VCE IT Post Mortem by Mark Kelly

Last changed: November 17, 2017 1:15 PM

VCE IT Lecture Notes by Mark Kelly

Software Development

VCAA Exam Post Mortem


Post Mortem banner

Now in living colour!

Post Mortem Notes

This is not a VCAA publication!
I do not speak for the VCAA, the IT examiners, or exam markers.
I was not involved in the setting or marking of this examination.
Extracts from exams are all Copyright © VCAA, and are used with permission. Thanks, VCAA!
Use these post mortems at your own risk.
I reserve the right to change my mind completely, at short notice, about anything I've said here.
Suggestions, discussions and corrections are welcome.
If any third-party copyrighted material has inadvertently been used, please let me know

Questions are in black.
My suggested answers are in blue.
My editorial ramblings about the exam are in blue italics.
Examiners' report comments are in red italics.
Purple shows the explanation of an answer.

Other VCE IT Post Mortems to enjoy

ITA/Informatics - 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017

SD - 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017

The Post Mortem Awards

Dog's Breakfast Award

The infamous SCHMACKOS award for questions that are a complete dog's breakfast.

Sick as a Dog Award

The Questions That Make You Sick As A Dog Award
Questions that are wrong in a way that does not jeopardise the answer, or are just dumb.

Stamp of Approval

The Stamp of Approval for questions I like.

Illiteracy Award

The exciting Illiteracy Award for crimes against the English language.

Naughty Examiner

New for 2016 - the Naughty Step Award, for when the examiners breaks their own rules! and are sent to think about what they have done.

Written examination

Thursday 10 November 2016

Reading time: 11.45 pm to 12:00 noon (15 minutes)

Writing time: 12:00 noon to 2:00 pm (2 hours)

Number of questions

Number of questions to be answered

Number of marks

Section A




Section B




Section C



Total 100

  • Students are permitted to bring into the examination room: pens, pencils, highlighters, erasers, sharpeners, rulers and one scientific calculator.
  • Students are NOT permitted to bring into the examination room: blank sheets of paper and/or white out liquid/tape.

Materials supplied

  • Question and answer book of 21 pages
  • Detachable insert containing a case study for Section C in the centrefold.
  • Answer sheet for multiple-choice questions.


  • Remove the insert containing the case study during reading time.
  • Write your student number in the space provided above on this page.
  • Check that your name and student number as printed on your answer sheet for multiple-choice questions are correct, and sign your name in the space provided to verify this.
  • All written responses must be in English.

At the end of the examination

  • Place the answer sheet for multiple-choice questions inside the front cover of this book.
  • You may keep the detached insert.

Students are NOT permitted to bring mobile phones and/or any other unauthorised electronic devices into the examination room.

Examiners' report general comments

Section A was answered well by many students. Section B required students to demonstrate sound theoretical knowledge and to provide detailed and accurate responses. The format of Section C was consistent with that of previous years and students' responses were expected to refer to the case study; the key weakness in many responses in this section was a lack of detail and depth of understanding.
During the examination, students should have:
• endeavoured to use correct technical terminology
• discussed all options when asked to justify a choice or compare one option with another
• responded to key instructional terms, such as 'state', 'explain' and 'describe'
• re-read each question and their response to ensure that the question had been answered
• removed the case study insert from the question and answer book, and referred to it when completing Section C
• read the case study and questions carefully, and underlined or highlighted key words
• demonstrated their knowledge of the subject and applied that knowledge to the case study; general responses often resulted in low or no marks, but knowledgeable, clear and appropriate responses received high marks.

SECTION A - Multiple-choice questions

Instructions for Section A

Answer all questions in pencil on the answer sheet provided for multiple-choice questions.
Choose the response that is correct or that best answers the question.
A correct answer scores 1, an incorrect answer scores 0.
Marks will not be deducted for incorrect answers.
No marks will be given if more than one answer is completed for any question


Question 1

Which specific data type would be the most appropriate to represent a street number (for example, ‘5A’)?

  1. string
  2. numeric
  3. Boolean
  4. decimal

Answer is A.

The sample data is alphanumeric - containing both alphabetical data and numbers. It can only be stored as text/string.

88% of the state got this right.


Question 2

In the process of sorting an array of eight integers using the quick sort algorithm, the first partitioning with the array appears as follows.









Which one of the following statements is correct?

  1. Neither 17 nor 19 was the pivot.
  2. The pivot was either 17 or 19.
  3. The pivot was 17, but was not 19.
  4. The pivot was not 17, but it could have been 19.

Answer is B. I'll stake 5 cents on it. I'm hoping...

For most students, I suspect this was a brain-destroying question to start off section A.

I instinctively started trying to reverse-engineer the starting state of the array, before realising that it was like trying to unscramble an egg. It took a while to go back to first principles: quicksort divides an array into 2 subarrays with a point somewhere in it (the pivot) that separates the values smaller than the pivot value from all values greater than the pivot value.

This meant that having to carry out a quick sort was not necessary. It involved more basic principles inherent to quick sort.

After a partition, there will be a value (the pivot) that will only have smaller values to its left, and only greater (or equal) values to its right.

Taking each datum in turn and applying this rule...

