and repairing any weaknesses in its security.
a.    Suggest a technique that Secure TVtech might use to test the security of Big O Television's computer network and describe how it would work.
b.   Explain how a security audit of the computer network may have prevented the original network breach at Big O Television.

For a. would "Social Engineering" be an acceptable answer, along with a description along the lines of them trying to fool people into allowing them to physically gain entrance into the company and physically be allowed access to something such as a computer or another part of the network? The text book includes this method but neither VCAA or Mark did in their answers. Unless it just comes under the heading of penetration testing. 

For b. I'm a little unsure if my explanation is sufficient, I haven't learnt much about audits. My answer is. "A security audit would involve BigO hiring or using the closest they have to a security expert to methodically analyse their network and company to find any gaps in security." Reading other answers, I think I'm on the right track, but maybe not precise enough. I also think it may not be the best idea to suggest that someone in the company may preform the audit, unless they're some kind of expert.

Case Study Question 4:How on earth are you meant to specifically state Functional requirements and then give an example. Just state it twice, rewording it each time? Or is there a way of generally listing functional requirements? I hope we don't get any questions like this on the exam this year, they're just poorly constructed.

Case Study Question 16: I took a mark off for my first description here. Thinking about it, it might not be to bad but nevertheless I said. "In changing the way they work and amount they need to learn, the council [may] be requested to increase their pay." For motorists I said "Motorists may claim the new system is not working to escape fines issued."

Thinking about your question now Yendall, I don't think it would need to specifically refer to the software solution. However it probably would have to refer to the problems that arise between the council, parking officers and motorists in relation the the whole system. I'm sure you meant the whole system, but the software is only a part of it. If you only refer to a problem that is caused by the new system I think that would be acceptable.

On multiple choice I did rather poorly. I lost 4 marks.
Question 9: I said function, I always manage to mess this up. If I actually write myself out some clear definitions I should be fine.
Question 11: I said B which was rather silly given that I can actually recall now this question being gone through in that lecture I linked.
Question 14: My failure to understand the OSI model I suppose. I said D which is apparently TCP. I better revise my OSI and TCP/IP descriptions. Hopefully won't make this mistake again.
Question 20: This one I didn't like... I would never make a user have to scroll through a list 200 items long to find what they want. If I had to make a list of countries I would at least have multiple lists grouped by continents, heck I may even include tiny flags next to names.  Otherwise though I would probably use an auto complete function in a search bar (text box) which sounds kind of like C. Being unsure though and not originally thinking so clearly about it being every country I said B, which still could possibly be better than the list if you can zoom in to click on smaller countries.

[Yendall]

I think Social Engineering would be more to test the level of logic in the workers, wouldn't it be? It's not physically testing the network. Although you could say that the network itself isn't detecting an executable or unknown file when it enters the network stream. However, the company would've created the file themselves so it isn't actually harmful, therefore anti-viruses wouldn't pick it up. It's more-so to see how many people would open an attachment that is foreign.
A suitable test/technique I wrote was:

A penetration test would allow the company to outline any holes in their system. By doing this, they can sucessfully attack all areas of the system in order to evaluate whether the network/system is robust or not. By deliberately breaching the network via a credible hacker, it allows Big O Televisions to log and monitor any gaps in their security, leaving room for amendment and future prevention of intrusions.
For b) I wrote:

If the systems network has undergone a security audit before the attack, the vulnerability would have been noticed and fixed. Audits produce error logs and if there is any problems with the system, the logs will identify it. If this had been done, these attacks would have been avoided.
Case Study Question 4
In the question it mentioned three functional requirements: User-friendliness, Response Rates and Maintainability.
You had to mention the most critical requirement for the system.

I wrote:

Response Rates

The whole system is based around the detection of movement. If the response rates to this subtle, or obvious, movement aren't precise then the data won't be processed correctly nor accurately. The system also requires instantaneous data processing and transfer. The CDU must be able to identify and process the information correctly and fluently for this software solution to work with fluidity and effectiveness.
Question 9:I always used to stuff up questions like this throughout the year, so I sat down with my teacher and went through the difference between instructions, functions, procedures, control structures, methods etc. It's a crap question, but a fair one!
Question 11: I got that one wrong too, I got constraints and the scope wrong so i wrote them the wrong way around for Q11 and 12!
Question 14: Just remember that the physical layer has nothing to do with transfer of data of any sort. So that completely cancels out the rest of the answers besides B
Question 20: I got this one incorrect as well. I think a scrollable list is pretty crappy, but if you think about it, every forum or signup sheet uses a scrollable list! It may seem stupid in theory but most people do it. It would make sense to, because if you live in a tiny country it's hard to find on a world map even if zoom was a possibility. Some countries are tiny!
I personally would use a text box based on characters entered. Perhaps they meant an un-formatted text box, and also you have to cater for other languages! Some countries begin with, say, a 'G', but the alphabet of that country wouldn't have a 'G'. That might seem crazy but it makes sense.

[bevanweerasinghe]

man im literally screwed for SD my sac scores were 69%,67%,58% and 75% , the practice exams however seem so much easier than our sacs

[Yendall]

man im literally screwed for SD my sac scores were 69%,67%,58% and 75% , the practice exams however seem so much easier than our sacs

Really? I think they are harder. Programming is way easier than theory.

[bevanweerasinghe]

Just did the 2011 exam and got 90/100. Not too bad really.
Few questions that I got wrong:

Question 15: Nola's and Ben's computers are part of a network. Recently Nola's computer became infected with a worm. Which statement is most correct?

A.   The work will not spread to Ben's computer because it is not a useful program.
B.   The worm will spread to Ben's computer only if Nola sends an infected file to Ben as an email attachment.
C.   The worm will spread to Ben's computer only if a copy of one of Nola's infected files is opened on his computer.
D.   The worm will spread to Ben's computer by sending a copy of itself through the network and infecting one of his files.
I chose B. My reasons for that answer were that:

• A is ridiculous, we aren't even told what program it is. What defines a useful program? And what has that got to do with anything?
• C is implying that a worm can only travel is a copy is opened on another computer which is incorrect, it can travel through attachments
• I thought D was a little unrealistic. I never thought worms could send themselves? I always thought they had to attach to something that was already being sent?

b.   Provide an example of a criterion that the new PIMS must meet to pass the UAT process.

I said it must "adhere to the standards of user-friendliness, but apparently that's not a criterion, I think? Anyone have any idea on that one?

Question 16:The introduction of the new PIMS at the Bigton City Council will affect a number of stakeholders.
Outline the conflict that may occur between the Council and each of the following stakeholders.

• Parking Officers
• Motorists using parking bays

I wrote for Motorists that "The motorists may get angry for recieving unjustified parking tickets and take it out on the council for not explaining the system", however I don't think that's an acceptable answer so I didn't award myself a mark. Does a question like this have to be quite specific to the actual software solution?

i made the same mistakes ! this is why SD is so frustrating, the answers they expect of you are sometimes complete BS.

[billyjackson768]

Yeah, thinking about it. Social Engineering probably isn't the best method to suggest for testing the security of a network. For a businesses security in general maybe. But you would have to probably be very specific in how social engineering may allow them to breach the security of a network. Even then it still wouldn't be the best answer. 

My mistake with my reference to Case Study Question 4 I meant Case Study Question 3. 4 I am very happy with. 

I am going to defiantly going to need to get some very clear and precise definitions of some things sorted out though. Then the rest all comes down to reasoning through the problems and most of the time just suggesting what would make sense to anyone. My confidence for this exam is growing bit by bit, but I still have these tough few days making sure my knowledge is flawless and working through some more of those VITTA exams and Huss's questions.

[billyjackson768]

i made the same mistakes ! this is why SD is so frustrating, the answers they expect of you are sometimes complete BS.

There's always going to be some BS and ambiguity on exams from time to time. Take comfort in knowing that with many of these questions others are in the exact same boat as you. That worm one could have been a little nicer, but to me seems reasonable enough. Some others aren't so great, but just try to get inside the examiners brains and answer what you think they are intending to be correct, or answer the most reasonable answer.

[Yendall]

Social Engineering isn't actually testing anything physical.
"the art of manipulating people into performing actions or divulging confidential information."
So it's not actually hacking because nothing is, theoretically, being broken.

For example:
Sending a form to employees asking to fill out all of their credit card details, birth dates, pin numbers and security details. This form is from an 'anonymous' sender with a phony email address like "[email protected]". The sender would be the boss of the company, who will receive the e-mail with all the information. Technically, he hasn't breached any security, he has simply sent a text/html e-mail to the coworkers in an attempt to manipulate them into sending them confidential information.

This would be a form of user testing, i believe.
At first i had trouble with Question 3, but this is what I ended up doing:

Functional Requirement 1: Register Car Arrivals
Example: The Road Side Data Logger should be able to detect and register car arrivals and store it in a temporary data structure.

Functional Requirement 2: Transfer ticket data for fines to the central database/server
Example: The Parking Infringement Monitoring System should be able to process ticket information and transfer it to the central database structure. It would do this by collecting the information and sending it across the cabled internet line directly to the centralised server.
I hated that question, but Functional Requirements aren't generalised like Non-Functional Requirements. So you pretty much explain the example in the actual requirement itself. It was a shit question, but I think that's how you answer it.

Yeah i'm feeling a little more confident, but i'm not sure how i'll go with unseen material!

[billyjackson768]

Yeah i'm feeling a little more confident, but i'm not sure how i'll go with unseen material!

Yeah, with all the teachers and some of last years IT people on here helping us to deal with problems that have cropped up in the past it only makes sense that you do fairly well with all the old material. Last year was the first year of the study design too so they generally have an easy first exam to test the waters with. This year if the exam writers get creative we could be in for a little fun.  So we've just got to be more prepared than the rest of the state and be ready to take down whatever's thrown at us. 

[Yendall]

Yeah i'm feeling a little more confident, but i'm not sure how i'll go with unseen material!

Yeah, with all the teachers and some of last years IT people on here helping us to deal with problems that have cropped up in the past it only makes sense that you do fairly well with all the old material. Last year was the first year of the study design too so they generally have an easy first exam to test the waters with. This year if the exam writers get creative we could be in for a little fun.  So we've just got to be more prepared than the rest of the state and be ready to take down whatever's thrown at us. 

I'm actually hoping it will be more technical! I like your attitude, let's smash the exam! although i don't want to jinx us...