design systems chapter 3

What is an example of an IPv4 class B address?

172.16.1.200

Which connection-oriented protocol can be used to set up a secure session for remote logins?

Secure shell(ssh)

Which network device offers the capability of centralizing the control of resources and compartmentalizing files for improved reliability?

Server

Which system hardening technique involves securing a data-based system's ports, data, permissions, and functions?

Server hardening

Which type of network hardware works at layer 2 and provides centralized connectivity?

Switches

Size of networks

WAN MAN LAN PAN

armored virus

an armored virus is a type of virus that bypasses antivirus programs designed to stop viruses from infecting a computer. The virus does this by tricking the antivirus about its exact location. The antivirus wrongly focuses on another location, believing that's where the virus is located.

Which feature of an IDE provides a list of variables that are already declared in the program as the developer starts typing?

autocomplete

Which component implements decision-making in the programming logic in an application?

branching

client-server architecture

client sends request through communication channel to server. Server sends service response through communication channel back to the client.

portability

determines how a system or its element can be launched within one environment or another. It usually includes hardware, software, or other usage platform specifications. Put simply, it establishes how well actions performed via one platform are run on another. Also, it prescribes how well system elements may be accessed and may interact from two different environments. example: A program running on Windows 10 must be able to run on Windows 11 without any change in its behavior and performance.

Which type of programming language is compiled?

java and c/c++

Which type of non-functional requirement (NFR) stipulates that a program running on a Windows 10 operating system must be able to run on a Windows 11 operating system without any change in performance?

portability

Which server makes requests for resources on behalf of a client?

proxy server

process documentation

roadmap - strategy roadmap, technology roadmap, release roadmap metrics standards

Which type of topology has all nodes connected to a central device?

star

Which port number does the secure shell (SSH) protocol use?

22

levels of OSI model

7 Application - End user layer (Http,FTP, IRC, SSH, DNS) 6 Presentation - syntax Layer (SSL, SSH, IMAP, FTP, MPEG, JPEG) 5 Session - synch & send to port (API's, Sockets, WinSock) 4 Transport - End-to-end connections (TCP, UDP) 3 Network - Packets (IP, ICMP, IPSec, IGMP) 2 Data Link - Frames (ethernet,PPP, Switch, Bridge) 1 Physical - Physical structure (Coax, Fiber, Wireless, Hubs, Repeaters)

Boot sector virus

A boot sector virus is a type of virus that infects the boot sector of floppy disks or the Master Boot Record (MBR) of hard disks (some infect the boot sector of the hard disk instead of the MBR). The infected code runs when the system is booted from an infected disk, but once loaded it will infect other floppy disks when accessed in the infected computer.

companion virus

A companion virus is an old type of virus that poses as a legitimate file by copying its file name but uses a different extension. It doesn't modify files.

LAN

A local area network is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building. By contrast, a wide area network not only covers a larger geographic distance, but also generally involves leased telecommunication circuits

macro virus

A macro virus is a computer virus written in the same macro language used to create software programs such as Microsoft Excel or Word. It centers on software applications and does not depend on the operating system (OS). As a result, it can infect any computer running any kind of OS, including Windows, macOS and Linux.

metropolitan area network(MAN)

A metropolitan area network (MAN) is a computer network that connects computers within a metropolitan area, which could be a single large city, multiple cities and towns, or any given large area with multiple buildings. A MAN is larger than a local area network (LAN) but smaller than a wide area network (WAN).

network hub

A network hub is a node that broadcasts data to every computer or Ethernet-based device connected to it. A hub is less sophisticated than a switch, the latter of which can isolate data transmissions to specific devices. Network hubs are best suited for small, simple local area network (LAN) environments.

switch

A network switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A network switch is a multiport network bridge that uses MAC addresses to forward data at the data link layer of the OSI model.

personal area network

A personal area network (PAN) connects electronic devices within a user's immediate area. The size of a PAN ranges from a few centimeters to a few meters. One of the most common real-world examples of a PAN is the connection between a Bluetooth earpiece and a smartphone.