  • It can't be 12 because 11 is to its right.
  • Same for 15.
  • Can't be 11 because a larger value is to its left (12 and 15).
  • Could be 17, because it has only smaller values leftwards and larger values rightwards.
  • Also could be 19 for the same reason.
  • Can't be 22 because a smaller value (21) is on its right.
  • Can't be 20 because larger values are to its left.

I'm guessing 98% of you just guessed an answer. It took me an hour (and three Youtube tutorials) to finally decide. This is a luxury you do not have in exam conditions. The lesson here (apart from pivot stuff) is that if you get a multichoice question that takes more than a couple of minutes to be sure about - SKIP IT and come back if you have time. Do not spend 15 minutes stubbornly trying to earn one single mark - especially when there's a 25% chance you'll get the mark by sheer luck anyway.

Dog almighty, this was a brutal way to start off a nice, friendly exam! It was not unfair or unclear - in fact I tip my hat to its clever questioning and focus on core theoretical principles - but by golly there will be a few sad and confused puppies in the cohort after this question.

Easy, boy. Calm down. It will be all right.

I inaugurate a new award - the 'Scare The Bejeezus Out Of Students Award'.

57% of the state got this right.

Use the following information to answer Questions 3 and 4.

The following algorithm has been written.

First, let me be the first to say BAD EXAMINER and bop you on the nose with a rolled up magazine.

You've broken your own pseudocode conventions!

Assignment in SD exams is marked by the symbol, not "=" which is reserved for equality.

Then, you forgot to put the output keyword in bold with a capital 'O'. One would expect better.

Now, go and sit on the naughty step.

No. Don't be a sook. Naughty step. Now!

Naughty Examiner


Question 3

The algorithm needs to be tested for logic errors.
Which of the following sets of test data would provide the best test for the algorithm?

  1. 0,75,80,84,100
  2. 75, 76, 84, 85
  3. 70, 75, 76, 80
  4. 0, 74, 84, 85

Answer is B.

Another challenging question. Consider the options. None of them leap out as immediately ridiculous, so there are no quick and easy cross-outs to be made.

We need to thoroughly check ALL possible valid data inputs. We need to focus on boundary conditions where the logic of the code may fail.

These valid inputs are not defined, but we can assume 0 to 100.

The 3 valid ranges and their boundaries are (paying close attention to the >= and > signs)

  1. 0 to 75 (C grade).
  2. 76 to 84 (B grade)
  3. 85 and above (A grade)
  • Option A tests ranges 1 (0,75), 2 (80,84), 3 (100).
  • Option B tests ranges 1 (75), 2 (76,84), 3 (85)
  • Option C tests ranges 1 (70,75), 2 (76,80). It does not test range 3. Cross this option out.
  • Option D tests ranges 1 (0,74), 2 (84), 3 (85)

Options A, B and D all test the 3 possible ranges of valid inputs. (A) has more tests and does not focus on boundary values as well as (B). Option (D) also lacks boundary-specific tests. So of the 3 complete sets, B would be the most likely to uncover boundary condition faults in the code's logic.

Another thought-provoking question. These multichoice questions are taking some time to ponder!

When testing an algorithm students must consider the boundary conditions when checking for logic errors

41% of the state got this right.


Question 4

The algorithm contains

  1. procedures and functions.
  2. procedures and instructions.
  3. control structures and functions.
  4. selection statements and instructions.

Answer is D.

It does not have functions. Rule out (A) and (C).

It does not contain multiple 'procedures' (B) even thought the code itself would constitute a procedure.

That leaves (D) - but check it anyway. It has selection statements ('IF' etc to choose which code to execute) and instructions (like 'output grade')

Student should be able to identify instructions, procedures, methods, functions and control structures.

31% of the state got this right.


Question 5

Which data structure would be best to store the data being collected from the form above?

  1. four one-dimensional arrays
  2. a single array
  3. a record
  4. a list

Answer is C.

4 x 1D arrays would do the job, but they would be rather more difficult to manage.

Records allow a collection of fields with different data types (e.g. text, Boolean) in a single unit.

The key word in the question is "best".

77% of the state got this right.


Question 6

When a student upgrades their operating system to a new version of the operating system, the updating software creates a new folder called ‘OperatingSystem.old’ and copies some of the computer’s files to that folder.
This is an example of

  1. archiving the computer’s files.
  2. backing up the computer’s files.
  3. cleaning up the computer’s files.
  4. creating extra space for the computer’s files.

According to the wording of the question, the answer would be B (which it is officially)- but the question is badly written and common sense should lead to the answer of A.


An archive moves a copy of data into offline storage. It deletes the original data.

A backup copies (and keeps) the original data. It is intended to allow recovery of lost data.

The question says the old OS files are 'copied' to the new folder. That means the original files remain in place and are not deleted. That is a backup.

The question would need to have said "moves some of the computer's files" to qualify as archiving.

The problem is, in real operating system upgrades, "old" folders contain OS data that has been copied, then deleted and replaced by newer versions - which is an archive.

The question is flawed. If the original files are only copied and the originals are left in place, it's a backup. If the original files are moved and the originals are deleted, it's an archive.

