-
8/3/2019 apr10pgdwe
1/8
BCS The Chartered Institute for IT
THE BCS PROFESSIONAL EXAMINATIONSBCS Level 6 Professional
Graduate Diploma in IT
WEB ENGINEERING
Friday 30th
April 2010 - Morning
Answer THREE questions out of FIVE. All questions carry equal
marks.Time: THREE hours.
Answer any Section A questions you attempt in Answer Book
AAnswer any Section B questions you attempt in Answer Book B
The marks given in brackets areindicativeof the weight given to
each part of the question.
Calculators are NOT allowed in this examination.
Section AAnswer Section A questions in Answer Book A
A1.a)
i) Explain the role and structure of a DTD in relation to an XML
document. (2 marks)ii) Explain the role and structure of an XML
schema in relation to an XML document.
(2 marks)iii) Explain how an XML document would call:
an internal DTD an external DTD and; an XML schema. (3
marks)
b)i) Compare and contrast the workings of a DTDand an XML
schema. You should state the
benefits of using each. (3 marks)ii) Generate an appropriate
sample XML document based on the XML schema in figure 1.1
(2 marks)
Figure 1.1 XML Schema for Question A1 b) ii)
-
8/3/2019 apr10pgdwe
2/8
c) Write an external DTD for the XML file in figure 1.2:
The elementtrainlogmay contain, in any order, one or
moresessionandprogress_reportelements.
Asessionelement must first contain adurationelement, followed
bydistance
element, followed by alocationelement, followed optionally by
acommentelement,
followed by zero or morephotoelements.
Thedateandheartrateattributes insessionare optional.
Thetypeattribute insessionmust be present but allow only 3 values
running,
swimming, cycling - with default set to running.
Aphotoelement must contain aurlattribute, but may not contain
any text.
Aprogress_reportelement must contain one or
morecommentelements.(13 marks)
Figure 1.2 Sample Document for Question A1 c)
A2.a) A simple DTD to record company information is provided in
figure 2.1.
i) Explain what it means for an XML document to be well formed
and valid. (1 mark)
ii) The XML document in figure 2.2 contains precisely four
errors when validated againstthe DTD of figure 2.1. Identify all of
the errors and for each one provide a correction.
Note: the line numbers are for your benefit and are not part of
the XML code.(4 marks)
505.5Hyde ParkMid-morning run, a little winded throughout.
-
8/3/2019 apr10pgdwe
3/8
Figure 2.1 DTD for Question A2 a) and A2 c)
Figure 2.2 XML document with errors for Question A2 a) ii)
b) Data can be stored in child elements or in attributes as
demonstrated by figure 2.3. Brieflystate five factors to be
considered when using attributes instead of child elements. (5
marks)
Figure 2.3 Example of child elements and attributes for Question
A2 b)
1. 2. 3. 4. 5. 6. 7.
1. 2. 3. 4. 5. 6. IBM7. 8. 9.
ToveJaniReminderDon't forget me this weekend!
12/11/2002ToveJaniReminderDon't forget me this weekend!
12112002
ToveJaniReminder
Don't forget me this weekend!
-
8/3/2019 apr10pgdwe
4/8
c) A simple DTD to record company information is provided in
figure 2.1.
The employment agency has updated the above simple DTD to record
information on allclient companies that have commissioned
recruitment activity since the beginning of the year.Sample XML is
shown in figure 2.4.
There is now a need to render this information as a web page
that can be accessed by theagency staff.Using the XSL template
provided in figure 2.5, complete the missing code in figure 2.5
(the section marked) to accomplish this.A mock-up of the
required rendered page is shown in figure 2.6.
(15 marks)
Figure 2.4 Sample XML document for Question A2 c)
IBMBob Jones0044112233
[email protected]
AnalystDesign payment systems
London30000
25 Feb 2010
Usability EngineerEvaluation of new systems
Glasgow
2800012 Mar 2010
ORACLEBill Smart [email protected]
Database DesignerOO background
London40000
25 Mar 2010
-
8/3/2019 apr10pgdwe
5/8
Figure 2.5 XSL stylesheet for Question A2 c)
Figure 2.6 Mock-up of required web page for Question A2 c)
Current Job Vacancies
Current Job VacanciesCompanyContactemailPhone
-
8/3/2019 apr10pgdwe
6/8
Section BAnswer Section B questions in Answer Book B
B3. You are acting as a consultant for a financial institution,
advising on the development of anonline banking service.
a) One possible security risk when accessing a banking website
from a publicly accessiblecomputer, is a hardwarekey logger that
captures passwords; this is often solved by usingon-screen
(virtual) keyboards to enter data into a web form.
i) What is meant by the term hardware key logger? (2 marks)ii)
Aside from the use of key loggers, outline four other security
risks and, for each risk,
detail a method to prevent it. (8 marks)
b) The in-house developers have outlined three possible schemes
for authenticating their users.You have been asked to comment on
these systems both from asecurityperspective (howsafe the scheme
will be)as well as from ausersperspective (how easy the scheme will
be touse).
Proposed scheme A
Type in youremail address
Type in yourpassword(6 characters, alphabetic)
Select the first and the second digits of yourPIN(6 digits) from
a drop-down list
Proposed scheme B
Type in yourSystem-generated user number(created on
registration, 11 digits long)
Type in yourpassword(6-12 alphanumeric characters)
Type in your favourite colour
Proposed scheme C
Type in yourfirst name
Type in yourlast name
Type in yourpostcode/Zip code
Type in yourdate of birth
Type in yourmothers maiden name
Enter a one-time code using a hardware bank card reader and your
debit card.
i) Outline TWO strengths and TWO weaknesses of each of the three
schemes.(9 marks)
ii) Devise a new scheme for authenticating users on this site
which is superior to all threeschemes outlined above. Explain how
it overcomes the weaknesses identified in part b)i). (6 marks)
B4.
a) Write HTML to construct the form as indicated in figure 4.1.
When the button marked
Search forgames is pressed, the form should submit to a script
calledgames.php(4 marks)
b) When invalid data is entered into a form, a well-designed
system will spot the invalid dataand report them back to the user
with an error message.
i) Why is it important to catch invalid data? (2 marks)
ii) What would be an appropriate error message for a login
attempt that fails due to anincorrect password (but correct
username)? (2 marks)
c) Better systems will automatically re-generate the form with
most data already completed (tosave the user from entering it a
second time). (2 marks)
-
8/3/2019 apr10pgdwe
7/8
i) With a justification, give one example of form data that
should NOT be automaticallycompleted in a regenerated form. (2
marks)
ii) Write code (at the server side in ASP, PHP, or Perl) to
validate that the date of birthentered is not in the future, and if
there is an error re-generate the original form from parta) with
the entered data already filled in. (5 marks)
Notes:
You do not require regular expressions to complete this task,
but you may use them ifyou wish.
You may find the PHP functionint strtotime (string $time)useful
in this task(which parses a string into a Unix timestamp), where
$time is a textual description of adate/time e.g."2009-12-31"for
the 31
stDecember, 2009 or"now"for the current
system time on execution.
d) The server has a database named Games, with a single table
namedGameRatings(asshown in figure 4.2). You may assume the web
server and the database server are hosted onthe same computer. This
database holds details of age ratings for video games which
arelisted in figure 4.3.
For parts ii) and iii), assume that the php scriptgames.phphas
already established a validconnection to this database.
In all cases, you should state the language you are using (ASP,
PHP or Perl).
i) Write code to connect to the database. (1 mark)ii) Write code
to retrieve the details of the game with the title that is exactly
the same as the
text entered in the Enter the game title field. (3 marks)
iii) Write code to retrieve and display (in an appropriate
format) the details ofallgames thatcan be bought by the person
whose date of birth has been entered. (6 marks)
Note: The following SQL syntax may be useful to accomplish these
tasks:
SELECT * FROM tbl_name WHERE col1 = val1;
(Where tbl_name, col1, val1 etc. are to be replaced with
appropriate values)
Figure 4.1 Sample HTML form for Question B4 a)
-
8/3/2019 apr10pgdwe
8/8
Figure 4.2 Database Entity-Attribute diagram for Question B4
d)
Rating UC PG 12 15 18
Minimum age 5 years 10 years 12 years 15 years 18 years
Figure 4.3 Age rating categories and minimum age required to buy
the game
B5. A small company selling digital cameras wants to have a web
presence. They have come to youas an expert to seek your advice.
The owner has been told about some different approaches toweb
development and is confused as to whether he should have a website
developed using:
HTML and other related technologies or,
a content management system (CMS) developed using technology
such asjoomla.
a)i) Explain what is meant by a content management system, and
how this differs from writing
HTML by hand/with an authoring package (such as Dreamweaver).(2
marks)
ii) In no more than 500 words, write a brief report identifying
the benefits and drawbacks of
each approach with a clear recommendation as to which approach
the company shouldadopt.
(7 marks)
b)i) Define and distinguish between a mashup and aportal.
(2 marks)
ii) Using suitable examples discuss how mashups are changing the
way users accessinformation and data from web sources.
(6 marks)
You should reference the use of contemporary technologies such
as Google maps,Yahoo! pipes, Microsoft Popfly (and others that are
similar) to support your answers.
c) Social networking sites (e.g.Facebook,LinkedIn,MySpace,
Twitter, Flickr) havebecome extremely popular, with Google Trends
reporting that in mid-2009 the number ofsearches made for the term
social networking exceeded those for e-commerce.
With specific reference to one or more contemporary social
networking platforms:i) Identify three distinct risks or dangers
that might result from active participation with
social networking sites.(3 marks)
ii) Discuss how a user can mitigate against these dangers whilst
still actively maintaining apresence on social networking sites. (5
marks)
