Question No: 117 Where "While" loop is more preferable than "For" loop and vice versa?

The golden rule in iteration: everything done with a for loop can be done with a while loop, BUT not all while loops can be implemented with a for loop. for-loops are just a short-cut way for writing a while loop, while an initialization statement, control statement (when to stop), and a iteration statement (what to do with the controlling factor after each iteration).




If you knew how many times you needed to loop then use a for loop. If you want to loop until a certain condition was met then use a while loop
( zubair,vuzs,feb11)



What are the different types of viruses?

Types of Viruses
Although viruses are of many types, however broad categories have been identified in accordance with the damage they cause. Some of these categories have been stated below
• Boot Sector Viruses
• Overwriting viruses
• Dropper
• Trojans
Boot sector Virus
The boot sector is part of computer which helps it to start up. If the boot sector is infected, the virus can be transferred to the operating system and application software.
Overwriting Viruses
As the name implies, it overwrites every program/software/file it infects with itself. Hence the infected file no longer functions.
Dropper
A dropper is a program not a virus. It installs a virus on the PC while performing another function.
Trojan horse
A Trojan horse is a malicious program that is disguised as or embedded within legitimate software. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed. Examples are
Logic bomb – Trojan horses are triggered on certain event, e.g. when disc clean up reaches a certain level of percentage
Time bomb – Trojan horse is triggered on a certain date. Possible perpetrators include:

Question No: 118 ( Marks: 1 ) What indicates the symbol Arrow in the flow charts?
Answer: Arrow in a flow chart shows the direction of flow of procedure or system.

Question No: 119 ( Marks: 1 )
Define Unfreezing class of Change.
Answer: In this phase of change management, a situation for next phase is prepared by disconfirming existent attitudes and behaviors.

Question No: 120 ( Marks: 2 )
What are the physical threats to the information systems?
Answer: This refers to the damage caused to the physical infrastructure of the information systems. Examples are natural disasters (Fire, earth quake, flood), pollution, energy variations and physical Intrusion.

Question No: 121 ( Marks: 2 )
What is cryptography?
Answer: In literal terms, cryptography means science of coded writing. It is a security safeguard to render information unintelligible if unauthorized individuals intercept the transmission. When the information is to be used, it can be decoded. “The conversion of data into a secret code for the secure transmission over a public network is called cryptography.”

Question No: 122 ( Marks: 3 ) What is off-page connector?
Answer: If the flowchart becomes complex, it is better to use connector symbols to reduce the number of flow lines. Off-Page Connector is used to connect remote flowchart portion on different pages.

.
Question No: 123 ( Marks: 3 )What is access control? Give example
Answer: These controls establish the interface between the would-be user of the computer system and the computer itself. These controls monitor the initial handshaking procedure of the user with the operating system.

For example when a customer enters the card and the pin code in an automatic teller machine (ATM), the access controls are exercised by the system to block unwanted or illegitimate access.

Question No:124 ( Marks: 3 ) List the Supply Chain Flows.

Question No: 125 ( Marks: 5 )
How the scanners are used as the technical control against the spread of viruses?

Scanners
They scan the operating system and application software for any virus based on the viruses definitions they contain. Every virus has a different bit pattern. These unique bit patterns act as an identity for the virus and are called signatures. These signatures are available in virus definitions. Every scanner contains in it certain virus definitions which in fact are signatures (bit patterns) for various kinds of virus.

The scanner checks or scans the operating system and other application software installed on the hard drives. While scanning, it checks the bit patterns in all software against the bit patterns contained in the virus definitions of the scanner. If they found similar, they are labeled as virus.

Question No: 126( Marks: 5 )
Can you classify E-Commerce into different classes? Identify any five.

E-Commerce models can be classified as
Business to Business (B2B)
Business to Consumer (B2C)
Consumer to Consumer (C2C)
Business to Employee (B2E)
E-Government

Question No: 127 ( Marks: 10 )
What do you understand by Intruder? Classify and discuss intruders according to way they operate.

In physical intrusion, the intruder physically could enter an organization to steal information system assets or carry out sabotage. For example the Intruder might try to remove hard disks. In case of logical intrusion, the intruder might be trying to have an unauthorized access to the system. The purpose could be damaging or stealing data, installation of bug or wire tapping -- Spying on communication within the organization.

