RAID (Redundant Arrays of Inexpensive Disks)

RAID0 (striping or disk striping)

- no spare disk

RAID1 (mirroring or disk mirroring)

- one disk for backup

RAID6
- two parity codes are generated

Round robin scheduling method

- allocates the CPU to ready-state tasks in a queue in order of arrival

archive
- function to combine multiple files into one file

SRAM (Static RAM)

- use flip flop circuit, which has two stable states
- operating speed is high

DRAM (Dynamic RAM)

- use capacitor
- operating speed is slow

Pulse Code Modulation (PCM)

Sampling
- The continuous analog audio signal is sampled at regular intervals to obtain
discrete values

Quantization
- The sampled values are then rounded to the nearest value within a fixed range,
turning them into discrete levels.

Encoding
- The quantized values are then converted into a binary code to be stored or
transmitted digitally.

Router use IP address

Bridge, Switch use MAC address

Sniffing attack
- the interception and analysis of data exchanged between two parties on a
communication channel

Spoofing
- the act of disguising a communication from an unknown source as being
trustworthy.

SSL/TLS certificate of a website

- contains unencrypted public-key of the website

A cold start
- a method to restore a system to its initial state and restart it, often after a
system failure. This process involves a full restart of the system without using
any prior preprocessing, such as backing up or restoring from a copy made before
the failure.

Rollback
- Reverts the system to a previous safe state using pre-processed backups or copies
taken before an update or change.

Rollforward
- Moves the system forward to a specific state after a failure, often using logs or
incremental backups made after an update.

Warm start
- A restart method that uses some pre-existing state or memory to resume operations
more quickly than a full cold start.

Audit work paper

- An execution record of the auditing procedure by an auditor, and it forms the
basis of the audit opinion

Balanced scorecard
- business management technique that is used to develop specific targets and
measures to implement a planned strategy, in consideration of the appropriate
mutual relationships among four perspectives (i.e., financial, customer, business
process, and learning and growth

CRM (Customer Relationship Management)

- To construct favorable customer relationships

ERP (Enterprise Resource Planning)

- To improve management efficiency through integrated management of core business
operations

Sales Force Automation (SFA)

- To improve the efficiency of sales activity through unified management of
customer information

A smart grid
- enables the integration of renewable energy sources, balances electricity supply
and demand, and enhances grid stability through real-time data monitoring and
adaptive responses.

SCM (Supply Chain Management)

- aims to reduce costs, improve efficiency, and shorten delivery times by
coordinating and integrating activities across multiple companies or organizations
involved in production, procurement, logistics, and sales.

CISO (Chief Information Security Officer)

CCO (Chief Compliance Officer)
CIO (Chief Information Officer)
COO (Chief Operating Officer)

Technology
Chapter 5
1. NAPT (Network Address Port Translation) = one-to-one conversion of the private
IP address and its corresponding
global IP address
NAT (Network Address Translation)/IP masquerade = several private IP addresses,
including the port number, to one global IP
address

2. 510 (maximum host calculation)

[Link]/23
10101100.00010000.01000000.00000000
10101100.00010000.0100000/0.00000000
network part / host part
= 0.00000000 to 1.11111111
= 2^9 + 2^8 + 2^7 + 2^6 + 2^5 + 2^4 + 2^3 + 2^2 + 2^1
= 511
511 - 1 (not include broadcast address in valid host address)
= 510

3. [Link] (broadcast address calculation)

[Link]/26
11000000.10101000.10000000.00/000000
network part/ host part
11000000.10101000.10000000.00/111111 (broadcast address = host part all 1)
= 111111
= 2^6 + 2^5 + 2^4 + 2^3 + 2^2 + 2^1
= 63
[Link]
* all equal to 1 is a broadcast address

4. ARP
ARP(Address Resolution Protocol) = convert IP address to MAC address
ICMP(Internet Control Message Protocol) = give notification error and network
status
RARP(Reverse Address Resolution Protocol) = convert MAC address to IP address
RIP(Routing Information Protocol) = select communication path

5. Router
Access Point = Data Link Layer
Bridge = Data Link Layer
Repeater = Physical Layer
Router = Network Layer
Gateway = transport layer or higher
HTTP, DHCP, DNS = Application layer

6. NAPT

7. flow control (control the amount of data transmitted)

8. DHCP
DNS = convert domain name to IP address
DHCP = dynamically assign ID address
NSLookup = find corresponding IP address for a host

9. Software-defined networking (manage network via software)

10. Trojan horse (malicious program that presents itself as a legitimate one)

11. node waits for the medium to be idle before transmission

CSMA/CD (Carrier Sense Multiple Access with Collision Dection)
- check data flow
- if a collision is detected, stop the transmission and perform retransmission
later