The question says that files are copied, not moved. It must be a backup - but that does not happen in The Real World™. Why copy files to a new folder when the originals are left in place? It makes no sense for an operating system upgrade to retain old, incompatible versions of files in its active system software store.

Many students confused archiving and backing up. Backup is always a copy where archiving is the original often removed from active use.

49% of the state got this right.


Question 7

The following array is sorted in ascending order.

Starting point: 13,6, 64, 25, 12, 22, 11, 17

After the third pass: 6, 11, 12, 25, 64, 22, 13, 17

What type of algorithm is used to sort the array?

  1. quick sort
  2. bubble sort
  3. binary search
  4. selection sort

Answer is D.

Sorting - again.

Well it obviously can't be C, which is a search, not a sort. That leaves 3 little piggies.

If it were a bubble sort (B), the first few pairs would have been swapped, leading to 6, 13, 25 - which isn't right. Rule that out too.

I'm assuming a good exam would not re-examine quick sort again so quickly, so I consider it wiser to next investigate selection sort rather than binary search as next contender...

Work it through a selection sort walkthrough...

Original 13 6 64 25 12 22 11 17
After pass 1 6 13 64 25 12 22 11 17
After pass 2 6 11 64 25 12 22 13 17
After pass 3 6 11 12 25 64 22 13 17

Yep. After the third pass, it matches the question. Done and done.

See the slideshow on selection sort to see how it works.

Another challenging and time-consuming multichoice question. This exam is not easy.

56% of the state got this right.


Question 8

If software is purchased over the internet, copies of that software can be sold provided that

  1. the software is open source.
  2. the software licence allows for this action.
  3. slight changes are made to the software before selling it.
  4. it explicitly states that the software is copyright protected.

Answer is B.

If you thought of 'open source', remember that such a licence lets you use and (maybe) redistribute the software, but not to sell it.

82% of the state got this right.


Use the following information to answer Questions 9 and 10.
Consider the following piece of pseudocode.



Question 9

The purpose of the pseudocode is to

  1. find the sum of all numbers in an array that are higher than 10.
  2. search for numbers in an array that are equal to or higher than 10.
  3. find the sum of all numbers in an array that are equal to or lower than 10.
  4. find the sum of all numbers in an array that are equal to or higher than 10.

Answer is D.

Once again, SD exercises the famous ">=" gotcha. Whenever you see <= or >= your shields should be up.

Again, VCAA mucks up their pseudocode: this time with with irregular indentation in the 'Display' line.

At least they got the assignment arrows right this time.

One thing I find concerning is the use of the len( ) function. Pseudocode is supposed to be completely intuitive and readable and self-explanatory. Any invented functions should either be blatantly-obvious or explained in a comment. The len( ) function is an invention that - supposedly - returns the number of elements in the named array. So if nums[ ] had 5 elements, len(nums) would return 5. But that is not immediately and blindingly obvious to students whose programming language did not use that name for the function, or used a different name for it. From my personal experience, len( ) is a function that returns the length of a string.

Let's make a deal, VCAA - you may invent any useful function you like for exams, but they must be either crystal clear or self-explanatory in meaning (e.g. 'Display') or explained in a comment, such as...

// len( ) returns the number of elements in an array


79% of the state got this right.


Question 10

When converting the pseudocode into a program, it would be useful to include in the programming code the

  1. design specifications.
  2. constraints of the code.
  3. internal documentation.
  4. external documentation.

Answer is C.

There is no external documentation either, and even if there were, it wouldn't be put in the code - 'cos it's external. So it's not (D)

I can't see how the design specifications (A) would be useful in the source code.

That only leaves the constraints of the code, which may be useful to later programmers who need to be aware of the limits within which the code needs to operate. For example

// Remember that nums[ ] must support floating point values!

88% of the state got this right.


Use the following information to answer Questions 11 and 12.
A photographer is viewing high-quality photographs on a computer. The photographs are stored as JPEG files on a central fileserver and have an average size of 2 MB each.


Question 11

How long will it take the photographer to download one photograph to a computer that has a wireless connection running at 10 megabits per second?

  1. 0.8 s
  2. 1.0 s
  3. 1.2 s
  4. 1.6 s

Answer is D.

Rejoice, for we have reached the single question for which you brought your calculator. Let's work it through.

2 megabytes = 2,000,000 bytes (or 2,097,152 if you're a pedantic 1,024 bytes to a kilobyte person. The answer does not depend on which one you choose.)

Multiply by 8 to get 16,000,000 bits.

Divide by 10,000,000 (10 megabits)

Answer is 1.6 seconds.

I found it odd how the examiners suddenly decided to get casual and abbreviate "seconds" to "s" in the options, without explanation and for no apparent reason. Would this be obvious to ESL students?

43% of the state got this right.


Question 12

The photographer is considering using a wired network.
The advantages of a wired network compared to a wireless network are that it is

  1. faster and more secure.
  2. faster and more portable.
  3. more secure and portable.
  4. easier to set up and cheaper.

Answer is A.

This is a pretty easy one. Cables are nearly always faster than wireless, and - unlike wireless - cannot accidentally carry data beyond the walls of the organisation. Cables are, however, far from portable or easy to set up.