A person making an intrusion is generally termed as intruder. However, he can be classified according to the way he operates.
Possible perpetrators include:

• Hackers
• Hacktivists
• Crackers
Hackers
A hacker is a person who attempts to invade the privacy of the system. In fact he attempts to gain un authorized entry to a computer system by circumventing the system’s access controls. Hackers are normally skilled programmers, and have been known to crack system passwords, with quite an ease. Initially hackers used to aim at simply copying the desired information from the system. But now the trend has been to corrupt the desired information.

Hacktivsts
This refers to individuals using their skills to forward a political agenda, possibly breaking the law in the process, but justifying their actions for political reasons.

Crackers
There are hackers who are more malicious in nature whose primary purpose or intent is to commit a crime through their actions for some level of personal gain or satisfaction. The terms hack and crack are often used interchangeably.

Question No: 128 ( Marks: 10 )
Identify and define different levels of likelihood determination.

Likelihood level
High
The threat source is highly motivated and sufficiently capable and controls to prevent the Vulnerability from being exercised are ineffective.

Medium
The threat source is motivated and capable but controls are in place that may impede the successful exercise of the vulnerability

Low
The threat source lacks motivation or capability or controls are in place to prevent or at least significantly impede the vulnerability from being exercised


Question No: 129 ( Marks: 5 )
Discuss Intrusion detection Systems and also explain its components ?

Intrusion Detection Systems (IDS)
Another element to securing networks is an intrusion detection system (IDS). IDS is used in complement to firewalls. An IDS works in conjunction with routers and firewalls by monitoring network usage anomalies. It protects a company’s information systems resources from external as well as internal misuse.

Components of an ID
IDS comprise of following components:
Sensors
These are responsible for collecting data. The data can be in the form of network
packets, log files, system call, traces, etc.
Analyzers that receive input from sensors and determine intrusive activity
An administrative console – it contains intrusion definitions applied by the analyzers.
A user interface


Question No: 130 ( Marks: 5 )
Identify the objective and scope of security?
The concept of security applies to all information. Security relates to the protection of valuable assets against loss, disclosure, or damage. Valuable assets are the data or information recorded, processed, stored, shared, transmitted, or retrieved from an electronic medium. The data or information must be protected against harm from threats that will lead to its loss, inaccessibility, alteration or wrongful disclosure.

Question No: 131 ( Marks: 10 )
How will you differentiate CSF from KPI? Discuss briefly.

Question No: 132 ( Marks: 10
The concept of security applies to all information. Discuss what is the objective and scope of Security? What may be the security issues regarding information and what will be the management responsibility to resolve these issues?
Internet Security Controls

Information Systems can be made secure from the threats. There is not a
single control available to cater for the risk of vulnerabilities associated with web (Internet).
Some of the solutions are:
• Firewall Security Systems
• Intrusion Detection Systems
• Encryption

Firewall Security Systems
Every time a corporation connects its internal computer network to the Internet if faces potential danger. Because of the Internet’s openness, every corporate network connected to it is vulnerable to attack. Hackers on the Internet could break into the corporate network and do harm in a number of ways: steal or damage important data, damage individual computers or the entire network, use the corporate computer’s resources, or use the corporate network and resources as a way of posing as a corporate employee. Companies should build firewalls as one means of perimeter security for their networks. Likewise, this same principle holds true for very sensitive or critical systems that need to be protected from entrusted users inside the corporate network.

Firewalls are defined as a device installed at the point where network connections enter a site, they apply rules to control the type of networking traffic flowing in and out. The purpose is to protect the Web server by controlling all traffic between the Internet and the Web server. To be effective, firewalls should allow individual on the corporate network to access the Internet and at the same time, stop hackers or others on the Internet from gaining access to the corporate
network to cause damage. Generally, most organizations can follow any of the two philosophies