proxy server

A proxy server is an intermediary server that retrieves data from an Internet source, such as a webpage, on behalf of a user. They act as additional data security boundaries protecting users from malicious activity on the internet. Proxy servers have many different uses, depending on their configuration and type.

remote access service

A remote access service is any combination of hardware and software to enable the remote access tools or information that typically reside on a network of IT devices. A remote access service connects a client to a host computer, known as a remote access server

retro virus

A retrovirus is also referred to as an anti-anti-virus virus. This means that it tries to attack and disable any anti-virus or protective software on the system it is trying to infect to avoid detection.

software risk and issue

A risk is a behavior or situation that could cause problems for your project, such as preoccupied clients who disagree about the project's main goal. An issue is a risk that causes a problem for your project. For example, when the preoccupied clients delay the project.

stealth virus

A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software. It takes its name from the term stealth, which describes an approach to doing something while avoiding notice.

text editor

A text editor is a type of computer program that edits plain text. Such programs are sometimes known as "notepad" software

WAN

A wide-area network (WAN) is the technology that connects your offices, data centers, cloud applications, and cloud storage together. It is called a wide-area network because it spans beyond a single building or large campus to include multiple locations spread across a specific geographic area, or even the world.

Which protocol is responsible for internet protocol (IP) address to physical address translation in the TCP/IP suite?

Address resolution protocol (ARP)

system hardening

An attack surface includes all the flaws and vulnerabilities such as default passwords, poorly configured firewalls, etc, which can be used by a hacker to gain access to a system. The idea of system hardening is to make a system more secure by reducing the attack surface present in its design. System Hardening is the process of reducing the attack surface in the system thereby making it more robust and secure. It is an integral part of system security practices.

IDE

An integrated development environment is a software application that provides comprehensive facilities to computer programmers for software development. An IDE normally consists of at least a source code editor, build automation tools, and a debugger.

Which type of virus intends to make itself difficult to detect or analyze?

Armored virus

Which automatic configuration process occurs when a Windows-based dynamic host configuration protocol (DHCP) client is unable to reach a DHCP server?

Automatic private IP addressing (APIPA)

A user is working on a critical mission project and needs to access a system and network during peak and off-peak hours. Which non-functional requirement (NFR) addresses the likelihood the system will be accessible to the user at a specified time within an organization's network?

Availability

availability

Availability describes how likely the system is accessible to a user at a given point in time. While it can be expressed as an expected percentage of successful requests, you may also define it as a percentage of time the system is accessible for operation during some time period. For instance, the system may be available 98 percent of the time during a month. Availability is perhaps the most business-critical requirement, but to define it, you also must have estimations for reliability and maintainability. example:The web dashboard must be available to US users 99.98 percent of the time every month during business hours EST.

Which type of malware is referred to as a group of zombies?

Botnet

Which type of network topology is cheap and easy to install but difficult to reconfigure?

Bus

bus topology

Bus topology, also known as line topology, is a type of network topology in which all devices in the network are connected by one central RJ-45 network cable or coaxial cable. The single cable, where all data is transmitted between devices, is referred to as the bus, backbone, or trunk.

Which scripting or programming language is considered to be an object-oriented programming language?

C++

Which type of twisted pair cable can transmit data at speeds up to 10 Mbps?

Category 3

compatability

Compatibility, as an additional aspect of portability, defines how a system can coexist with another system in the same environment. For instance, software installed on an operating system must be compatible with its firewall or antivirus protection. examples: The iOS application must support iPhone devices running on OS versions: 3.6 3.3 3.4 4.3 2.3

Which malware program can replicate quickly and spread from one computer to another by itself?

Computer worm

how to approach portability and compatability

Deduce portability requirements from your analytics tools - You can take advantage of Google Analytics or other analytical platforms with access to visitor data to examine which types of devices and browsers along with their versions are most frequently used. Consider the most complete list of portability requirements. Not only will this document provide guidance to engineers, it will also outline the scope of testing scenarios. This includes: the list of supported operating systems and their versions, network specifics, the list of supported browsers and their versions, and devices and other hardware requirements. Define compatibility with other applications, including 3rd parties. If the system must coexist with third-party software or other applications in the software ecosystem, include them.

how to approach security

Define specific threats that you want your system to be protected from. For instance, such details should be considered: under what circumstances the unauthorized access takes place, what the precedents to the data breach are, and what kinds of malware attacks you want to fend off. Expand non-functional requirements to functional ones. They can include, say, a comprehensive authorization and authentication scheme for each system actor. Also, the system is supposed to introduce constraints on who can generate, view, duplicate, edit, or delete the data. Consider standards that you rely on. If your system must be compliant with some security standards or regulations, for example HIPAA, the non-functional section is the best place for them.