91% of the state got this right.


Question 13

A standalone application is being written for handheld devices. This application will store all its data on the device and does not need an internet connection.
Which type of application architecture would be best to use?

  1. mobile
  2. rich client
  3. thin client
  4. peer-to-peer

Answer is A.

I expect there will be arguments over this one, and most kids would have been scratching their heads during the exam.

The stem says that an internet connection is not needed, but is some other communications (e.g. wifi or Bluetooth) required?

The app is said to be "standalone" which means it needs no connection to remote data or code sources. So let's assume no comms are needed at all. Think of a self-contained game like Solitaire on a phone. So, which architecture would suit?

  • Rich client means that the host computer has all the processing power and ability required with no support needed from external sources, such as cloud processors. The average computer is rich client since it does all of its own processing.
  • Thin client is the scheme whereby the host computer has minimal processing facilities, and relies on an external source to supply the processing grunt. The host computer acts more like a dumb screen and keyboard to enter data and view the information that has been created by another computer. Think of cheap, low-powered Chromebook computers that use cloud processing. Without the external processors, a thin client terminal is little more than a paperweight.
  • Peer-to-peer means that in a network of devices, each one has equal rights to initiate transactions (e.g. sharing files locally on a small LAN, or sharing files globally via Bittorrent). I can't see how it's relevant to this situation involving a standalone app.

That leaves A, which fits because the app is meant for handheld devices.

Many students selected rich client architecture, but this requires using at least some resources from either a server or the internet. Mobile architecture is the best to use in the given scenario as the handheld device application stores all its data on the device and does not need an internet connection.

35% of the state got this right.


Question 14

XML stands for extensible mark-up language.
Which one of the following is true?

  1. An XML data file is designed to only display data on a web page.
  2. An XML data file will work as expected if some data is modified.
  3. An XML data file will never work as expected if some data is modified.
  4. An XML data file is interchangeable with an HTML file because they are both mark-up languages.

Answer is B. I reckon. (The official answer was B)

XML is new theory, and many people will not be very familiar with it.

The answer will not be (A). XML is used in many places other than web pages: it is a flexible all-purpose, plain-text, human-readable way to store and communicate self-contained, structured data files.

I have done a lot a work with XML because the database I made for teachers to create semester reports had to generate XML to feed into the education department's system. It was certainly possible to modify data within an XML file, considering it is plain text. Mind you, XML will break if you muck around with the tags in the file, but not the data within the tags. So (B) is true.

And therefore (C) is not true.

It is true that XML and HTML both use markup tags to provide structure to data content, but that's where the similarity ends. Otherwise you'd have to say that worms and garden hoses are basically the same because they're both long and thin with a hole in the middle.

43% of the state got this right.


Question 15

Inta is writing a new application for a small bicycle company so its staff can use their mobile phones to access the stock information stored on the company’s fileserver. In the company, there is a manager and four people who sell the bicycles. They all use different brands of mobile phones.
To help her with writing the software requirements specifications (SRS), Inta should

  1. interview all those who will use the new application.
  2. send out a survey to the manager and one other staff member.
  3. observe one of those who will use the new application at work.
  4. survey some of the people who have bought bicycles from the company.

Answer is A.

Hmmm. Interesting. What key knowledge is this question fishing for? What exactly is being examined?

Is it testing understanding of who should be consulted?

Or is it testing understanding of how they should be consulted?

Or could it be testing both?

I'm thinking of SD U3O2 KK 1 in the study design - "techniques for collecting data to determine needs and requirements, including interviews, surveys and observation".

The question smells very much like a fishing expedition for knowledge of KK1 - data collection techniques.

This is another arguable one. One could say that interviewing all users (A) would be over-the-top and that just one user and the manager (B) would suffice. But there is that rather odd comment in the case study - "They all use different brands of mobile phones."

"Why is that there?" you should ask, for stuff is not put into questions as filler or fun. It must be relevant to guiding your decision.

So - how could it be relevant? What options might it be intended to rule out?

If all users have different types of phones, they would all have different experiences and needs from the app. One person, for example, might have a small screen and require the app to be designed with minimal output on each page. Another might have a phone with a stylus, which would enable hand-written input. Another might have a phone with a different constraint that would rule out an important design idea. That comment in the case study makes me lean towards option (A).

But looking at (B), one realises that the manager would be an important person to consult to determine the organisation's functional requirements for the app. But will the manager be using the app - and therefore be included in option A, and be interviewed?

Sadly the wording of the case study is ambiguous - a common fault in VCAA IT exams. We are told that "In the company, there is a manager and four people who sell the bicycles."

This could mean...

1. In the company, there is a manager and four people, who (all five of them) sell the bicycles.


2. In the company, there is a manager --- and four people who sell the bicycles.

Try this. What does this mean...?

A and B doing C

Does it mean...

(A and B) doing C


A and (B doing C)

VCAA really needs a punctuation and grammar manager.
It may alleviate the frequent ambiguities in VCAA study designs and exams.

As a former English teacher, these things leap out at me. And that's why VCAA exams often annoy me more than they irritate other people.