12. NTP
NNTP(Network News Transfer Protocol) = distributes news articles
NTP(Network Time Protocol) = synchronize time in serval nodes
RTP(Real Time Transport Protocol) = transfer video and audio in a suitable format
for real time
FTP(File Transfer Protocol) = file transfer protocol
13. b

14. b

15. c
[Link]/22
11000000.10101000.001110/01.01111011
network part/ host part
11000000.10101000.001110/11.11111111 (broadcast address = host part all 1)
[Link]

16. b

17. every four digits is separated by a colon

128bit = 8 portions and 16 bits in each portions
each portion is separated by colon and represent with hexadecimal number

18. [Link] (network address calculation)

IP address [Link]
Subent Mask [Link]
IP 00001010.10101010.01000110.00010011
Subnet 11111111.11111111.11111111.11110000
11111111.11111111.11111111.1111/0000
network part/ host part
IP 00001010.10101010.01000110.0001/0011
00001010.10101010.01000110.0001/0000 (host part all 0s = network address)
[Link]

19. MIME(Multipurpose Internet Mail Extensions)

MIME = enable handling of audio/video data through e-mails
SMTP = email only

20. b

21. IEEE maximum speed = 600 Mbps

22. d

23. LTE
IEEE Institute of Electrical and Electronics Engineers = an organization
LTE = 4G LTE (wireless data transmission )

24. bcc
- a message copy sent to an additional recipient, without the primary recipient
being made aware

25. b

26.
bridge = layer 2 switch = switching hub
- has MAC address learning function and filtering function, therefore data
transmitted to a LAN does not follow to another LAN

27. Anycast in IPv6, not in IPv4

Broadcast = one to all
Multicast = one to many
Anycast = one to closet one of many
Unicast = one to one
[Link]
routing/

28. 30
111/00000
= 2^5+2^4+2^3+2^2+2^1
= 31-1
= 30

29. TELNET
DNS (Domain Name System) = use UDP
DHCP(Dynamic Host Configuration Protocol) = use UDP(for file transfer, not secure)
SNMP(Simple Network Management Protocol) = use UDP
TFTP(Trivial File Transfer Protocol) = use UDP protocol
FTP(File Transfer Protocol) = use TCP(for file transfer, secure)
TELNET(Teletype Network) = use TCP
ARP = use TCP

30. Router use IP address

31. c

32. b

33. b

34. b

35. b

36. c

37. [Link] and [Link]

subnet 11111111.11111111.11111111.1111/0000
[Link]
IP 11000000.10101000.00000001.0000/1110
[Link]
IP 11000000.10101000.00000001.0001/0001
[Link]
IP 11000000.10101000.00000001.0001/1101
[Link]
IP 11000000.10101000.00000001.0010/0001
[Link]
IP 11000000.10101000.00000001.0011/0001

38. ARP use Unicast

39. a
request = source 50001 / destination 80
so, response = source 80 / destination 50001

40. VLANs are used to reduce network traffic

41. b

42. a

43. a
44. TCP = IP address + Port Number

45. Difference between Request and Response Time of Server

46. a

47. [Link]
Type A 1 - 126 Large network
127 is reserved for loopback address
subnet mask [Link]

Type B 128 - 191 Medium-sized network (Routable IPs on internet)

[Link] to [Link] = private address range
subnet mask [Link]

Type C 192 - 223 Small networks

[Link] to [Link] = private address range
subnet mask [Link]

Type D 224 - 239 Multicast

no subnet mask

Type E 240 - 255 reserved for future use

no subnet mask

48. Network
Data Link = Frames
Network = Packets

49. b

50. b

51. netstat displays active TCP connections

52. b

53. c

54. b

55. IMAP allows message to remain on server even after it is downloaded

POP3 allows user to download emails from server

56. c

57. c

58. Transport Layer Protocols = TCP, UDP

59. b

60.
- ensures reliability by detecting lost packets and retransmitting them.
- have mechanisms for congestion control
- is connection-oriented and can handle packets arriving out of order

61. a
62. d
Castle (Your private network)
Front Yard (DMZ)
Outer Fence (Firewall)

63. d

64. c

65. d
- use ping to test reachability of communication partner

66. a

67. c

68. a

69. b
111/00000
= 2^4+2^3+2^2+2^1+2^0

70. b

71. packet sniffing

- evaluate which employees are using excessive amount of bandwidth

72. jitter
- variation in time delay between packets arriving
crosstalk - interference from adjacent channels or circuits, which can degrade the
signal quality
glitch - minor fault in the network's operation
ripple - fault in signals or voltages

73. c

74. b

75. d
[Link]/27
01111011.00000000.00000000.000/11110
[Link]

[Link]/25
10010110.00111100.00000000.1/0000010
[Link]

[Link]/28
11000100.01001010.00100110.0001/0100
[Link]

[Link]/26
11010010.00001011.10111110.11/000000
[Link]

76. b

77. a
78. b

79. d

80. c

81. d

82. b

83. c

84. b
In CSMA/CD, nodes first listen to the network to check if it is free (Carrier
Sense). If the medium is free, they start transmitting data (Multiple Access).