Deny-all philosophy which means that access to a given recourses will be denied unless a user can provide a specific business reason or need for access to the information resource.
Accept All Philosophy -- under which everyone is allowed access unless someone can provide a reason for denying access. System reports may also be generated to see who attempted to attack to system and tried to enter the firewall from remote locations. Firewalls are hardware and software combinations that are built using routers, servers and variety of software. They should control the most vulnerable point between a corporate network and the Internet, and they can be as simple or complex as the corporate security policy demands. There
are many types of firewalls, but most enable organization to

Sponsored Links

• Block access to an organization sites on the Internet
• Limit traffic on an organization’s public services segment to relevant addresses.
• Prevent certain users from accessing certain servers or services.
• Monitor communications between an internal and an external network
• Monitor and record all communications between an internal and the outside world to investigate network penetrations or detect internal subversion.
• Encrypt packets of data that are sent between different physical locations within an organization by creating a VPN over the Internet. Firewalls encrypt packets that are sent between different physical locations within an organization by creating a VPN over the Internet. The capabilities of some firewalls can be
extended so that they can also provide for protection against viruses and attacks directed to exploit known operating system vulnerabilities. Remote Location server protected by fire walls and IDS further complemented by IPS (Intrusion Prevention system) – Defining Specific ranges of IP addresses that may access the location with defined rights.

Question No: 133 ( Marks: 10 )
What is polymorphism? Define with example.
Polymorphism Following example will help understand the concept in a better manner.
Hence based on the example given above, the concept can be defined. Ppolymorphism is a
derived from Greek language meaning "having multiple forms"). Polymorphism is the
characteristic of being able to assign a different meaning or usage to something in different
contexts - specifically, to allow an entity such as a variable, a method, or an object to have more
than one form.
Question No: 134 ( Marks: 3 )
Explain intrusion with example
Intrusion can be both either physical or logical. In physical intrusion, the intruder physically
could enter an organization to steal information system assets or carry out sabotage. For example
the Intruder might try to remove hard disks. In case of logical intrusion, the intruder might be
trying to have an unauthorized access to the system. The purpose could be damaging or stealing
data, installation of bug or wire tapping -- Spying on communication within the organization.
Question No: 135 ( Marks: 3 ) Define Active attacks?
Active Attacks: Once enough network information has been gathered, the intruder will launch
an actual attack against a targeted system to either gain complete control over that system or
enough control to cause certain threats to be realized. This may include obtaining unauthorized
access to modify data or programs, causing a denial of service, escalating privileges, accessing
other systems. They affect the integrity, availability and authentication attributes of network
security.
Question No: 136 ( Marks: 10 )
What do you understand by Crypto systems? Discuss different types of controls.
In literal terms, cryptography means science of coded writing. It is a security safeguard to render
information unintelligible if unauthorized individuals intercept the transmission. When the
information is to be used, it can be decoded. “The conversion of data into a secret code for the
secure transmission over a public network is called cryptography.”
Encryption & Decryption
Cryptography primarily consists of two basic processes. These processes are explained through a
diagram.
Encryption – the process of converting data into codes (cryptograms)
Decryption – the process of decoding the code arrived at data actually encrypted
Question No: 137 ( Marks: 10 ) What are the components of the object? Give example
An object is defined as
“an abstraction of something in a problem domain, reflecting the capabilities of the system to
keep information about it, interact with it, or both.” Coad and Yourdon (1990)
An object is any abstraction that models a single concept.
Another Definition of object
“A concept, abstraction, or thing with crisp boundaries and meaning of the problem at hand.
Objects serve two purposes. They promote understanding of the real world and provide a
practical basis for computer implementation.” Rumbaugh et al. (1991)
Components of object
According to Booch, there are three components of object. Objects have state, behavior and
identity.
• Identity: Who is it?
Each object has unique identity.
• Behavior: What can it do?
What an object can do, how it can respond to events and stimuli.
CS 507
24
• State: What does it know?
The condition of an object at any moment, affecting how it can behave
Real-world objects share two characteristics: They all have state and behavior.
For example,
• Dogs have state (name, color, breed, hungry) and behavior (barking, fetching, wagging tail).
• Bicycles have state (current gear, current pedal cadence, two wheels, number of gears) and
behavior (braking, accelerating, slowing down, changing gears)..
Question No: 138 ( Marks: 10 ) How can we compute the expected loss? Discuss the
occurrence of threats.
Computing Expected Loss
In fourth step of the exposure analysis, the amount of expected loss is computed through
following formula
A = B x C x D
1. A = Expected Loss
2. B = Chances (in %) of threat occurrence
3. C = Chances (in %) of Threat being successful
4. D = Loss which can occur once the threat is successful
Control Adjustment
This phase involves determining whether any controls can be designed, implemented, operated.
The cost of devising controls should not exceed the expected potential benefit being en-cashed
and the potential loss being avoided. The controls that could mitigate or eliminate the identified
risk appropriate to the organization’s operations are provided. The goal of the recommended
controls is to reduce the level of risk to the IT system and its data to an acceptable level.
Following factors should be considered in recommending controls and alternative solutions to
minimize or eliminate identified risks.
• Effectiveness of recommended options
• Legislation and regulation
• Organizational policy
• Operational Impact
• Safety and reliability
The control recommendations are the results of the risk assessment process and provide the risk
mitigation process during which the recommended procedural and technical security controls are
evaluated, prioritized and implemented. It should be noted that not all possible recommended
controls can be implemented to reach and to determine which ones are required and appropriate
for a specific organization, a cost analysis, should be conducted for the proposed
recommendations of controls to demonstrate that the costs of implementing the controls can be
justified by the reduction in the level of risk. In addition, the operational impact and feasibility of
introducing recommended option should be evaluated carefully during the risk mitigation
process.
The above decision takes into account consideration of following factors:
5. Personal judgment of the situation
6. Any information gained on desired/non-existing controls during the previous phases
7. Seek demands of users for an ideal control environment.
Existing controls should not be totally discarded while adjusting controls. They can either be
terminated totally, due to the threats not being there any more or existence of better controls or
modification for betterment, this phase should consider the security to be cost effective, and
integrated.
2)- What are the conglomerate organizations?
3)- Feasibility
CS 507
25
4)- RAID model
5)- waterfall model
6)- system analyst