But, it's section A and we can't explain our reasoning or give alternative answers to cope with ambiguities in the questions. We have to decide. Here I look at option B's data collection technique - survey - and wonder. Would a survey be sufficient?
Surveys are composed of closed-answer questions with limited opportunities to provide answers. Surveys are designed for mass data collection to be undertaken after detailed initial fact-finding (using interviews and observation) has uncovered what is relevant to the topic in question. No, surveys are not suitable here.

Remember - knowledge of interviews, surveys and observation are required by SD U3O2 KK 1.

Let's down-vote (B).

Option (C) is fair enough - observing users can uncover valuable ideas that may contribute to the formulation of functional or non-function requirements (e.g. sales staff may be very busy so the app would need to work more quickly than usual.) But only observing only one user would probably not be enough.

Option (D) is feasible and might yield some insight into the requirements of the new system, but it is less valuable than getting input from the actual users of the proposed system. It's not a strong option.

So, I'd say option (A) best answers the question, even though some of the others also have some merit.

Fun fact 1: Inta is a feminine Latvian given name. It's about time female Latvian programmers got mentioned in an exam question.
Fun Fact 2: Research in The Real World shows that about 92% of software developers are male. Yet in SD exams, most programmers are female.
In this exam, we have Inta, Sue-Lee and Janette as female IT professionals, compared with 2 males, Patel and Ethan.

81% of the state got this right.


Question 16

Just as Toni was returning to her car in the shopping centre car park, she witnessed another car reverse into her car and drive off. She quickly took a photograph of the car with her mobile phone, capturing the registration number.
Toni contacted her insurance company to lodge a claim. She supplied the registration number, but was told she also needed the driver’s name and home address in order to make a successful claim. This information is only held by VicRoads, the Victorian government agency responsible for issuing drivers’ licences. She contacted VicRoads, but was told she could not have this information.
In accordance with which Act is the privacy of Victorian driver’s licence holders’ information protected?

  1. Privacy Act 1988
  2. Health Records Act 2001
  3. Privacy and Data Protection Act 2014
  4. Charter of Human Rights and Responsibilities Act 2006

Answer is C.

The PDPA of the current study design replaces the IPA (Information Privacy Act) of the old study design. It only affects Victorian government agencies (and private organisations working for the government.)

'Health Records Act' - hehehe. I wonder how many kids will choose that one.

Anyway - why would an insurance company put the onus on the policy holder to identify the holder of a number plate? Silly. The Real Word™ - as mentioned several times already - does not work like that.

The Privacy and Data Protection Act 2014 deals with Victorian government agencies, of which VicRoads is one.

41% of the state got this right.


Question 17

Which one of the following correctly identifies features of type checking?

  1. checks if only letters are entered into a field and if the text is spelt correctly
  2. checks if data entered already exists in the database and if the data is reasonable
  3. checks if a number is entered into a numeric field and if the number is within a set range
  4. checks if numbers are entered into a numeric field and if letters are entered into a text field

Answer is D.

Notice that each option has two components. Both must be true for the option to be accepted.

The first part of (A) may be true, but the spelling part is not.

The existence check rules out option (B).

The first half of (C) is OK, but the bit after the 'and' is a range check, not a type check.

Both parts of (D) are fair and reasonable.

77% of the state got this right.


Question 18

A data flow diagram can be used as a tool when designing software.
Data flow diagrams must always show

  1. the decisions that are made when sub-modules are called.
  2. the sequence of tasks involved in completing a project.
  3. where data originates and where it is stored.
  4. the specific data flows between processes.

Answer is D.

The key word is "always".

(A) sounds like a flow chart or decision tree, neither of which is examinable. Such decisions are certainly not included in a DFD.

(B) is project management, such as a Gantt chart.

(C) A DFD does include external entities (data origins) and data stores, but the latter don't have to always appear... but any system without data stores would be a strange and rare beast indeed...

(D) Yeah, that feels good. Right there. Data flows in a DFD are specific (each data flow arrow must be labelled), and data certainly flows between processes. Yep.

Silly, silly examiner. DFDs are not used during design.

They are used during analysis.

Back to the naughty step. Go on.

Naughty Examiner


68% of the state got this right.


Question 19

Some of the variables in a program are to be given new names.
Which documentation must also be modified?

  1. software requirements definitions
  2. milestones and dependencies
  3. data dictionary definitions
  4. functional requirements

Answer is C.

The SRS is produced during analysis and contains an overview of the purpose and aims of the software. It does not consider how these are to be actually implemented. (B) obviously refers to project management, which also is not concerned with the details of task implementation.
A data dictionary is the place where details of programming design are documented, and need to be kept up to date.
(D) is also part of analysis, like (A).

Dang! A19 is an easy one, yet A2 dislocated several of my brain cells.

88% of the state got this right.


Question 20

A local shopping centre is considering providing free wi-fi for its customers.
Which one of the following would be a non-functional requirement for its new system?

  1. The system must have a failure rate of less than 3%.
  2. The system must be easy for customers to connect to.
  3. The system must be able to cope with 500 simultaneous users.
  4. The system must have a speed of at least 5 megabits per second.

Answer is B. But I don't like it much.

[This section is in development - which is why it rambles.]

