|
VCE Software Development Units 3 and 4 |
KK = Key Knowledge. All KK are examinable Note from 2023-10-04: The VCAA Curriculum Manager confirms that glossary items are only examinable if they also appear in KK. Others are just examples. Any bullet points shown below have been inserted by me for clarity, and are not in the original VCAA study design. (Which is available locally here.) Hover your mouse of a red asterisk to see the official VCAA glossary definition of a term. links to a (big) slideshow if the icon has a label beside it links to a webpage on this site. is cute, but completely irrelevant. Check out my incomplete postmortem of VCAA's 2020 sample DA exam with lots of exam tips. |
SD U3O1 KK01 | Characteristics of Data types
|
||||||||||||||||||||||||||
SD U3O1 KK02 | Types of Data structures, including
Linked Lists [not examinable? the glossary lists it] The glossary also says: Types of data structures include: arrays, associative arrays, classes, fields, files, hash tables, linked lists, queues, records and stacks. Terms in the glossary are only examinable if they also appear in a KK after "including..." So, stacks appear in the glossary but not in any KK, so they are not directly examinable. |
||||||||||||||||||||||||||
SD U3O1 KK03 | Methods for documenting a problem, need or opportunity
|
||||||||||||||||||||||||||
SD U3O1 KK04 | Methods for determining Solution requirements, constraints and scope SRS - Software specification requirements
|
||||||||||||||||||||||||||
SD U3O1 KK05 | Methods of representing designs, including
|
||||||||||||||||||||||||||
SD U3O1 KK06 | Formatting and structural characteristics of files, including
Plain text data consists of (drumroll) - plain ASCII text, e.g. Smith Text data files can be read and edited by any software, but they lack any information about what the fields mean. e.g. the dates above could be birthdate, date of employment etc. Also, the software reading the data needs to know in advance that each record contains 5 lines of text - otherwise reading the data soon descends into anarchy. CSV - Comma Separated Values CSV files are also plain text, but all the fields of a single record appear on the same line, delimited (separated) by commas and quotation marks, e.g. "Smith","John","30/5/2010","67 Bradley St","Carlton" There is not a lot to separate plain text and CSV data files in terms of usability or value-added structure. True but irrelevant story - many years ago the Victorian Education Department's student record database (CASS) used a wonky version of CSV without the quotation marks, like so... Smith,John,30/5/2010,67 Bradley St,Carlton This usually worked...but, if any field contained a comma, the fields went out of sequence and the entire data file threw itself into an unholy disaster. Of course, inevitably, it happened. Splatz,Emile,1/4/1887,6,The Crest Carlton,Anderson,Ken,3/10/2005 After Emile's record, all the data was trashed. It was a fun day for me, because I had Emile in my school's data and I had to inform the Education Department about the meltdown that effectively stopped all of our daily access to student data until Emile's raw data was changed manually. The Education Department had to rewrite their student database software and they moved to use XML instead. Morals: (1) Think ahead. (2) Data management shortcuts can be costly in the long run XML data files are also plain text, but they contain structural information to identify fields and records within the file. Lots of programs rely on XML to store their data - such as Microsoft Office's DOCX, XLSX and PPTX files - where the "X" means the document is stored in XML format.
|
||||||||||||||||||||||||||
SD U3O1 KK07 | A programming language as a method for developing working modules that meet specified needs
Software Requirement Specifications ? I really have no idea what VCAA wants to teach in this KK Let's summarise the theory for this KK: Yes - a programming language does develop working modules to meet specified needs. What else does VCAA want?
|
||||||||||||||||||||||||||
SD U3O1 KK08 | Naming Conventions for Solution elements
|
||||||||||||||||||||||||||
SD U3O1 KK09 | Processing features of a programming language, including
Quick summary - ClassesClasses are types of objects, such as Text boxes, Labels, Spiders, Wines - each has its own relevant properties e.g.
Some classes (e.g. text box) are inherent and defined by a programming language. Others classes (e.g. spider or wine) are created and defined by the programmer. Control structuresControl structures are commands that control the flow of the execution of a program based on values that apply at the time of execution. The most common types are: LOGICAL (Conditional, Selection) - IF / THEN / ELSE LOOPS (iteration) - FOR / NEXT , DO / LOOP, WHILE / UNTIL, LOOP / WHILE Variants include CASE which neatly collapses a large, messy collection of IF statements into a nice, neat package: Compare: IF age = 3 then group = "Tiny Tots" CASE age
END CASE Don't expect exam pseudocode to use CASE structures. They have never appeared before. But IF statements are guaranteed to appear.
|
||||||||||||||||||||||||||
SD U3O1 KK10 | Algorithms for sorting, including
Quick sort Developed in 1961, QuickSort works by selecting a pivot value, and dividing the data into two partitions - one with values less than the pivot's value, and one with values greater. The partitions are then repeatedly (recursively) divided into two sub-arrays and and re-sorted. The QuickSort algorithm is faster than some others, such as bubble sort. SD students in 2014's exam question B2 were asked: 2b. Briefly explain how a quick sort works and how this differs from a bubble sort. 2 marks [6 lines] You could expect a similarly-hard question this year. My answer in my postmortem was - A quick sort recursively subdivides the data set into 2 parts and chooses a pivot value. All items in the part of the data set that are less than the pivot value are moved to the left of the pivot item, items greater than the pivot value are moved to the right of the pivot item. This is repeated until all items are sorted. - Compared to the bubble sort, the quick sort is more complex to code, but is usually more efficient with large data sets. In their examiners' report, VCAA commented: ...most students struggled to provide a complete and detailed response, with many missing the second part of the question – ‘how this differs from a bubble sort’. The following are examples of high-scoring responses. 1. With each iteration, a value called a pivot is chosen from the list. For each other value, if it is greater than pivot it places it to the right, if it is less than, it places to left. The pivot is in the right place and on the two side lists. 2. A quick sort chooses a random pivot item and compared other items to that element until it has two subsets of elements higher and lower than the pivot. It then does the same to the sublists and so on till it’s all sorted. By the way: in 2014, the average mark for this question was only 0.6 out of 2. In 2016, SD students faced this in question A2 Question A2 In the process of sorting an array of eight integers using the quick sort algorithm, the first partitioning with the array appears as follows.
Which one of the following statements is correct?
To see the answer HIGHLIGHT FROM HERE > B <TO HERE. It was a tough question for 1 mark! TIP - If you spent 10 minutes working it out, you would have been better guessing and taking a 25% chance of being right. More to come.
|
||||||||||||||||||||||||||
SD U3O1 KK11 | Algorithms for
|
||||||||||||||||||||||||||
SD U3O1 KK12 | Validation techniques, including
|
||||||||||||||||||||||||||
SD U3O1 KK13 | Techniques for checking that modules meet design specifications, including
|
||||||||||||||||||||||||||
SD U3O1 KK14 | Purposes and characteristics of internal documentation, including
|
||||||||||||||||||||||||||
SD U3O2 KK01 | Security considerations influencing the design of solutions, including
Let's assume the vague KK refers to user authentication. In your SD software, it means that you need to demonstrate that you know the value of
But in terms of pure theory, user authentication and data protection measures can involve a host of things: Designing User Authentication
Designing data protection
Most of the methods above are designed to protect against deliberate, malicious threats to data. Designing to protect users against themselvesThe main threat to data is not less evil, but it's much more likely - user error caused by incompetence, ignorance, laziness or carelessness. UP - unauthorised people To all of the prevention strategics you should add: "Educate / train users about this threat: its dangers, and how to recognise and handle it." Fun fact: 91% of all successful attacks on data begin with a phishing exploit. Moer than half of lost data was caused by user error.
A clever gadget: The Scramble Keypad randomly assigns digits to different positions for users to enter their PINs. This prevents onlookers from detecting a PIN by the movement of the user's fingers. It also has a narrow viewing angle so people to the sides of the user cannot see the displayed digits.
|
||||||||||||||||||||||||||
SD U3O2 KK02 | Techniques for collecting data to determine needs and requirements, including
|
||||||||||||||||||||||||||
SD U3O2 KK03 | Functional and non-functional requirements For more details, see... SRS - Software specification requirements Functional and non-functional requirements but the short answer is: Functional requirements (FR) = what a solution is required to do, e.g.