TDMA(Time Division Multiple Access) = Assigned Time Slot for Transmission

85. a
HTTP, DHCP, DNS = application layer

86. a
Switch use MAC address
Router use IP address

87. c

88. c
OSI 7 layers functions and examples
Physical: Transmits raw bit streams over a physical medium.
eg. Cables (Ethernet, fiber optics), switches, hubs

Data Link: Provides node-to-node data transfer and error detection.

eg. Ethernet, Wi-Fi, switches, bridges

Network: Handles routing and forwarding of packets.

eg. IP (Internet Protocol), routers

Transport: Ensures complete data transfer and manages end-to-end communication.

eg. TCP (Transmission Control Protocol), UDP (User Datagram Protocol)

Session: Manages sessions and controls dialog between applications.

eg. NetBIOS, RPC (Remote Procedure Call)

Presentation: Translates, encrypts, and compresses data.

eg. JPEG, MPEG, SSL/TLS

Application: Provides network services to end-users and applications.

eg. HTTP, FTP, SMTP, DNS

89. c
IPv4 addresses are 32 bits long
IPv4 Address Classes:
Class A: [Link] to [Link] (Large networks)
reserved for private [Link] to [Link]

Class B: [Link] to [Link] (Medium networks)

reserved for private [Link] to [Link]
Class C: [Link] to [Link] (Small networks)
reserved for private [Link] to [Link]

Class D: [Link] to [Link] (Multicasting)

Class E: [Link] to [Link] (Experimental)

90.
SMTP = send emails to mail server and exchange mails between servers
POP3 = retrieve mails from mail server
PAP Password Authentication Protocol = authenticate users in PPP( Point to Point
Protocols)

91. 11
Number of fragments = Total Data/ Data per fragment
= 2000 - 20(IP header) / 200 - 20
= 1980 / 180
= 11

92. b

93. b

94. d
NTP (Network Time Protocol) = synchronize the time of every client on the network

95. d

96. b
cell relay = fixed-size unit
message switching = store and forward entire message
packet switching = not based on X.25 protocol

97. a
STP(Spanning Tree Protocol) ensures that there is only one active path between any
two network devices, preventing broadcast storms and maintaining network stability.

Technology
Chapter 6
1. b
Types of attacks
SQL injection
= attacker inserts or "injects" malicious SQL code into a query. This code is
executed by the web server's database, potentially allowing the attacker to access,
modify, or delete data

Man-in-the-Middle attack
= an attack on the data transmission layer. Data packets to and from the web
server are modified.

keylogging attack
= Every key stroke a user makes in the network is captured

IP spoofing or packet sniffing

= an attack on the network layer, The IP headers of packets in the network are
captured and modified.

2. b
Adware
= displays unwanted ads and may track your browsing habits.
Ransomware
= encrypts your files or locks your system, demanding a ransom to restore access.
Rootkits
= provide hidden administrative access to a computer and can be used to conceal
other malware.
Spyware
= secretly collects information about you, often leading to privacy violations and
potential identity theft.

3. b

4. a
command and control (C&C) server
= A computer controlled and used by an attacker to send commands to other
compromised
computers

5. b
advanced persistent threat(APT)
= an attack that uses sophisticated techniques and goes undetected over a long time

6. b
intrusion detection systems (IDS)
= monitor network or system activities for malicious activities or policy
violations

impact assessment
= Listing all affected files in the system in order to assess the impact of an
attack

digital forensics
= analyzing digital devices and data to investigate and recover evidence related to
cybercrime

Foot printing
= Gathering information about an organization and its systems in preparation for an
attack

7.
Authenticity: Ensures that an entity is what it claims to be.
Reliability: Ensures consistent intended behavior and results.
availability: ensures that information and systems are accessible to authorized
users when needed.
confidentiality: ensures that information is not disclosed to unauthorized
individuals, entities, or processes.

8. Since the LAN analyzer can display the packets that pass through the network, it
is necessary to pay attention to misuse or abuse, such as wiretapping.

9.
honeypot
= specifically designed to lure attackers in order to study their methods and
gather information about their behavior.

SIEM (Security Information and Event Management)

= provides real-time analysis of security alerts generated by network hardware and
applications.
DMZ (Demilitarized Zone)
= a physical or logical subnetwork that separates an internal local area network
(LAN) from other untrusted networks, usually the internet.