7)- Computer Integrated Manufacturing
Computer Integrated Manufacturing (CIM) Goals
CIM has three basic goals
• Simplification of all manufacturing technologies and techniques
• Automation of as many of the manufacturing processes as possible by integration of many
information technologies like
o Flexible Manufacturing Systems – a form of flexible automation in which several machine
tools are linked together by a material-handling system controlled by a central computer. It is
distinguished from an automated production line by its ability to process more than one product
style simultaneously.
o Computer aided Engineering (CAE) -- the application of computer software in engineering to
analyze the robustness and performance of components, assemblies, products and manufacturing
tools. o Just in time (JIT) – A Japanese idea that inventory is manufactured (or acquired) only as
the need for it arises or in time to be sold (or used). A major goal is to cut down on inventory
investment.
• Integration and coordination of all the manufacturing aspects through computer hardware and
software
8)- Define different models of SDLC?
Project lifecycle vs. SDLC
The systems development life cycle is a project management technique that divides complex projects into
smaller, more easily managed segments or phases. Segmenting projects allows managers to verify the
successful completion of project phases before allocating resources to subsequent phases. Although
System development can be seen as a project in itself, but the attribute that makes system development
different from regular projects is that a project has a definite end and it is unlikely that ongoing
maintenance will be included in the scope of the project but this falls in the definition of SDLC.
9)- Spiral Model.
SPIRAL is an iterative approach to system development. The spiral lifecycle model is a
combination of the classic waterfall model and aspects of risk analysis. This model is very
appropriate for large and complex Information Systems. The spiral model emphasizes the need to
go back and reiterate earlier steps a number of times as the project progresses. It's actually a
series of short waterfall cycles, each producing an early prototype representing a part of the
entire project. It is a circular view of the software lifecycle as opposed to the linear view of the
waterfall approach. It can incorporate other models in its various developmental phases.
There are usually four distinct phases of the spiral model software development approach.
10) physical design
The logical design is converted to physical design in this phase. The physical design involves
breaking up the logical design into units, which in turn can be decomposed further into
implementation units such as programs and modules.
Design of the Hardware/ Software Platform
New system requires new software and hardware not currently available in the organization.
For example
• User workstations might have to be purchased to support an office automation system.
• A minicomputer might have to be purchased to provide extra processing resources to the new
system.
Office Automation Systems
CS 507
26
Office automation system includes formal and informal electronic systems primarily concerned
with the communication of information to and from persons both inside and outside the firm. It
supports data workers in an organization.
For Instance
• Word processing
• Desktop publishing
• Imaging & Web publishing
• Electronic calendars – manager’s appt. calendars
• Email
• Audio & video conferencing – establishing communication between geographically dispersed
persons.
Question No: 139 ( Marks: 5 )
How the scanners are used as the technical control against the spread of viruses?
Use of antivirus software is another very important technical control against the spread of virus.
33.1 Scanners
They scan the operating system and application soft ware for any virus based on the viruses they
contain. Every virus has a different bit pattern. These unique bit patterns act as an identity for the
virus and are called signatures. These signatures are available in virus definitions. Every scanner
contains in it certain virus definitions which in fact are signatures (bit patterns) for various kinds
of virus. The scanner checks or scans the operating system and other application soft wares
installed on the hard drives. While scanning, it checks the bit patterns in all software against the
bit patterns contained in the virus definitions of the scanner. If they found similar, they are
labeled as virus.
Question No: 140 ( Marks: 5 )
Can you classify E-Commerce into different classes? Identify any five.
Electronic Commerce (e-commerce or EC) describes the buying, selling, and exchanging of
products, services, and information via computer network, primarily the internet. Some people
view the term commerce as describing transactions conducted between business partners.
Ebusiness is a broad definition of EC, not just buying and selling, but also servicing customers,
collaborating with business partners, and conducting electronic transactions within an
organization. The most prevalent of E-Commerce models can be classified as
1. Business to Consumer (B2C)
2. Business to Business (B2B),
3. Business to Employee (B2E),
4. Consumer to Consumer (C2C) and
5. E-Government
• Government to Citizens/Customers (G2C)
• Government to Business (G2B)
• Government to Government (G2G
141What is Object Oriented Analysis and Design (OOAD)? (Marks 1)
Object Oriented Analysis and Design (OOAD)
The concept of object oriented analysis and design focuses on problems in terms of classes and
objects. This concept combines aspects of both entity relationship diagram and data flow
diagrams. The object oriented analysis and design tool has been devised to support the object
oriented languages, for example C++ and Java. The roots of the concept of object orientation
evolved in late 60’s with the emergence of first language “SIMULA 67” as the first object
oriented language. Object oriented methodologies do not replace traditional approaches (such as
data flow, process flow, and state transition diagrams); they are important new additions to the
toolkit.
CS 507
27
142 What do you understand by computing envroiment. Describe the • Stand Alone Processing and
