Question 1 (25 points)
Company A has undertaken the infrastructure construction project of a smart community cloud platform of a local government. The client has high requirements for security and system performance. In order to realize the transformation of its own business from providing hardware equipment to software development, Company A promises to provide a smart Community APP applet, and write it into the project contract, the contract period is 6 months. The project manager Xiaoqiu is responsible for the development of the APP. The project period is 4 months and it is planned to go online in December 2019. Because the contract did not give clear functional and performance requirements for the APP, Xiao Qiu first determined the main convenience service functions of the APP by referring to the development experience and achievements of other projects. Afterwards, the development team interviewed community residents and distributed questionnaires on the community website Collect related requirements. Finally determined the functional requirements of the APP, compiled a detailed functional requirements specification, and incorporated business objectives, project objectives, scope, design, development, high-level requirements, and detailed requirements into the requirements tracking matrix. In July 2019, the project team and the customer jointly held a scope confirmation meeting, discussed the list of document deliverables, milestones of each stage, detailed work progress and personnel division charts, and formed meeting minutes and signed by both parties. Later, the project team reviewed the scope statement and submitted the project code and related design documents. Functional testing completed in December 2019. At the project acceptance review meeting, participating external experts believed that the project involved personal privacy information, and suggested that a third-party evaluation agency conduct a comprehensive test of the APP. After testing by a third-party evaluation agency, a number of serious personal information security protection issues were found. After analysis, it is difficult to repair the bugs, and a large amount of work is required for comprehensive rectification, but the budget has exceeded the budget. After repeated negotiations with the company leaders and customers, project changes had to be proposed.
Question 1 (10 points)
(1) Based on the case, please analyze whether there is any omission in the scope confirmation work at the scope confirmation meeting held in July? Please point out the missing content.
(2) Please explain the difference between scope confirmation and quality control, and complete the following table.
| Difference Between Scope Validation and Quality Control |
|
| check content |
|
| time of inspection |
|
| executive staff |
|
| level of detail |
Question 2 (5 points)
Please fill in the answers to (1)-(5) below in the corresponding columns on the answer sheet.
In the above case, the project team used the tools and techniques of (1), (2) and (3) in the stage of requirements collection, and lacked the planning of (4) and (5) in the process of requirement traceability matrix design.
Question 3 (4 points)
Please identify the decision-making body for the project change and briefly describe its membership and responsibilities.
Question 4 (6 points)
Please explain what work should be done to change the project?
Question 2 (25 points)
It is known that a company undertakes the development of a tourism information supervision system. The whole project is divided into four stages and nine activities. The relevant information of the project is shown in the table:
Question 1 (12 points)
Combined case:
(1) The optimistic, possible and pessimistic durations of each activity obey the β distribution. Please calculate the duration of each activity and draw the time scale network diagram of the project.
(2) If the project personnel are all versatile and can engage in any activity, please indicate the minimum number of people required for project implementation.
Question 2 (3 points)
Please determine the critical path and duration of the project.
Question 3 (6 points)
When the project progresses to the 70th day, the project has completed 3/4 of the total workload and cost 600,000 yuan. Please calculate the PV, EV, SV and CV values of the project at this time (assuming that the daily workload of each activity of the project is the same, calculate The result is accurate to an integer).
Question 4 (4 points)
Please indicate current project performance and what actions should the project manager take?
Question 3 (25 points)
Company A undertook the endowment insurance information system of government agencies and institutions in a certain city, and the project covered the endowment insurance information of the staff members of government agencies and institutions in the entire city, district, and county, realizing centralized and unified management of data. The company established a project team and appointed Xiao Wang as the project manager. After the project team conducted research on the project, a risk management team was established, and the project management plan and risk management plan were compiled to clarify the project risk management process as shown in the following figure:
The project team formulated corresponding measures for each risk in the risk register, some of which are as follows:
In addition, in terms of information security, pension insurance data information involves personal privacy. If criminals break through the security restrictions, it will cause user privacy leakage or information tampering. Therefore, the project team adopts PKI technology to provide an effective guarantee for the safe operation of the system.
Question 1 (4 points)
Please point out the problems in the risk management process of this project based on the case.
Question 2 (10 points)
Please indicate which risk response strategy is adopted for the risk measures listed in the case.
Question 3 (8 points)
The PKI technology used by the project team adopts a dual-key and dual-certificate mechanism. Please briefly describe the generation process of the dual-key certificate.
Question 4 (3 points)
Please fill in the answers to (1) ~ (3) below in the corresponding columns on the answer sheet.
SWOT technology starts from each (1), disadvantage, (2) and (3) of the project, inspects the project, and includes all the internal risks, so as to consider the risks more comprehensively.
In the first half of 2022, the afternoon real questions and answer analysis for information system project managers
Question 1 (25 points)
Question 1 (10 points)
There are omissions in the scope confirmation work.
Missing content:
1. Before the scope confirmation meeting, the project team needs to carry out quality control work to ensure the smooth progress of the scope confirmation work.
