Software Engineering
Difficulty: Level 2 (Recall — definitions, standard textbook facts, short reasoning) Time limit: 30 minutes Total marks: 40
Q1. (4 marks) Define functional and non-functional requirements. Give one example of each for an online banking application.
Q2. (5 marks) List the three roles in Scrum and state one core responsibility of each. Name two Scrum ceremonies (events).
Q3. (4 marks) Match each HTTP method to its typical CRUD operation and state whether it is idempotent: GET, POST, PUT, DELETE.
Q4. (5 marks) Name the four core Git object types and state in one line what each stores.
Q5. (4 marks) State what HTTP status codes in each of the following classes indicate: 2xx, 3xx, 4xx, 5xx. Give one specific code example for 4xx and 5xx.
Q6. (4 marks) Describe the Red–Green–Refactor cycle of TDD in the correct order, one line per phase.
Q7. (4 marks) Distinguish authentication from authorization. Name any two categories from the OWASP Top 10.
Q8. (4 marks) Define line coverage and branch coverage. For the snippet below, how many branches must a test suite exercise for full branch coverage?
if x > 0 and y > 0:
do_a()
else:
do_b()Q9. (3 marks) Name the ordered stages of a typical CI/CD pipeline (at least four stages).
Q10. (3 marks) Define a Docker image and a Docker container, and state the relationship between them.
Answer keyMark scheme & solutions
Q1. (4 marks)
- Functional requirement = what the system does — a specific behaviour/feature (2). Example: "user can transfer funds between accounts" (0.5).
- Non-functional requirement = how well / quality attribute (performance, security, availability) (1.5). Example: "transactions complete within 2s" or "99.9% uptime" (0.5). Why: functional = behaviour, non-functional = constraints/quality.
Q2. (5 marks)
- Product Owner — owns/prioritises the product backlog, represents stakeholder value (1).
- Scrum Master — facilitates process, removes impediments, coaches team (1).
- Development Team — builds the increment (1).
- Two ceremonies (1 each): Sprint Planning, Daily Stand-up, Sprint Review, Sprint Retrospective.
Q3. (4 marks) (1 each)
- GET → Read — idempotent (also safe).
- POST → Create — not idempotent.
- PUT → Update/replace — idempotent.
- DELETE → Delete — idempotent.
Q4. (5 marks) (blob/tree/commit 1 each, tag 1, clarity 1)
- Blob — file contents (no name).
- Tree — directory listing: names + modes + pointers to blobs/trees.
- Commit — snapshot: pointer to a tree, parent commit(s), author, message.
- Tag — named, annotated reference to an object (usually a commit).
Q5. (4 marks) (1 each)
2xx= success (e.g., 200 OK).3xx= redirection.4xx= client error — example 404 Not Found / 400 Bad Request / 401.5xx= server error — example 500 Internal Server Error / 503.
Q6. (4 marks) (order + descriptions)
- Red — write a failing test for desired behaviour (1).
- Green — write minimal code to make the test pass (1).
- Refactor — improve code structure while keeping tests green (1). Correct order (1).
Q7. (4 marks)
- Authentication = verifying who you are (identity) (1.5).
- Authorization = determining what you're allowed to do (permissions) (1.5).
- Two OWASP categories (0.5 each): e.g., Injection, Broken Access Control, Cryptographic Failures, XSS, SSRF, Security Misconfiguration.
Q8. (4 marks)
- Line coverage = % of executable lines run by tests (1).
- Branch coverage = % of decision outcomes (true/false of each branch) exercised (1).
- The
if/elsehas one decision with 2 branches (true and false) → 2 branches for full branch coverage (2). (Note: the compoundandmeans 100% path/condition coverage would need more, but branch coverage of the if = 2.)
Q9. (3 marks) Any ordered ≥4 of: Source/checkout → Build → Test → (Static analysis/lint) → Package/Artifact → Deploy (staging→prod). (0.75 each up to 3)
Q10. (3 marks)
- Image = read-only template/blueprint (layered filesystem + metadata) (1).
- Container = a running (or runnable) instance of an image with a writable layer (1).
- Relationship: container is instantiated from an image; many containers from one image (1).
[
{"claim":"Branch coverage of a single if/else requires 2 branches","code":"branches=2; result = (branches==2)"},
{"claim":"GET, PUT, DELETE are idempotent; POST is not (3 idempotent methods listed)","code":"idempotent={'GET':True,'POST':False,'PUT':True,'DELETE':True}; result = (sum(1 for v in idempotent.values() if v)==3 and idempotent['POST']==False)"},
{"claim":"There are four core Git object types","code":"objs={'blob','tree','commit','tag'}; result = (len(objs)==4)"},
{"claim":"5xx denotes server errors and 4xx client errors","code":"result = (500//100==5 and 404//100==4)"}
]