A non-functional requirement (NFR) is a quality or a performance characteristic that a solution must possess. It usually describes what a user requires from the system. Being 'easy to connect to' is such a quality.
(For those of you who were guessing, it's also the only option without a specific number in it. That makes it stand out.)

A functional requirement (FR) relates to what a system must be able to do. It often describes what a system's owner/manager requires from the system.


FR - the system must be able to email a customer a record of a purchase. (What the system can do)
NFR - the system must be able to send the email within 5 minutes of the transaction. (How the system should do it)

But let's quibble, shall we? Do you have time? Good. Please sit down, and let's quibble together.
No, not like that. That's not 'quibbling'. That's just awful. Stop it.

I see an NFR is a global quality of a solution - it describes what the solution should be.
An NFR is probably not achieved in a single procedure (as an FR would be) - it is often an outcome often born of many parts of a solution, e.g. 'easy to use' or 'secure' as a whole may require many pieces of programming in different procedures to achieve.
An NFR is usually related to what the solution's user wants and experiences.

A functional requirement (FR) on the other hand is an action that a solution must be able to do, particularly related to inputs, outputs and processing requirements, e.g. produce a graph of weekly sales, send an email to a customer after each purchase.
FRs require active verbs.
Such activities need to be specifically programmed, and are usually found in specific modules.
If a programmer is told that a system must have a failure rate < 3% he/she might complain, "Yeah - but where? What module/function are you talking about? Or do you mean the code should be generally reliable? How do we test this achievement?"
Yes, an FR is rather specific, but does not have to have a number attached, as A20 implies. A20 assumes that if an objective is so specific that it has a number attached, it must be an FR.

Alas, FRs and NFRs are not defined in the study design. So, when did VCAA decide to define an FR as a specific, numerically-defined objective? - like a system objective? (Also see the system objective question in C2 below)

I rue the day that the study design had to cut back on the scope of the glossary. It's questions like this that make such definitions essential.

To quote Mr Wikipedia:

"Generally, functional requirements are expressed in the form "system must do <requirement>", while non-functional requirements are "system shall be <requirement>".

Another source says: (with my inserts in bold)

Nonfunctional Requirements (NFRs, or system qualities) describe system attributes such as security, reliability [option A], maintainability,
scalability [option C], and usability [option B] (often referred to as the "ilities"). They can also be constraints or restrictions on the design of the system (in which they may be referred to as design constraints)...

The exam's interpretation of FRs and NFRs in A20 seems to be new and idiosyncratic.

End of quibble.

Yes, you can stop now.

Other references:

77% of the state got this right.

Overall for section A - Difficult! Not many quick, easy-peasy questions. Most of them took time to ponder.

There were also too many time-outs for the examiner on the naughty step.

SECTION B - short answer questions

Instructions for Section B
Answer all questions in the spaces provided.

[x lines] indicates the number of ruled lines provided on the paper for the answers.


Question 1 (3 marks)

A company stores the following data in a linear file for its payroll.

Name three fields contained in this file.  

Take any 3 of these:

  • Name
  • Staffid
  • Staffname
  • Salary

Sick as a Dog Award

What is a "linear file"? I've never heard of one before - and not even good old Mr Google knows the term.
The study design certainly never mentions them.
The sample SD exam had questions on random and sequential files, which VCAA acknowledged as inappropriate since that key knowledge is not examinable.
And now the real exam does something quite similar.

Hence the "The Questions That Make You Sick As A Dog Award".
The reference to linear files was incorrect, but did not jeopardise the answer.


The three fields in the file are staffid, staffname and salary.
Most students were able to identify one or two of the required fields; however, many students incorrectly included name as one of the fields. If information is provided in the stimulus material -for example, field names - the most appropriate response would be to write the information as it is listed; for example, staffid is more appropriate than Staff ID.

Average mark 2/3



Question 2 (6 marks)

A government department has been issuing new employees with a sequential employee number for over 70 years. The sequential employee numbers are now at just under 100 000 and the department would like to know who has the smallest number and is still working for the department.

A file has been created of the EmployeeName and the EmployeeNumber sorted on EmployeeName. The plan is to write a simple program to search this file for the smallest number. The pseudocode has been started.

Fill in the missing lines below to find the employee with the smallest number and to print this employee’s name and number.

   LowestEmployeeName ""

   LowestEmployeeNumber 100000

   Open datafile

   while not end of file

      read tempname, tempnum from datafile

      if tempnum < LowestEmployeeNumber then

         LowestEmployeeNumber tempnum

         LowestEmployeeName tempname



   print "Lowest number " , LowestEmployeeNumber , " belongs to " , LowestEmployeeName

   close datafile


8 lines were provided for the answer. I think more were needed. I don't know how the code could be done properly (including explicitly closing the file, which is good practice) in only 8 lines.


There were a number of appropriate responses. Below is one possible response.

   LowestEmployeeName ""
   LowestEmployeeNumber 100000
    While Not EndOfFile
      Read EmployeeName, EmployeeNumber
      If EmployeeNumber< LowestEmployeeNumber
         LowestEmployeeName EmployeeName
         LowestEmployeeNumber EmployeeNumber
   Print LowestEmployeeName, LowestEmployeeNumber

A significant number of students were unable to complete the missing lines from the algorithm using pseudocode. Throughout the year exposure to a range of sample algorithms should be considered; in addition, a range of formative assessments on developing appropriate pseudocode may assist in further developing knowledge and skills.