Web Based Environment (Marks 5)
Web based Environment
The typically refers to the use of web, internet and browser based applications for transactions
execution. In Web based environment, clients connect to the application through Broad-band or
base band/dial up connection. Application is located on the enterprise server which is accessed
by the client through then internet connection. Access may be given to single application
software or the entire operating system. Web based environment can be combined with and
applied to both centralized or decentralized to optimize the performance.
Web based architecture can be used, either to give access to the company employees to the
information system e.g Virtual Private Networks (VPN) in case of banks or to give access to any
body and every body to company’s information system.
Following example can explain the concept in a better fashion. Two users A & B present at
remote locations or we can say outside the organization may want to access the server located
within the organization. They may get connected with the internet and access the server located
in the organization. The server needs to be online as well so as to be accessed by A & B through
any of the means (broad band, base band, wi-fi, or satellite). Hence data can be transmitted and
retrieved using the internet. Availability of connection of proper bandwidth allowing appropriate
internet connection speed is critical to both transmission and retrieval. Due to this reason,
companies have taken dedicated lines to enjoy uninterrupted service.
143 Roles & Responsibility any three (Marks 3)
Roles & Responsibility
For security to be effective, it is imperative that individual roles, responsibilities are clearly
communicated
and understood by all. Organizations must assign security related functions in the appropriate
manner to nominated employees. Responsibilities to consider include:
1. Executive Management — assigned overall responsibility for the security of information;
2. Information Systems Security Professionals — responsible for the design, implementation,
management, and review of the organization’s security policy, standards, measures, practices,
and procedures;
3. Data Owners — responsible for determining sensitivity or classification levels of the data as
well as maintaining accuracy and integrity of the data resident on the information system;
4. Process Owners — responsible for ensuring that appropriate security, consistent with the
organization’s security policy, is embedded in their information systems;
5. Technology providers — responsible for assisting with the implementation of information
security;
6. Users — responsible for following the procedures set out in the organization’s security policy;
and
7. Information Systems Auditors — responsible for providing independent assurance to
management on the appropriateness of the security objectives.
144 What is focal Point? Complete(Marks 10)
What is focal Point?
A corporate-level facilitator may serve as a focal point for assessments throughout the company,
including those pertaining to information security because of familiarity with the tools and the
reporting requirements. Each business unit in an organization may have a designated individual
responsible for the business unit's risk assessment activities. The computer hardware and
software company, may also create a team for the purpose of improving the overall risk
assessment process and reviewing results of risk assessments in the hardware and software
systems from the perspective of offering a better, reliable and risk free product.
145 What is Vulnerability? (Marks 1)
CS 507
28
Vulnerability is a weakness that can be accidentally triggered or intentionally exploited. This
phase helps in building up a list of weaknesses and flaws that could be exploited by the potential
threat sources.
146Two output of Impact Analysis? (Marks 2)
Impact Analysis
This phase determines the adverse impact resulting from a successful threat exercise of
vulnerability. Following information is required before conducting an impact analysis.
1. System mission e.g. the process performed by IT system.
2. System and data criticality e.g. the system’s value or importance to an organization
3. System and data sensitivity
The information can be obtained from existing organizational documentation.
The threat source lacks motivation or capability or controls are in place to prevent or at least
significantly impede the vulnerability from being exercised.
Low The threat source is motivated and capable but controls are in place that may impede the
successful exercise of the vulnerability.
Medium The threat source is highly motivated and sufficiently capable and controls to prevent
then vulnerability from being exercised are ineffective
High Likelihood level Likelihood Definition
Impact needs to be measured by defining certain levels. E.g. high medium low as qualitative
categories or quantifying the impact by using probability distribution.
Mission Impact Analysis
• Assess criticality assessment
• Data criticality
• Data sensitivity
The output of this phase is impact rating.
147What is change management. Identify its types ? (Marks 5)
Change management
Change management means to plan, initiate, realize, control, and finally stabilize change
processes on both, corporate and personal level. Implementation of ERP or any other integration
software needs commitment and proper management. Managing change in implementation
projects has become a serious concern for the management.
Types of Change
• Organizational Development: This is the more gradual and evolutionary approach to change. It
bases on the assumption that it is possible to align corporate objectives with the individual
employees’ objectives. In practice, however, this will rarely be possible.
• Reengineering: This is known as corporate transformation or business transformation. It is the
more radical form of change management, since it challenges all elements of processes or
structures that have evolved over time.
148 What is difference between the Changing and Freezing? (Marks 3)
Another view of phases
Change management phases can be classified in an alternative way:
• Unfreezing -- Preparing a situation for change by disconfirming existing attitudes and
behaviors.