Which Windows tool is referred to as a centralized authentication server?

Domain Controller

Which technique can be used by DNS to battle email spam?

Domain keys identified mail (DKIM)

Which protocols can be disabled to increase network infrastructure security?

File transfer protocol (FTP)

functional requirements

Functional requirements define what a software product must do: its features and functions. An example of a functional requirement for a messenger will be something like, "A user must be able to edit messages after they are sent to correct errors." (Well yeah, Meta, the system must provide this functionality. Just so you know

Which network device is considered passive in terms of how it connects to other devices?

Hub

node

In telecommunications networks, a node is either a redistribution point or a communication endpoint. The definition of a node depends on the network and protocol layer referred to

What is the main protocol at the internet layer of the TCP/IP layer and also considered the workhorse of the TCP/IP?

Internet protocol (IP)

Which device offers passive protection against attacks on network- and cloud-based resources?

Intrusion detection system (IDS)

Which type of network connects computers and other networking devices in a single large building?

LAN

maintainablity

Maintainability defines the time required for a solution or its component to be fixed, changed to increase performance or other qualities, or adapted to a changing environment. Like reliability, it can be expressed as a probability of repair during some time. For example, if you have 75 percent maintainability for 24 hours, this means that there's a 75 percent chance the component can be fixed in 24 hours. Maintainability is often measured with a metric like MTTRS — the mean time to restore the system. example:The mean time to restore the system (MTTRS) following a system failure must not be greater than 10 minutes. MTTRS includes all corrective maintenance time and delay time.

general recommendations for documenting non functional requirements

Make them measurable and testable. To understand whether your system meets quality constraints, make sure to quantify your requirements. You have to specify the units of measurement, the methods that you are going to use, as well as success and failure levels. Set requirements for system components rather than whole products. Consider which critical interfaces and systems need such requirements. If your users never interact with some part of your product (e.g. an admin panel) setting up performance limitations for these components may be useless or harmful, since your team will expend much more effort with no evident gain. Link NFR with business objectives. The minute-long difference in system availability may not have a drastic impact on your sales numbers, but sometimes it can mean additional weeks of engineering. Try breaking down your business objectives into system requirements. Consider third-party limitations. If a third-party API that you must use returns data slower than you want, there isn't much you or your team can do about it. Consider architectural limitations. Legacy systems can put constraints on quality. While refactoring legacy code is doable, sometimes the current architecture must be completely reworked to meet some of the requirements. Look for existing standards and guides. It's likely that many system quality recommendations have been made before. So, check iOS or Android app guidelines to suggest some requirements for your app.

Which network topology provides the best fault tolerance?

Mesh

mesh topology

Mesh topology is a type of network topology in which all devices in the network are interconnected. In a mesh topology, data can be transmitted by routing (sent the shortest distance) and flooding (sent to all devices). advantages include: failure of one single device doesn't afffect network - resistant to problems. high level traffic management multiple paths for data management new device additions doesn't affect data transmission. disadvantages - high cost time consuing to build and maintain latency issues

What do networks use to communicate with resources and manage the flow of data across the network?

Network operating system (NOS)

How to Identify High Risk in Software Projects

One approach to tracking risks and preventing them from escalating to problems is to list all the features you plan to develop and evaluate each feature based on three factors: Volatility - likelihood that the feature will change Completeness - what is known about the feature Complexity - how difficult the feature will be to build Combining relative volatility, completeness, and complexity will give you an idea of the estimated risk for each feature: high, medium, or low. Here's an example of how a team might identify risk in a software development project using the completeness, volatility, and complexity of a project.