Botnet
= a network of compromised computers, often referred to as "bots" or "zombies,"
controlled by an attacker to perform various malicious activities such as sending
spam, launching Distributed Denial of Service (DDoS) attacks, or stealing data.

14. virus = a type of malware that embeds itself within a program (need a host)
and inserts its copy into other programs
Worms = a type of malware that can spread on their own without needing a host file.

15.
Level of risks
= Magnitude of a risk expressed in terms of the combination of consequences and
their likelihood

16.
Dynamic analysis of malware = involves executing the malware in a controlled
environment (such as a sandbox) and observing its behavior and interactions with
the system and network.

17. Transport Layer Security (TLS)

= ensures to secure credit card information and other sensitive data transferred
between a customer's PC and a web service

20.
web beacon = a small, often invisible, graphic image or script embedded in a
webpage or email. It is used to track and monitor user behavior, such as whether an
email has been opened or a webpage has been visited.

24.
PKI (Public Key Infrastructure), RSA
= asymmetric encryption, where different keys are used for encryption (public key)
and decryption (private key)

SHA-256(Secure Hash Algorithm 256-bit)

= a cryptographic hash function, not an encryption algorithm

AES (Advanced Encryption Standard)

= a symmetric encryption algorithm, where the same are used for both encryption and
decryption

KCipher-2
= also a symmetric key algorithm

26.
Containment means restriction
= limit the impact of cybersecurity incidents

27.
WAF (Web Application Firewall)
= inspect incoming and outgoing data between a client and a web server. It can
detect and block various types of attacks, including SQL injection, cross-site
scripting (XSS), and other web-based threats.

28.
SSH (Secure Shell)
= a protocol that provides a secure channel over an unsecured network in a client-
server architecture. I

29.
Sender Policy Framework (SPF)
= a method to authenticate the sender's mail server by matching its IP address with
the authorized IP addresses listed in the domain's SPF record, thereby helping to
prevent email spoofing.

30.
OP25B(Outbound Port 25 Blocking)
= blocks outgoing email traffic on port 25 to reduce the delivery of spam or junk
emails

5/8/2024
32.
DNS enumeration or fingerprinting
= attackers gather information about DNS servers to find vulnerabilities

DNS amplification
= a type of Distributed Denial of Service (DDoS) attack. It involves sending a high
volume of requests to exploit the DNS infrastructure

DNS zone transfer attack or DNS zone walking

= attackers attempt to transfer the DNS zone data to gather information about the
network

DNS cache poisoning or DNS spoofing

= an attack in which false information is introduced into a DNS resolver's cache

33.
RSA (Rivest-Shamir-Adleman)
= a type of public-key cryptography that relies on the mathematical difficulty of
factorizing the product of two large prime numbers

37.
ransomware
= a type of malware that encrypts files and demands payment for decryption

Trojan horse
= disguise themselves as legitimate software but perform unauthorized actions once
executed

logic bomb
= a type of malware that remains dormant until triggered by a specific condition

Worms
= a type of malware that can spread autonomously across networks and devices
without any user interaction

38.
CSIRT
= Computer Security Incident Response Team
a group of experts responsible for handling and responding to computer security
incidents within an organization

40.
Purpose of a port scanner during an inspection of a web server
= to ensure that no unnecessary service is operating by enumerating services on web
server

Purpose of port scanning when an attacker intrudes into the system

= To investigate if there is a service that can be attacked at the preliminary
investigation stage

42.
clickjacking
= An attacker misleads the user to interact with a user interface and to perform
unintended
operations.

44.
DHCP spoofing
= an attack to provide incorrect IP addresses to clients

DHCP snooping
= monitors and filters DHCP messages to prevent malicious activities such as DHCP
spoofing

DHCP MAC filtering

= restrict which devices can receive IP addresses from the DHCP server based on
their MAC addresses

DHCP starvation
= to exhaust the pool of available IP addresses, making it impossible for
legitimate clients to obtain an IP address from the DHCP server.