Consider a FR like a verb. Non-functional requirements (NFR) of the solution (solution attributes) are qualities such as
Consider a NFR like an adjective |
||||||||||||||||||||||||||
SD U3O2 KK04 | Constraints that influence Solutions, including
|
||||||||||||||||||||||||||
SD U3O2 KK05 | Factors that determine the scope of Solutions
|
||||||||||||||||||||||||||
SD U3O2 KK06 | Features and purposes of software requirement specifications
|
||||||||||||||||||||||||||
SD U3O2 KK07 | Tools and techniques for depicting the interfaces between Solutions, users and networks, including
|
||||||||||||||||||||||||||
SD U3O2 KK08 | Features of
Data flow diagrams (DFD) and context diagrams (CD)
|
||||||||||||||||||||||||||
SD U3O2 KK09 | Techniques for generating design ideas
|
||||||||||||||||||||||||||
SD U3O2 KK10 | Criteria for evaluating the alternative design ideas and the Efficiency and Effectiveness
of Solutions.
|
||||||||||||||||||||||||||
SD U3O2 KK11 | Methods of expressing Solution designs using
|
||||||||||||||||||||||||||
SD U3O2 KK12 | Factors influencing the design of Solutions, including
Yes, "affordance" - not "affordability" as was written in the same KK in the 2016 study design! Big whoops from VCAA there :-) |
||||||||||||||||||||||||||
SD U3O2 KK13 | Characteristics of user experiences, including Efficient and effective user interfaces
|
||||||||||||||||||||||||||
SD U3O2 KK14 | Development model approaches, including
Software Development Life Cycle (SDLC) Development models agile, spiral and waterfall
|
||||||||||||||||||||||||||
SD U3O2 KK15 | Features of Project management using Gantt charts, including the identification and sequencing of
Project Management (you can safely ignore discussion of PERT charts, exciting and useful as it is)
|
||||||||||||||||||||||||||
SD U3O2 KK16 | Goals and objectives of organisations and Information systems Goals and objectives of organisations and systems Strategic, tactical and operational goals and objectives
|
||||||||||||||||||||||||||
SD U3O2 KK17 | Key Legal requirements relating to the ownership and privacy of data and information.
|
||||||||||||||||||||||||||
SD U4O1 KK01 | Procedures and techniques for handling and Managing files and data, including
|
||||||||||||||||||||||||||
SD U4O1 KK02 | Ways in which
affect access to data Do you have a spare month or two in which to discuss this KK in detail? No? Let's keep it brief, then. Storage mediaLet's look at size/capacity and speed of storage/transmission.
Do this: go online a find the cheapest new 12TB SSD you can. Now look for the cheapest 12TB HDD. Calculate the cost per gigabyte and get back to me. I'll wait a few years. I bet I won't need to change my stance until the 2028 study design.
Verdict: For portability - NAND USB drives. SD cards for insertion into phones. For daily speed and performance in computers - SSD and M2 / NVMe drives. For sheer outright storage capacity - hard disks. Transmission technologiesThis gets quite technical. We have both LAN and WAN transmission to consider. LAN (Local Area Network) transmission: 1. Wireless (Wifi) - 2GHz vs 5GHz. 2 is slower, but can can deal better with walls etc. 5 is faster, but has a weaker penetration of obstacles. We're looking at speeds of 2. Wired - CAT5 (category 5) - cable needs to be punched through walls and floors, but is much faster and more secure than wireless. Compare 1000mbps (cabled) with 54mbps (wifi) at 2023. CAT6 can reach far higher speeds than CAT5. WAN (wide area network) transmission: Don't worry too much about this, since it's usually out of your control. In the old days you might have been given ADSL (slow phoneline modem connection), but today you may be able to get Fibre to the node (FTTN) / curb (FTTC) / premises (FTTP) - each one offering increased speeds, depending on the plan you choose. e.g. NBN suppliers may offer plans with 100Mbps down / 40mbps up; others might offer 200Mbps down / 20 Mbps up. Swings and roundabouts, kids. 3. Satellite - remote users may have to rely on slowish satellite internet services. I have a friend in Siberia who has one. 4. Truck - for huge data transmission, it's still cheaper and quicker to put the data on a truck and ship it overland. True story. Amazon AWS offers the Snowmobile which "moves extremely large amounts of data to AWS. Transfer up to 100 PB [1 petabyte = 1,024TB] per Snowmobile, a 45-foot-long ruggedized shipping container pulled by a semi-trailer truck." Organisation of filesI will get to this in a couple of years... maybe. Tell me if you need an urgent update
|
||||||||||||||||||||||||||
SD U4O1 KK03 | Uses of Data structures to organise and manipulate data - includes: classesA class is a type of object used in Object Oriented Programming (OOP). It is a pre-defined type of thing. e.g. car, box, house, textbox, button that has basic features, but may be created with differering abilities and features. For example, take the class of a textbox. It is created by the language's developers with specific things that it can respond to (events), carry out (e.g. methods) and features than can be adjusted by the programmer (properties). So a textbox object may be designed with events it can respond to, such as:
Methods may include its ability to: move, refresh its contents, or resize itself,. Properties are the characteristics that the programmer may give an instance of a class. (e.g. a specific textbox created for the entering of a postcode). Customisable values of an instance of a textbox object may include its:
So, a class is a type of object that has certain pre-defined abilities and adjustable qualilties. That's why classes of house do not have events such as "losing traction on ice" and classes of car don't have properties such as "number of bedrooms." fieldsA field is a data type within a data structure or a file. They are most often seen in database records. e.g. A record in a data base may contain fields such as FIRSTNAME, FAMILYNAME, DOB, STREETADDR, SUBURB,POSTCODE, SEX... Each field has a data type (e.g. numeric, string, date) that applies to every data item in that field. filesA file is a set of data stored in a discrete (separate) collection. The size of a file may vary from small (a few bytes or kilobytes) to gigabytes. Each file's data is stored with a strict format, usually consisting of records, which in turn are made up of fields - records (e.g. a collection of pre-defined fields decribing an object such as a
Data files may be saved in a variety of formats on disk (to save time, let's assume ''disk" is any form of permanent storage) Common file formats are:
<bookstore>
</bookstore> queues, and stacks Arrays and associative arrays |
||||||||||||||||||||||||||
SD U4O1 KK04 | Processing features of a programming language, including
|
||||||||||||||||||||||||||
SD U4O1 KK05 | Characteristics of Efficient and effective Solutions Efficient and effective solutions
|
||||||||||||||||||||||||||
SD U4O1 KK06 | Techniques for checking that coded Solutions meet design specifications, including
|
||||||||||||||||||||||||||
SD U4O1 KK07 | Validation techniques, including
|
||||||||||||||||||||||||||
SD U4O1 KK08 | Techniques for Testing the usability of Solutions and forms of documenting test results Testing
|
||||||||||||||||||||||||||
SD U4O1 KK09 | Techniques for recording the progress of projects, including adjustments to
Gantt and PERT charts (PERT is not examinable, but nice to know)
|
||||||||||||||||||||||||||
SD U4O1 KK10 | Factors that influence the Effectiveness of development models |
||||||||||||||||||||||||||
SD U4O1 KK11 | Strategies for evaluating the Efficiency and Effectiveness of
|
||||||||||||||||||||||||||
SD U4O2 KK01 | Physical and software security controls used to protect software development practices and to protect software and data, including
Version controlIn the Good Old Days™, programmers were solitary animals, living in putrid cellars, dining on yesterday's pizza, and wondering if their toenail infection was preventing them landing a supermodel girlfriend. No more. Programmers now work in teams, collaborating on code, often working on the same code at the same time as a number of other coders spread across the city, country, or globe. If one team's programmer tweaked a function at the same time as another programmer saved a different modification to the same function - what would happen? Chaos! Version control keeps track of all code modifications in a database. If mistakes are made, they can be 'rolled back' (undone). If conflicting changes are made, one version can be kept and the others removed. With version control, a thorough history of code development is maintained, and all changes are tracked. User authenticationObviously, a programming team needs to ensure that changes to code are being made by authorised people. Secure logins and - if necessary - heightened authentication (e.g. two-factor identification) may ben needed to ensure that changes to code are being made by the right people. EncryptionDuh. These days, any system manager would be fired for not strongly encrypting all stored code and data (e.g. RSA, DSA, RC4, DES), and not encrypting all traffic across a LAN and WAN (e.g. SSL, TLS). Software updatesOutdated software is vulnerable to new (e,g, "zero day" = freshly-invented) security attacks. Android devices - typically phones - only receive system updates for a couple of years, but security updates can go on for far longer in order to keep the devices safe from new threats. A danger of using outdated operating systems (like Windows 95) is that they are sitting ducks for thousands of attacks that were never even imagined when the OS was released. Think of new COVID strains: your jab from 3 years ago is not going to protect you from tomorrow's new mutant strain. Code needs to be constantly updated to address new threats. Penetration Testing (White Hat - Ethical hacking)
|
||||||||||||||||||||||||||
SD U4O2 KK02 | Software auditing and Testing strategies to identify and minimise potential risks
|
||||||||||||||||||||||||||