Unified threat management (UTM)

Originally called unified threat management (UTM), these capabilities better known as a Next-Generation Firewall (NGFW) today, provide multiple security features and services in a single device or service on the network, protecting users from security threats in a simplified way. NGFW includes functions such as anti-virus, anti-spam, content filtering, and web filtering.

personal area network

PANs are created for personal use with ranges of 30 feet or less.

Which type of virus changes form to avoid detection?

Polymorphic virus

Which scripting or programming tool makes use of cmdlet (Command let) that performs a specific function?

Powershell

reliability

Reliability specifies how likely the system or its element would run without a failure for a given period of time under predefined conditions. Traditionally, this probability is expressed in percentages. For instance, if the system has 85 percent reliability for a month, this means that during this month, under normal usage conditions, there's an 85 percent chance that the system won't experience critical failure. As you may have guessed, it's fairly tricky to define critical failure, time, and normal usage conditions. Another, somewhat simpler approach to that metric is to count the number of critical bugs found in production for some period of time or calculate a mean time to failure. example:The system must perform without failure in 95 percent of use cases during a month.

how to approach localization

Rely on market research. To document this requirement, you have to rely on preliminary market research from a product manager or a comprehensive field study by a UX researcher. Be specific in terms of localization aspects. If there are several options for each component within a single market, all of them should be addressed. For instance, things like language, currency, and address and payment formats are crucial requirements.

ring topology

Ring topology is a type of network topology in which each device is connected to two other devices on either side via an RJ-45 cable or coaxial cable. This forms a circular ring of connected devices which gives it its name. Data is commonly transferred in one direction along the ring, known as a unidirectional ring.

Which networking device can be programmed to make decisions to send packets from an input port to an output port based on IP addresses?

Router

scalability

Scalability assesses the highest workloads under which the system will still meet the performance requirements. There are two ways to enable your system scale as the workloads get higher: horizontal and vertical scaling. Horizontal scaling is provided by adding more machines to the pool of servers. Vertical scaling is achieved by adding more CPU and RAM to the existing machines. example: The system must be scalable enough to support 1,000,000 visits at the same time while maintaining optimal performance.

What is the top of the reconfigurable computing software pyramid?

Scripting

how to approach performance and scalability

Start with Google recommendations for regular web pages. Google is very sensitive about desktop and mobile speed load times. So, if you look for performance guidance for regular web pages that all users have access to, check Google's page speed insights. Check basic response time recommendations. Jakob Nielsen back in 1993 outlined 3 main metrics for response time. While this outline may seem ancient, the metrics are still meaningful as they are generally based on the way human attention works: 0.1 second - the limit after which the system reaction doesn't seem instantaneous; 1 second - when the user will notice the delay, but the flow of thought won't be interrupted; 10 seconds - when the user's attention is completely lost. Usually, you don't want to reach this 10-second threshold, as about 40 percent of users will abandon a website after 3 seconds. According to an updated study by Portent, "A site that loads in 1 second has a conversion rate 3x higher than a site that loads in 5 seconds." You might have heard this before: Time is money. Specify the measurement scenario. Does your metric include browser rendering or only the time it takes to deliver data to a browser? If different types of content load at different speeds, you may have different time constraints for text, images, and videos. Specify the current workload for a measurement. Since you may have, say, 5,000 users on average during the day and 1,000 at night, define which load scenarios you need to document. Maybe you document both, maybe you want to set up the highest threshold. Don't include the time it takes to deliver results by third parties. If your operation depends on calls that return data from a third-party API, your development team won't be able to take responsibility for that. Acknowledge the architectural constraints. If developers are dealing with an enterprise solution or a legacy system, there may be very few ways to improve performance without reworking the entire architecture. Define your scalability expectations. We also included scalability in this section, since it considers the maximum load that the system doesn't necessarily process now, but may process in the near future. For instance, you expect that the number of sessions in the application will double after a marketing campaign and you still want to preserve the existing performance. Although it's hard to make predictions in advance, it's worth setting at least some load expectations.

how to approach reliability, maintainability, and availiability

Start with the financial or some other critical standpoint. Can you afford your application to be unavailable 5 percent of the time? Can you express the acceptable losses in financial figures or some other product-level KPI? Keeping in mind there are no completely failure-proof applications, define the threshold that you can't cross. Specify the component that you describe. You can approach the entire system, but if it has different environments (payment workflow, landing pages, dashboards), each of them may have its own reasonable failure limit and availability requirement. Describe different load scenarios. The system may experience downtimes differently depending on different workloads. Similar to performance measurements, consider different situations to define normal and possible abnormal circumstances. Consider product lifespan. On establishing maintainability/reliability/availability, consider a software product lifespan. The longer it is, the more sense it makes to develop a highly maintainable solution. In other words, if you're building an MVP to test assumptions, there's no need to invest in the quality of development this early. Approach estimations during testing and production. You can look for benchmarks of similar products and features, but if this information isn't available at the product planning stages, it's hard for you to specify the measurements. So, it's likely that you'll be able to articulate these requirements during prelaunch testing and production. However, you can emphasize code quality during the development itself.

how to approach

Start with the old design. If you already have a product, consider measuring the number of errors and the time it takes to learn the interface and complete tasks to set up a baseline and define usability goals. Establish thresholds based on your product KPIs. Can you afford that only 50 percent of users can find what they are looking for? What would be the number that satisfies your strategic plans? Run usability testing on competitor products. If you don't have an existing product, run tests with competitors to reveal areas of improvement. You may also check our article on usability engineering to learn more. Test usability on prototypes rather than on a finished product. This is a no-brainer since usability must be established before your engineering even begins.

text editor vs IDE

The key difference between an IDE and a text editor is the out-of-the-box development experience: IDEs are designed to test and preview code projects. A text editor can only write code

localization

The localization attribute defines how well a system or its element falls in line with the context of the local market-to-be. The context includes local languages, laws, currencies, cultures, spellings, and other aspects. The more a product sticks with it, the more success it should have with a particular target audience. example: The date format must be as follows: month.date.year.

http request response

The request from the Web browser consists of the keyword GET (in ASCII or Unicode, of course) followed by the location of the Web server on the host computer, as derived from the Universal Resource Locator (URL), in this case, /webapps/login/. The request also contains the version of HTTP used by the browser HTTP/1.1, and the URL of the host, blackboard.bentley.edu, where the server resides. The HTTP request also provides the date and time of the request, the name of the browser, and, if the request comes from a link, the name of the referring URL that provided the link. (The referrer field in this case is omitted because the user typed the URL directly into the browser URL field.) An optional section to the request can also offer additional information, such as responses to questions on a Web form, for example. These are usually the data that appear on the URL request line following a question mark. The last line of the request closes the communication.

6 steps to reduce software risk

Track risks before they escalate, becoming issues that derail a development project Address the riskiest parts of the development process first Tackle risks immediately by using an Agile development approach Create plans for potential risks at the beginning of the project, and share all risks with clients to be transparent Track development and client team temperature metrics along with project timeline, budget, and scope Encourage open communication and feedback throughout the development process to maintain team morale

Which TCP/IP suite layer handles the transport control protocol (TCP)?

Transport

usability

Usability is yet another classical nonfunctional requirement that addresses a simple question: How hard is it to use the product? Defining these requirements isn't as easy as it seems. five dimensions Learnability. How fast is it for users to complete the main actions once they see the interface? Efficiency. How quickly can users reach their goals? Memorability. Can users return to the interface after some time and start efficiently working with it right away? Errors. How often do users make mistakes? Satisfaction. Is the design pleasant to use? example: The error rate of users submitting their payment details at the checkout page mustn't exceed 10 percent.

Which existing technologies can be used to prevent security breaches by segmenting network traffic over multiple tables simultaneously on a single router?

Virtual routing and forwarding (VRF)

OSI network model

What Is the OSI Model. The Open Systems Interconnection (OSI) model describes seven layers that computer systems use to communicate over a network. It was the first standard model for network communications, adopted by all major computer and telecommunication companies in the early 1980s.

Intrusion detection system(IDS)

What is an Intrusion Detection System? An intrusion detection system (IDS) is a device or software application that monitors a network for malicious activity or policy violations. Any malicious activity or violation is typically reported or collected centrally using a security information and event management system.

Intrusion protection system(IPS)

What is an intrusion prevention system? An intrusion prevention system (IPS) is a network security tool (which can be a hardware device or software) that continuously monitors a network for malicious activity and takes action to prevent it, including reporting, blocking, or dropping it, when it does occur.

router vs switch

While a network switch can connect multiple devices and networks to expand the LAN, a router will allow you to share a single IP address among multiple network devices. In simpler terms, the Ethernet switch creates networks and the router allows for connections between networks

product

a system with a set of features that helps uses achieve their goals (functional requirements). functional and nonfunctional requirements should be determined by stakeholders or end users.

Hub

amplifies network signals and connects network components or nodes

Which network resources can be on the cloud or over the internet?

applications, disk storage

non-functional requirements

are a set of specifications that describe the system's operation capabilities and constraints and attempt to improve its functionality. These are basically the requirements that outline how well it will operate including things like speed, security, reliability, data integrity, etc. Non-functional requirements specify the quality attributes of the system, hence their second name — quality attributes. Continuing our messaging platform example, a non-functional requirement can be the speed with which a system must perform editing to satisfy user expectations, "The message must be updated for all users in a chat within 0.1 seconds, given that all users are online and have LTE connection or better."

features of IDE's

autocomplete automatic formatting keyword highlighting automatic line numbering syntax checking runtime environment debugging tools linkers and loaders version control IDE features summary

Which non-functional requirement (NFR) type states that a web dashboard must be accessible to U.S. users almost 100% of the time every month during business hours?

availability

Which feature of an integrated development environment (IDE) adds a pause to a program to stop the flow of execution where it is defined by the user?

breakpoints

Which network security measure deals with encrypting the data as it traverses the network?

confidentiality

performance

defines how fast a software system or a particular piece of it responds to certain users' actions under a certain workload. In most cases, this metric explains how long a user must wait before the target operation happens (the page renders, a transaction is processed, etc.) given the overall number of users at the moment. But it's not always like that. Performance requirements may describe background processes invisible to users, e.g. backup. But let's focus on user-centric performance. The landing page supporting 5,000 users per hour must provide 6 second or less response time in a Chrome desktop browser, including the rendering of text and images and over an LTE connection.

Which IDE can you use to write programs for Python, Java, and C++ languages?

eclipse

What is an advantage of using a text editor instead of an integrated development environment (IDE)?

fewer distractions

What is the security device that protects a network from hackers and can also simultaneously prevent computers within the network from accessing undesirable content on the internet?

firewall

product documentation

functional and nonfunctional requirements should be determined by stakeholders or end users. UX documentation provides user persona, user scenarios, user stories architecture design document - presentation, business logic, database testing documentation -test plan, test cases. testing Happens along with engineering not after. test driven development - write test,write code, improve design.

Which networking solution helps to distribute the traffic across multiple servers capable of fulfilling the same tasks?

load balancing

Which type of virus exploits those applications that make use of a mini-basic programming language?

macro virus

Which non-functional requirement (NFR) type deals with restoring a system after a brief system failure?

maintainability

Which topology provides multiple pathways between end nodes?

mesh

key types of non functional requirements

performance scalability portability compatability useability security reliability, maintainability and availiability

reconfigurable computing software pyramid

program hardware library interface/CAE tools Hardware Control functions OS Kernel Drivers Reconfigurable Hardware

Which type of non-functional requirement (NFR) ensures that an updated database can return back in the event of update failures?

reliability

security

secures all data inside the system or its part will be protected against malware attacks or unauthorized access example: the payement processing gateway must be PCI DSS compliant

Which type of network attack is worsened by high-speed transfer and the ability to retrieve or upload large amounts of data in a faster way?

swarm attack

Which non-functional requirement (NFR) deals with human factors, consistency, and documentation?

usability

Which IDE is a Microsoft-product and can be used to develop websites, web apps, and mobile apps?

visual studio code

What is a risk-preventing feature that deals with the likelihood that the feature will change?

volatility

software planning and development

waterfall method - requirements specification, design, implementation, testing, maintenance what should the product be like? - product documentation how are we going to build it? - process documentation