45.
(A mod 32) + 64

a) (A AND 31) OR 64
b) (A AND 32) OR 32
c) (A OR 31) AND 64
d) (A OR 64) AND 32

mod = remainder after division

+ = arithmetic addition
AND, OR = bitwise operations

(A mod 32) = A & 31

+ = OR

15/08/2024
47.
XSS attack
= filtering out the input that can be interpreted as a script

52.
Falsification
= altering the content of a web page without authorization
Tapping/Wiretapping
= allows attacker to secretly listen in or capture the data being exchanged
between two parties without their knowledge

53.
purpose of using a message digest in message authentication code
= to confirm that there is no falsification of a message
54.
Role of Public Key Infrastructure (PKI)
= Issuing a digital certificate that certifies the public key of a user or server

55.
Directory Traversal Attack = Path Traversal
= allows an attacker to access files and directories stored outside the web root
folder

58.
IRIS in two factor authentication
= a form of biometric authentication

64.
brute force attack
= a method of trying every possible combination of keys until the correct one is
found

Rainbow table attack

= use of the possible combination of pre-computed hashes and passwords

69.
Sniffing attack
= capturing and analyzing network traffic to gather information that is being
transmitted

Smurf attack
= a type of distributed denial-of-service (DDoS) attack

Spoofing attack
= pretending to be a trusted source to gain unauthorized access or information

79.
information security risk of BYOD (Bring Your Own Device)
= can cause information security risks such as virus infections due to inadequate
security settings

89.
port 80
= widely used for legitimate web traffic, firewalls and network security systems
are generally configured to allow traffic on this port

90.
appropriate countermeasure against information leakage
= Overwriting all areas of the hard disk with a random bit string multiple times

92.
zero-day attack
= a cyberattack that occurs on the same day a vulnerability is discovered, before
the developer has had a chance to issue a fix or patch for it

97.
Same-Origin Policy
= a security feature implemented in web browsers that restricts how documents or
scripts loaded from one origin (i.e., domain) can interact with resources from
another origin

99.
Security Operations Center (SOC)
an organized and highly skilled team, whose mission is to continuously monitor and
improve the organization’s security posture while preventing, detecting, analyzing,
and responding to cybersecurity incidents

16/08/2024 8:30~
2.
Binary search
= works by repeatedly dividing a sorted data set in half and comparing the middle
element to the target value

3.
Hash index
= uses a hash function to map keys to storage locations. The hash function can
produce the same output (hash value) for different inputs (key values), which is
known as a "collision."

4.
Bubble Sort, Selection Sort, and Insertion Sort
Average-case:
O(n ^2)
Worst-case:
O(n ^2)

Merge Sort, Heap Sort

Average-case:
O(n log n)
Worst-case:
O(n log n)

Binary Sort
Average-case:
O( log n)
Worst-case:
O( log n)

Quick Sort
Average-case:
O(n log n)
Worst-case:
O(n ^2)

6.

7.
A parity check (vertical parity) is a simple error detection mechanism used in
digital communication and data storage to detect errors that may have occurred
during data transmission or storage.

How Parity Check Works:

Even Parity: The number of 1-bits in the data plus the parity bit is even.
Odd Parity: The number of 1-bits in the data plus the parity bit is odd.
Key Points:
Detection Capability: A parity check (either odd or even) can detect a 1-bit error
because it changes the overall parity (even to odd or odd to even).
Limitations:
It cannot detect 2-bit errors because flipping two bits may leave the parity
unchanged (e.g., flipping two 1-bits in even parity still results in an even
count).
It cannot correct errors; it only detects them. If an error is detected,
retransmission or further error-correcting codes are needed.

37.
Hash Table
= provide an average search time complexity of O(1) due to direct access using the
hash value.

40.
minimum number of nodes of a binary heap tree with a depth of “n” = 2^n

51.
Quick Sort
= a "pivot" element is chosen, and the array is partitioned into two groups:
elements less than the pivot and elements greater than the pivot.

Shell Sort
= an optimization of the insertion sort.

Selection Sort
= repeatedly finds the largest (or smallest) element in the unsorted part of the
list and swaps it with the last unsorted element.

Bubble Sort
= adjacent elements are compared and swapped if they are in the wrong order.

5/9/2024 11:00~
52.
m-substrings are contained in a k-string = k-m+1

53.
Infix Notation: Operators are written in between their operands, e.g., A + B.
Postfix Notation (reverse Polish notation, RPN): Operators are written after their
operands, e.g., AB+.

6/9/2024
54/67.
BNF notation

58.
the total number of comparisons for sorting a list of “n” elements
= n(n-1)/2

60.
two arrays are merged into a single one-dimensional array
= O(m+n)

69. 11/09/2024
possible ways to fill all 9 spaces on a tic-tac-toe board is 9! (9 factorial),
which equals:
9!=9×8×7×6×5×4×3×2×1=362,880

72.
the number of null children in a binary tree
= n + 1

12/9/2024
81.
Characteristic of linked lists
- used for a homogeneous collection of elements
- elements can be stored in both dynamic way and static way
- cannot directly access an element by its index

83.
when a program (or a function) calls itself recursively, most suitable data
structure
= Stack because it operates on a Last In, First Out (LIFO) principle

13/9/2024
90.
91.
95.
Newton's method
- function f(x) must be differentiable.
- if initial values are changed, approximate value will be changed.
- requires only one initial value
- involves drawing tangent lines to the curve

3/9/2024 9:00~
2024S
Sorting algorithms that are based on the divide-and-conquer strategy = Merge sort,
Quick Sort

RFI (Request for Information) and RFP (Request for Proposal)

RFI is for gathering information and understanding market options, while RFP is for
requesting specific proposals and bids to meet defined needs.

A system auditor should verify the information obtained during the interview by
obtaining supporting documents and records.

Service Management
Incident management
= When a failure or issue is reported by a user, the service desk needs to
determine if the incident is related to a known error

Capacity management
= Examining the amount of free space on a disk

Continual service improvement (CSI)

= Evaluating customer satisfaction and identifying improvement opportunities

Change management
= Investigating the impact of changes made to a program

Service lifecycle stages

Service strategy  Service design  Service transition  Service operation 
Continual service improvement

SDLC (Software Development Life Cycle)

Requirements Analysis  Design  Programming  Testing  Deployment  Maintenance

CPI (Cost Performance Index) = EV (Earned Value)/AC (Actual Cost)

PV (Planned Value) = (Budget at Completion / Total Duration ) * Elapsed Time
= (100,000 /4) * 1
= 25,000
CPI = 25,000 / 20,000

23/9/2024 9:00 ~
Strategy
Chapter 3
1. Enterprise Architecture (EA)
- analyze each business operation and information system through the four (4)
systems of business, data, application, and technology

2. effect of workflow system

- improve processing speed for office procedures, from document submission to
approval

7. Balanced Sorecard
-

8. In computerization planning, an activity that should be performed

- clarifying what roles are assigned to the business and information system
departments

9. Operating profit ＋ (Non-operating revenue − Non-operating expense) = Ordinary

profit

16. non-functional requirements definition

- quality requirements, technical requirements, and operational
requirements

18. SOA(service oriented architechture)

- constructing a system by considering the software functions as components called
services and combining them

21. CIO (Chief Information Officer)

- creates a plan for optimizing the effect of investment on the information
resources of the entire company to support the business strategy when a
computerization strategy is established

22.
IRR ( Internal Rate of Return)
- the discount rate at which the NPV of an investment is zero

NPV (Net Present Value)

- a method for making decisions on the basis of the sum of the future cashflows
discounted by a discount rate

25. TCO (Total Cost of Ownership) for SaaS

- has additional costs such as Data Migration Cost

27. characteristic of hosting service

- utilization right of a server prepared by a service provider is lent out to
users

31. purpose of BPM (Business Process Management)

- Continuous improvement of business processes

34.
Types of Feasibility
Economic Feasibility:
- Evaluates the financial aspects of the project. It checks whether the benefits of
the project outweigh the costs over its lifetime. It involves cost-benefit
analysis, return on investment (ROI), and other financial metrics.
Technical Feasibility:
- Assesses whether the technology and technical resources required for the project
are available, suitable, and capable of meeting the project requirements.
Operational Feasibility:
- Determines whether the project will function as intended in the business
environment. It considers whether the project will be accepted and used effectively
by the intended users.
Scheduling Feasibility:
- Evaluates whether the project can be completed within the required timeframe. It
assesses whether the deadlines are realistic and achievable.
Legal Feasibility:
- Ensures that the project complies with all legal and regulatory requirements.

36. EMS (Electronic Manufacturing Services)

- refers to companies that provide contract manufacturing services for electronic
components and devices. EMS companies handle the manufacturing, assembly, and
sometimes even the testing of products ordered by other companies, who are often
referred to as original equipment manufacturers (OEMs)

45.
An appropriate sequence of procedure for creating a business model
1. Clarifying a business process
2. Clarifying a data class (information model)
3. Associating a business process with a data class
4. Associating a business process with an information system
5. Associating a business process with an existing organization

46. Cloud computing

- enable ubiquitous, convenient, on-demand access to a shared pool of configurable
computing resources.

47. layers managed by vendors when using IaaS

- Virtualization, Servers, Storage, Networking

48. cloud-computing service model that allows users to install operating-system

images and their application software on the system
- Infrastructure as a service (IaaS)

54. digital divide

- refers to the gap between individuals, communities, or countries that have access
to digital technologies and those that do not.

56. prior evaluation

- setting the performance objectives based on the purpose of investment

57. purpose of defining a business model

- To organize the relationships between a company’s entire business operations and
their utilized information

60. IT governance
- a capability to guide the development and implementation of an IT strategy in a
desired direction to gain a competitive advantage

24/9/2024 9:00~11:00
64. BPR (Business Process Reengineering)

69.
infrastructure hosting
- a service in which a facility equipped with high-speed lines and earthquake-
resistant equipment owned by the provider is provided in order to install the
server and communication equipment of the customer
BPO (business process outsourcing)
- a service in which an external provider collectively undertakes business
operations such as general affairs, personnel affairs, accounting, and payroll
calculation that are performed within the customer’s organization

server rental
- a service in which some of the servers owned by the provider are lent to a
customer and used like the customer’s own servers

ASP (Application Service Provider)

- a service in which the functions of a general-purpose application system are
provided to several customers via a network

77.
RFI (Request for Information)
- this is used to gather broad information from vendors to understand the available
solutions, technologies, and capabilities in the market. It helps the ordering
party gain a preliminary understanding and shortlist potential vendors.

RFP (Request for Proposal)

- this is a more specific request where the ordering party provides detailed
requirements for the system to be procured, including procurement conditions, and
asks vendors to submit proposals on how they would meet these requirements.

81.
appropriate order for the procurement process
- issuance of the RFP: The process starts with issuing the RFP, where the
requirements and conditions are detailed and sent to potential suppliers to submit
their proposals.

- proposal evaluation: After receiving proposals from suppliers, the next step is
to evaluate them based on the predefined criteria to assess their suitability.

- selection of the supplier: Based on the evaluation, the best-suited supplier is

selected.

- procurement: Finally, the procurement process is completed by finalizing

contracts and procuring the required goods or services from the selected supplier.

25/9/2024 11:00~
Strategy
Chapter 4
2.
Polymorphism: One toy, many forms.
Encapsulation: Hiding the inside stuff, like a TV remote.
Data Abstraction: Only showing what’s important, like robot buttons.
Inheritance: Sharing common features, like animals that can walk but have their own
unique traits.

3.
An assertion check
- a technique used to embed logical expressions in a program to ensure that certain
conditions hold true at specific points during its execution.
Code trace
- Follows the flow of execution to understand the program’s behavior.
Snapshot dump
- Captures a snapshot of the program's state at a specific moment for analysis.
Test coverage analysis
- Measures how much of the code is covered by tests.
26/9/2024 9:00~
8.
acceptance test
- conducted by users to confirm that the software is complete and meets the
business needs that prompted the software to be developed.

performance testing
- conducted by developers.

integration testing
- verify that different parts of the software work together.

10.
black box testing
- the tester does not have access to the internal structure of the code. Instead,
the test is based solely on the input and output behavior of the system according
to its specifications. As a result, redundant code (code that is not necessary or
never executed) cannot be detected, since black box testing doesn't examine the
code itself, only its external functionality

white box testing

- testing the internal structure, logic, and code paths of a program.
- Branch coverage and Condition coverage are types of white box testing, which
involve testing internal code structures.
- Program structures are also relevant to white box testing, which tests how the
program is written internally.

11.
agile software development
- the project is broken down into small, time-boxed iterations (also known as
sprints or cycles). After each iteration, a working piece of software is delivered,
and the customer can review it.

Epic
- refers to a large user story, which can span several iterations.

Release
- a version of the product delivered to the customer, which may include multiple
iterations.

12.
Levels of Capability Maturity Model Integration (CMMI)
1. Initial
2. Managed
3. Defined
4. Quantitatively Managed
5. Optimizing

14.
components of Data Flow Diagram (DFD)
Data flow
- Represented by arrows
Data store
- Represented by two parallel lines (||)
Process
- Represented by circles.

16.
weakest module coupling
- pass only required data items as arguments between two (2) modules

20.
Activity diagram
- Focuses on workflows or activities, showing the flow of control from one activity
to another.

Communication diagram
- Emphasizes the relationships and interactions between objects but doesn't focus
on the time sequence of messages.

State-machine diagram
- Shows the states an object can be in and how it transitions between those states
based on events or conditions.

Sequence diagram
- shows the exchange of messages among objects, message transmission, and object
lifelines in a time series.

27/09/2024 11:55~
27. decision table
- a combination of conditions and the corresponding operations

28.

29.
Regression test
- focused on checking areas that should remain unaffected by changes.
Integration test
- Tests the interaction between different modules or components of the software.
Operational test
- Checks if the system works as expected in its operational environment, often
referred to as "acceptance testing."
System test
- Tests the entire system to ensure it meets the specified requirements.

30/9/2024 9:55~
40.

41.
Refactoring
- restructuring the internal design or code of a program without altering its
external behavior or functionality

pair programming
- two programmers work together on one codebase.

prototyping
- where an early version of the software is developed to get user feedback.

test-driven development (TDD)

- test cases are written before the actual coding is done.

43.
Procedural strength
- a module contains multiple sequential functions that are related by a sequence of
steps, with data passed internally from one function to the next.
 Communicational strength
- Functions in the module operate on the same data or related data but do not
necessarily follow a strict sequential order.

Functional strength
- The module performs a single, well-defined task or function, and all parts of the
module contribute directly to that task.

Informational strength
- The module contains different functions that operate on the same data structure
or type of information but perform independent tasks.

1/10/2024 11:15~
49.
Requirement definition
- the activity where the information gathered during analysis is translated into a
clear and precise set of requirements that outline what the system should do

2/10/2024 8:40~
53.
Stub
- The integration test for software composed of modules arranged in a hierarchical
structure is performed from a high-level module. In such a case, Stub is a test
module that is used as a substitute for a low-level module

54.

21/10/2024 15:48~
58.
State transition test
- focuses on testing how a system moves between different states based on various
inputs or events.

62.
Stamp coupling (also known as data-structured coupling)
- one module passes a data structure to another module

64.
Driver
- A program or component that calls the software component to be tested.

Stub
- A program or component that is called by the software component being tested.

67.
Deployment Diagram in UML (Unified Modeling Language) focuses on the physical
deployment of artifacts (such as software components) to processing nodes (like
servers, clients, or devices).

22/10/2024 8:25~
68.
Test Driven Development (TDD)
- a software development approach where test cases are written before the actual
code.

77.
a driver is used to simulate a higher-level module that controls or calls the
module being tested. The driver acts as a substitute for the module that would
normally invoke the lower-level module.
80.
A state transition diagram is effective when modeling systems where different
states exist, and the system's behavior changes based on transitions between these
states.

86.
The spiral model in system development is characterized by its iterative nature and
focuses on risk assessment and management. It consists of four main phases:
Planning, Risk Analysis, Engineering, Evaluation

87.
A static test tool analyzes code without executing it, which means it focuses on
detecting errors, bugs, or vulnerabilities directly from the source code.

90.
A stub is a dummy lower-level module used in top-down testing. In top-down testing,
higher-level modules are tested first, but if the lower-level modules are not yet
developed, stubs are used to simulate their behavior.

23/10/2024 8:55~
95.
During the external design phase of system development, the focus is on defining
the system's interaction with users and external systems. A key deliverable from
this phase is the screen layout, which represents how users will interact with the
system.

96.
Path coverage
- tests all possible execution paths within a program, ensuring that every path
from start to finish has been tested.
Branch coverage
- ensures that every decision (branch) point, such as if or else, has been tested
for both true and false outcomes.
Statement coverage
- ensures that every line of code (statement) is executed at least once during
testing.
Since path coverage involves testing every possible execution path, it naturally
includes both branch coverage (all decisions are tested) and statement coverage
(all lines of code are executed).

Strategy
Chapter 5
4.
In project time management,
Lead = Start the next task before the previous one finishes (overlap).
Lag = Wait some time after the first task finishes before starting the next one
(delay).
Slack time, also known as float = the amount of time a task can be delayed without
affecting the overall project schedule.

8.
Analogous estimate
- estimates the duration on other historical data from similar work

9.
In Extreme Programming (XP), one of the key practices is continuous integration and
testing.
10.
Scope creep
- occurs when new features, tasks, or requirements are added to a project without
proper planning or adjustments to the project’s timeline, budget, or resources.

11.
The Function Point Method is a standardized method for measuring the size and
complexity of software development. It focuses on the functionality delivered to
the user, considering various elements like:
External Inputs: User inputs into the system (e.g., data entry forms).
External Outputs: Data produced by the system (e.g., reports).
Internal Logical Files: Data maintained by the system (e.g., databases).
External Interface Files: Data files used by the system but maintained by other
systems.

12.
Parametric Estimate technique
- involves using statistical relationships between historical data and other
variables to calculate an estimate for activity durations or costs.

25.
Risk mitigation
- involves taking steps to reduce the likelihood or impact of a risk.

33.
Intermediate COCOMO consists of one overall model based on lines of code, whereas
COCOMO II consists of three different models, depending on the available knowledge
of product to be built.

36.

42.
Pareto chart
- line represents cumulative total

Control chart
- line represents control limits

Fishbone diagram
- Cause and effect diagram

Histogram
- plotting the number of data belonging to each section as a bar graph.

Network diagram
- project activities and their relationships can be graphically represented, and
the project manager can understand how the various activities flow towards
completion in order of time

57.
Quality management
- ensuring that the system meets its functional requirements, as well as the
quality of all deliverables such as design documents, manuals, and other supporting
materials.

65.
Gantt chart
- can compare the planned schedule and actual results.
Strategy
Chapter 6
5.
Roll forward
- recovering a database by restoring a full backup data onto a disk from a tape,
and then reflecting, from logs, postupdate copies after the full backup was taken.