Average mark 1.5/6




Question 3 (6 marks)

To find an item in an array, a binary search, in most cases, is quicker than a linear search. However, a binary search requires the array to be sorted.
a. Explain why an array must be sorted to find a record using a binary search and how the record is found. 4 marks

Binary search checks whether the sought value is larger or smaller than the middle value of the dataset. It discards the wrong half and repeats the procedure with the remaining data. By repeatedly halving the dataset, the search area rapidly decreases and the value is soon found, or known not to exist. It is only possible to eliminate half of the dataset if the data is sorted.

Most students were able to provide some information about a binary search; however, many were not able to provide a detailed and knowledgeable response to gain full marks. Students are reminded to read the question carefully and consider the mark allocation and amount of answer space when responding, as this will give an indication of the detail and depth required.
Students were required to show knowledge of the process of a binary search, including an understanding that a binary search identifies the midpoint, discards half of the list that is higher/lower than the search value, and repeats this process until the value is found. If the list were not sorted it would not be able to follow this process.
The following is an example of a high-scoring response.

An array must be sorted for a binary search as it uses recursive division. It picks a midpoint and compares the wanted value to it. If the wanted value if higher than the midpoint it discards all below it and vice versa. It then does the same thing to whichever half is left, repeatedly till the midpoint = the wanted value. If the list was unsorted, the wanted value could end up in the half that gets discarded as it's not in the correct order, and thus, doesn't get found.

Average mark 1.7/4


b. A linear search, unlike a binary search, can find records in an unsorted array. Explain why. 2 marks

It checks every value in the dataset in turn.

Does anything else need to be said?

Six lines were provided for the answer. You don't need to use them all.

Students were able to generally provide some point of comparison between a binary and linear search method with many being able to identify that a linear search compares all elements of the array to the search item until found, which does not occur in a binary search. Some students went on to discuss the lack of efficiency of this method, but this was not required.
The following is an example of a high-scoring response.

A linear search makes comparisons with every value in the array until the target value is found. As every value is checked it does not matter if the array is sorted or not.

Average mark 1.1/2




Question 4 (5 marks)

A hash function has been created to store a set of different integers in an array. The hash function creates a key value from the integer. The hash function takes the integer to be stored, divides the integer by 5 and uses the remainder as an index value. For example, if the first integer is 11, then 11 divided by 5 gives a remainder of 1. This becomes the hash key.
When a collision occurs because two integers hash to the same array location, the second integer is placed in the next available space under the hash key.

The numbers to be stored via the hash function are: 11, 17, 23, 8, 13. The number 11 has already been entered.

a. Complete the diagram below.

Answer to B4a

17/5 = 3 with remainder 2. So 17 hashes to 2.
23/5 = 4 with remainder 3. So 25 hashes to 3.
8/5 = 1 with remainder 3, so 8 also hashes to 3, leading to the first collision.
13/5 = 2 with remainder 3, leading to the second collision.

A pretty straightforward and fair hash question.

As part of Unit 4, Area of Study 1, students are required to have an understanding of a range of data structures to organise and manipulate data, and the common processing features of programming languages. This question required an understanding of arrays and the purpose of a function. A significant number of students were able to utilise the details in the stimulus material and performed basic arithmetic to calculate the hash function value and thus allocate the numbers to be stored to the correct array location.


Average mark 2.7/4

b. Outline how a value is retrieved using a hash key. 1 mark

The slot in the hash table that corresponds to the hash key is checked.
The values stored in that slot are compared with the value being sought until a match is found (or no values remain, meaning the value does not exist in the table).

Only 3 lines were provided for the answer. I expected more space, and more than one mark for a fairly meaty answer.

Although students were able to work through the function's arithmetic and logic in Question 4a., most students were not able to articulate how you would then use this function to retrieve a desired value. An appropriate response included searching for the number that matched the hash key, and once found doing a linear search of elements at that array location to find the number.

Average mark 0.2/1

Section B overall - A fair set of questions, especially on the new theory such as XML, hash. A decent pseudocode exercise. The search questions were challenging but very reasonable. The balance between difficulty and challenge was handled well. A couple of answers needed more space provided.

I award the stamp of approval.

Case study

Patel and Janette started a small, suburban physiotherapy clinic. They both have a professional interest in a holistic approach1 to health and wellbeing.
Business has been steady, so Patel and Janette decided to expand the number of clinics and have established four clinics around the state. They have called their business ‘Soul & Body Health’.
One of the clinics has become their head office and it contains their fileserver and the commercial medical software required to keep patient records, both medical and financial.
There is also a connection to the national healthcare system so that rebates2 may be claimed from the government. The commercial medical software also allows Soul & Body Health to upload other data files to the healthcare system.
The other three clinics use virtual private network (VPN) connections to the head office.
Patel and Janette feel that they can improve patient care by introducing preventive medicine techniques. So they have decided to provide extra services to their patients by incorporating a fitness application (app) called Keep Fit.
The purpose of the app is twofold:

  1. To allow patients to make appointments and pay fees online to the head office
  2. To provide an online recording service to help patients record their dietary intake as well as their daily exercise regime

Patel and Janette believe that patients will benefit from detailed knowledge of their eating and exercising habits. The data will be held locally on each patient’s mobile device and then uploaded to the Soul & Body Health server each night or when it is convenient.
Patel and Janette feel that, in addition to having detailed knowledge of their eating and exercising habits, patients will benefit from a more holistic approach by also maintaining an accurate record of their diet and exercise plan.