• Changing -- Taking action to modify a situation by altering the targets of change.
• Refreezing -- Maintaining and eventually institutionalizing the change.
149 How will you differentiate CSF from KPI? Discuss briefly.
CSF vs. Key Performance Indicator
A critical success factor is not a key performance indicator or KPI. Critical Success Factors are
elements that are vital for a strategy to be successful. A KPI measures the achievements.The
CS 507
29
following example will clarify the difference. A CSF for improved sales may be adopting a new
sales strategy through better and regularly arranged display of products in the shop windows.
However, the KPI identified would be the increased/decreased Average Revenue Per Customer
as a result of the strategy. Key Performance Indicators directly or indirectly measure the results
of implementation of Critical Success Factors. KPI’s are measures that quantify objectives and
enable the measurement of strategic performance.
Question No: 150 ( Marks: 1 ) What is an entity set? Entity
An entity is an object that exists and is distinguishable from other objects. An entity is described
using a set of attributes. For example specific person, company, event, plant, crop, department,
section, cost center.
• An entity set is a set of entities of the same type that share the same properties
• All entities in an entity set have the same set of attributes, i.e. common characteristics e.g.
names, addresses, date of birth, etc.
• Each entity set has a distinct attribute by which it can be easily identified, e.g. NIC no.,
employee no.
Example
• Bird is an entity
• The class of birds is an entity set
• The color of birds is an attribute
151 Why use in arrow of process in the flow chart? (Marks 1)
Flow Chart
"A schematic representation of a sequence of operations as in a manufacturing process or
computer program
Question No:152( Marks: 2 ) Why we use the tools like flowcharts, DFDs etc in the System
Design?
Entity Relationship Diagram (ERD)
Another diagrammatical tool used in system design is ERD. ERD as shown below indicates
simple relationships. These relationships can be read as follows.
• One department has one supervisor
• A department may have more than one employees
Or
• An employee may be in more than one departments
• An employee may not be working on any project but a project must have at least one employee
working on it Or
• An employee may be in more than one departments
• An employee may not be working on any project but a project must have at least one employee
working on it This is another form of ERD used to show the relations between various fields in
files used to record specific data.
153Question No: 153 ( Marks: 1 ) Define Clear Text ?
Clear text – it is the data to be encrypted.
• Cipher text – it is the code created out of data after encryption
Critical Success Factors differ from organization to organization. While approving any project, the
management may evaluate the project on the basis of certain factors critical to the success or failure
of the project. Five example in real life (Marks 10)
Critical Success Factors (CSF)
Critical Success Factor (CSF) is a business term for an element which is necessary for an
organization or project to achieve its mission. For example, for an international package delivery
system, CSF’s can be identified such as safe transport of customer consignments, timely delivery
of consignment, online status confirmation system to inform customers and proper packaging
and handling.
CS 507
30
Critical Success Factors differ from organization to organization. While approving any project,
the management may evaluate the project on the basis of certain factors critical to the success or
failure of the project. For instance:
• Money factors: positive cash flow, revenue growth, and profit margins.
• Acquiring new customers and/or distributors
• Customer satisfaction – No. of complaints, after sales service
• Quality – Customer feed back on the product.
• Product / service development -- what's new that will increase business with existing customers
and attract new ones?
• Intellectual capital – enhancing production techniques and acquiring knowledge relating to
advancement in hardware/machines, equipment, processes.
• Strategic relationships -- new sources of business, products and outside revenue, sub
contracting.
• Employee development and retention –
• Sustainability
• Corporate social responsibility
• Corporate Governance
27.1 Sources of Critical Success Factors
Critical Success Factors have to be analyzed and established. CSF’s may be developed from
various sources.
Generally four major sources of identifying CSF’s are
• Industry CSFs resulting from specific industry characteristics;
• CSF’s resulting from the chosen competitive strategy of the business e.g. quick and timely
delivery
may be critical to courier service business
• Environmental CSFs resulting from economic or technological changes; and
• Temporal CSFs resulting from internal organizational needs and changes.
Question No: 154 ( Marks: 2 )What is the use of Default keyword in switch structure?
The default statement is used because, when dealing with switch, you will have many cases
either returning TRUE or FALSE.
If neither of those cases return true, then default will recognize the switch value. However, the
default line should be at the end of every caseIt's a catch-all for any case that doesn't exist. Think
of it as 'else' in a list of if-else statements, if the switch doesn't match a listed case, the default
case is used (if it exists).
155 Object Oriented Design has the purpose to create flexible Object Oriented Systems.
Object-Oriented Analysis(OOA) and Object-Oriented Design(OOD)?
Flexible in terms of Object Orientation means, that it's possible to add functionality without
messing the whole thing up. Object Oriented Analysis has the purpose of finding a proper OOD
for the problem, e.g. by using Design Patterns.
Question No: 156( Marks: 3 ) Identify draw backs to ERP systems.
Disadvantages of ERP: Many problems organizations have with ERP systems are due to
inadequate investment in ongoing training for involved personnel, including those implementing
and testing changes, as well as a lack of corporate policy protecting the integrity of the data in
the ERP systems and how it is used.