SD U4O2 KK03 | Types of software security and data security vulnerabilities, including
and the strategies to protect against these
|
||||||||||||||||||||||||||
SD U4O2 KK04 | Types of web application risks, including
Cross-site scripting
SQL injections
|
||||||||||||||||||||||||||
SD U4O2 KK05 | Managing risks posed by software acquired from third parties Let's start with definitions:
Don't confuse first/second party data with primary/secondary data.First, second or third part data could all be either primary (from original sources) or secondary (from sources that quote or process primary data). Software from third parties has to be treated as if it carries the bubonic plague. Even if your dear old mum emailed you a "funny program" on it, you would be wise to put on rubber gloves before handling it. Any software you did not create yourself, regardless of its origins, must be initially with suspicion. Even second-party software from your most reliable source might have been infected by trojans, viruses, worms or other malware before you got it. Software downloaded from the internet is especially dubious. Using pirated software is like kissing a crocodile: you never know what may happen. Even if you have fifteen of the best antivirus software suites installed, a zero-day exploit may get past every one of them and your system will be immediately toasted. Possible Payloads The payload is the type of damage that malware can achieve. The term is derived from the power of military explosives. Malware aka a computer "virus" nowadays can mean all sorts of bad software, such as:
Most malware is designed to
And realise that Apple and Linux computers and phones are just as susceptible to malware as Windows or Android devices - they just aren't targeted as often because they are smaller populations of users and not worth the effort.
Managing the risks - Company rule: do not bring in software from outside the organisation. Do not install your own programs onto a company-owned laptop, for example. Do not bring in your own network devices (especially wifi routers) and connect them to company networks. - Company's file server should be set to scan for malware in all files on users' devices. - Educate users about what social engineering looks like, and how to avoid risky behaviour (e.g. opening attachments, using software from dubious sources). 95% of user error is ignorance, and not malicious intent.
|
||||||||||||||||||||||||||
SD U4O2 KK06 | Characteristics of data that has integrity, including
|
||||||||||||||||||||||||||
SD U4O2 KK07 | Reasons why individuals and organisations develop software, including meeting the goals and objectives of the organisation I'm not sure why I did goals and objectives twice... let me know if you figure out how they differ :-) |
||||||||||||||||||||||||||
SD U4O2 KK08 | Key legislation that affects how organisations control the collection, storage (including cloud storage) and communication of data:
|
||||||||||||||||||||||||||
SD U4O2 KK09 | Ethical issues arising during the software development process and the use of a software Solution
|
||||||||||||||||||||||||||
SD U4O2 KK10 | Criteria for evaluating the effectiveness of software development security strategies Let's quote the study design's definition of "effectiveness" : A measure of how well a solution, information management strategy or a network functions and whether each achieves its intended results. We are not discussing efficiency, which only relates to time, money and effort. We are looking for criteria (singular = criterion) - the features used for judgement. In other words, what features of SD security strategies should be used to judge how well those strategies perform?
But keep those in mind because the examiners like to test on such distinctions in definitions. So, what evaluation criteria are relevant to this KK? - accuracy: if the system fails to recognise a genuine threat, ít's called a false negative. If it reacts to a non-threat as if it were a real threat, it's a false positive. - attractiveness? Hardly. - clarity - if a threat were vaguely identifed without enough information to deal with it, that would be an effectiveness failure. e.g. "One of the files just downloaded might be infected with a virus." Certainly not clear. - relevance - if an error message appeared even if the threat did not apply to your operating system - that would be ineffective. - timeliness - being warned about a threat three days after your system was compromised? NOT EFFECTIVE! - usability - if a threat warning were buried deep in a system log file that you would NEVER EVER find - not effective!
|
||||||||||||||||||||||||||
SD U4O2 KK11 | The impact of ineffective security strategies on data integrity Possible impacts - a summary:
|
||||||||||||||||||||||||||
SD U4O2 KK12 | Risk management strategies to minimise security vulnerabilities to software development practices. Non-specific, but relevant stuff is in...
|
Go back to wherever you were before this page
All original content copyright ©
vcedata.com
|