2. The deliverable list includes not only documents, but also source code, executable code, and data supporting system operation generated by the project.
3. The project scope statement should be reviewed at the confirmation meeting to confirm whether the project scope covers all the activities of the product or service that needs to be completed, and there are no omissions or mistakes.
4. The issue of personal information security protection is omitted.
5. It is necessary to clarify whether the risk in the scope of the project is too high, and whether the management can reduce the impact on the project when foreseeable risks occur.
| Difference Between Scope Validation and Quality Control |
|
| check content |
The scope of confirmation mainly emphasizes that the deliverables are accepted by customers or sponsors; quality control emphasizes the correctness of the deliverables and conforms to the specific quality requirements (quality standards) established for them. |
| time of inspection |
Quality control is generally carried out before or at the same time as the scope is confirmed; the scope of confirmation is generally carried out at the end of the stage, and quality control is not necessarily carried out at the end of the stage |
| executive staff |
Quality control is an internal inspection, which is implemented by the corresponding quality department of the execution organization; the scope of confirmation is the inspection and acceptance of the project deliverables by external stakeholders (customers or sponsors). |
| level of detail |
Verifying product, confirming scope and quality control is a progressive, increasingly detailed inspection process. |
Parse:
Question 2 (5 points)
(1) Benchmarking (2) Interview (3) Questionnaire (4) Test strategy (5) Test scenario
Question 3 (4 points)
The decision-making body for project changes is the CCB (or Change Control Board)
Members: company executives, project manager, person in charge of Party A, person in charge of configuration management, person in charge of quality assurance, person in charge of testing.
Project manager: Respond to the request of the change proposer, evaluate the impact of the change on the project and the response plan, transform the requirements from technical requirements into resource requirements for decision-making by the authorizer; and adjust the project benchmark according to the review results to ensure that the project benchmark reflects the project progress status.
The senior management of the company and the person in charge of Party A: decide whether to implement the change according to the impact assessment and response plan provided by the project manager.
Configuration Manager: Updates relevant artifacts of the change process into the configuration management system.
Parse:
Question 4 (6 points)
1. Submit and accept change application
2. Initial Review of Changes
3. Change program demonstration
4. Project management committee review
5. Issue change notification and organize implementation
6. Monitoring of change implementation
7. Evaluation of change effects
8. Judging whether the changed project has been brought into the normal track
Question 2 (25 points)
Question 1 (12 points)
(1) A. 4 days B. 15 days C. 15 days D. 10 days E. 16 days F. 7 days G. 8 days H. 15 days I. 5 days
(2) At least 21 people are required. Click this link to view the real test analysis video
Question 2 (3 points)
Critical path: ABCDEGHI, duration 88 days
Question 3 (6 points)
By the 70th day, the work of ABCDEFG and 2/15 of H should be completed. At this time, the corresponding
PV=0.6+6.3+10.4+24.7+10.2+5.1+10.6+15.7*2/15=70
AC=60
BAC=0.6+6.3+10.4+24.7+10.2+5.1+10.6+15.7+3=86.6
EV=86.6*3/4=65
SV=EV-PV=65-70=-5
CV=EV-AC=65-60=5
Question 4 (4 points)
SV<0 means behind schedule, CV>0 means cost saving.
1. Crashing, devoting more resources or increasing working hours to shorten the duration of key activities.
2. Fast follow-up and parallel construction to shorten the length of the critical path.
3. Use highly qualified resources or more experienced personnel.
4. Reduce the scope of activities or lower the requirements for activities (need to obtain the consent of Party A).
5. Improve methods or technologies to increase production efficiency.
6. Strengthen quality management, find problems in time, reduce rework, and shorten the construction period.
Question 3 (25 points)
Question 1 (4 points)
1. Entry into a risk register should not be a separate step, but should be an output of identifying risks.
2. The qualitative and quantitative analysis of identified risks should be divided into two steps. Qualitative analysis lays the foundation for quantitative analysis, and quantitative analysis conducts in-depth and quantitative analysis of important risks on the basis of qualitative analysis.
3. The emerging risks may not have been identified before or no effective countermeasures have been formulated, so there is a problem with only "handling risks according to countermeasures".
4. The identification of risks does not run through the whole project, and should be repeated many times.
Question 2 (10 points)
Question 3 (8 points)
(1) The user uses the client to generate a signature key pair.
(2) The user's signature private key is stored on the client.
(3) The user sends the public key of the signature key pair to the CA center.
(4) The CA center signs the user's public key and generates a signature certificate.
(5) The CA center sends the signed certificate back to the client for storage.
(6) KMC (Key Management Center) generates an encryption key pair for the user.
(7) Back up the encryption key in KMC for later key recovery.
(8) The CA center generates an encryption certificate for the encryption key pair.
(9) The CA center packs the user's encrypted private key and encrypted certificate into the standard format PKCS#12.
(10) Send the packaged file back to the client.
(11) The user's client loads the encrypted public key certificate and encrypted private key.
Question 4 (3 points)
(1) Strengths (2) Opportunities (3) Threats
Parse:
