Β§-Software Engineering Q&A
NSW Β· NESAβ Software Engineering
Software Engineering Q&A by dot point
A short Q&A bank for every NSW Software Engineering syllabus dot point. Each question and answer is drawn directly from our worked dot-point page, so you can scan key concepts before opening the long-form answer.
Module 2: Programming for the Web
Design and consume RESTful APIs that exchange JSON, including resource modelling, request methods and status codes
Describe the client-server architecture of the web, including the roles of the browser, web server, application server and database
Identify and mitigate cross-site scripting (XSS), cross-site request forgery (CSRF) and SQL injection vulnerabilities
Design a relational database schema and write SQL statements to create tables, insert data, query with joins, and update or delete rows
Construct front-end pages using HTML for structure and CSS for presentation, including semantic markup and responsive design
Explain the HTTP protocol, including request methods, status codes and headers, and the role of HTTPS in securing web traffic
Use JavaScript in the browser to manipulate the DOM, handle events and make asynchronous requests
Implement server-side programming, including routing, handling requests, generating responses and integrating with a database
Module 1: Secure Software Architecture
Explain the role of authentication and authorisation in restricting access to a system, and identify common implementation methods including multi-factor authentication and role-based access control
Describe how the confidentiality, integrity and availability (CIA) triad is applied to the design of secure software
Compare symmetric and asymmetric encryption, and describe their roles in securing data in transit and at rest
Describe how hashing and salting protect stored passwords, and identify weaknesses in storing passwords in plain text or with reversible encryption
Apply input validation, sanitisation and output encoding to defend against injection attacks
Identify the OWASP Top 10 web application security risks and describe mitigations for each
Describe the secure development lifecycle, including threat modelling, secure coding practices, security testing and ongoing monitoring
Module 3: Software Automation
Identify the ethical implications of automation and artificial intelligence, including accountability, transparency, employment effects and the use of personal data
Distinguish machine learning from classical programming, and define the roles of model, features, training data and predictions
Describe applications of machine learning in industry, including image recognition, natural language processing, recommendation systems and predictive maintenance
Describe the basic structure of a neural network, including neurons, layers, weights, activation functions and training by backpropagation
Compare supervised, unsupervised and reinforcement learning, and identify a typical application of each
Explain how the quality and representativeness of training data affect a model, including the risks of bias and overfitting
Module 4: Software Engineering Project
Apply code review and quality practices, including peer review, style guides, linters and static analysis
Set up continuous integration and deployment pipelines that build, test and release software automatically
Produce technical and user-facing documentation across the software engineering lifecycle, including README files, API documentation, design documents and user manuals
Use project management tools to plan, track and communicate work across a software team, including issue trackers, Kanban boards and Gantt charts
Compare software development methodologies, including waterfall, agile and scrum, and identify when each is appropriate
Describe testing strategies, including unit testing, integration testing, system testing and user acceptance testing
Use version control to manage source code, including commits, branches, merges, pull requests and remote repositories