1 holistic approach - an approach concerned with the whole person (physical, mental and emotional)
2 rebate - return of part of an amount paid or due for a service



Instructions for Section C

Please remove from the centre of this book during reading time.

Use the case study provided in the insert to answer the questions in this section. Answers must apply to the case study.
Answer all questions in the spaces provided.

Answer all questions in the spaces provided.





Patel and Janette select a software development company to develop both the new Keep Fit application (app) for their patients’ mobile devices as well as new communications software for their Soul & Body Health system to enable the Keep Fit app to communicate with their existing software.

Question 1 (5 marks)

Sue-Lee, the project manager, begins to plan the project. She decides to use two programming teams.
To write, test and debug the Keep Fit app for the mobile devices will take about 25 days. To write, test and debug the new Soul & Body Health communications software will take about 30 days.
Then they will need to test that the Keep Fit app can communicate with the Soul & Body Health software. This should take about five days.
The next step would be to demonstrate the entire system to Janette and Patel, and to make modifications. This should take another five days. Then they would need to install the new software on the server at the clinic and test it using the app, which would take another five days.
That gives Sue-Lee a total of 70 days.

a. Complete the Gantt chart below to show Sue-Lee how to complete the project in fewer than 70 days. 4 marks.

Keep in mind that the testing task requires both the app and the SBH software to be finished first .

Most students were able to complete the Gantt chart quite well; with many indicating dependences, to show a more complete understanding of the project.
Average mark 3.4/4

b. Name one milestone for the project.

'End of Project' after the last task?

No activity in the question has zero duration, so it can't be any of them. I had to invent one.

This is an odd question.


Most students were unable to name a milestone. The stimulus material did not indicate a zero duration task, but many students restricted themselves to the five listed tasks in the partial Gantt chart when responding, instead of considering the project and a likely milestone. Examples of possible milestones include:
• finish writing
• testing and debug app and software
• testing complete.

Average mark 0.3/1





Question 2 (2 marks)

Sue-Lee begins to plan the software requirements specifications (SRS). She understands that she will need to follow the goals and objectives of Soul & Body Health.
Apart from financial considerations, state one organisational goal and one system objective.

Organisational goal

Improve patient care.

Provide holistic patient care.

System objective

Introduce preventive medicine techniques (to support the goal of improving patient care)

Give patients detailed knowledge of their diet and exercise (to support the goal of holistic care)

Objectives are short-term, practical, achievable steps towards a larger long-term, rather vague goal.

Org goals and objectives affect the whole org and everything it does.

System goals and objectives relate to systems within the org that should be helping to achieve org goals and objective.

This - like goal/objective questions of past exams - was not easy. I'm still not sure of the sys objectives.

I have a suspicion that the examiner may be conflating functional requirements and system objectives (see A20 above)

An example of an appropriate response is:
• Organisational goal: Improve the health of clients through a holistic approach, provide clients with 'best practice' physiotherapeutic care
• System objective: streamline the payment process, connection with national healthcare system.
The knowledge and understanding of organisational goals and objectives is a new area in the study design. Unit 4 includes goals and objectives of organisations and information systems. Most students were not able to clearly state an organisational goal nor a system objective. Many listed the new solution requirements (Keep Fit app) for system objectives; however, both the goal and objective were of the current organisation and system at Soul & Body Health.

Average mark 0.5/2





Question 3 (3 marks)

Sue-Lee now begins to prepare a use case diagram for the Keep Fit app. A patient should be able to log in and:

  1. check the availability of appointments
  2. make an appointment
  3. cancel an appointment
  4. pay any fees that are due
  5. change personal data
  6. download their own Keep Fit data.

Complete the use case diagram below by indicating all of the requirements.

At first I added the two lines from the patient and muttered, "You mean to say - that's IT for... how many marks... three marks? For adding TWO LINES! Skippy the Bush Kangaroo could have got THAT one right... hang on. How many marks? Three? Three marks for two lines? How do you work that out... 1.5 marks per line? Or... maybe I've missed something."

"Come to think of it, THAT doesn't look right... how can you cancel an appointment without the system knowing who you are? You'd have to ... LOG IN FIRST! "

"Ahhhh. And would it be necessary to log in to book an appointment? Maybe not. I could imagine a system where a stranger books an appointment for the first time and becomes a registered patient upon their first visit. Not sure. I'll put it in two <<includes>>, just to be safe."

"But on the other hand, there are three marks available - two marks for the association lines and one for the <<includes>> from 'cancel appt' - and I've added four items."

"Also, that <<includes>> line from 'Book appt' to the login use case crosses the association line, which looks really awkward and ugly. So maybe there's only one <<includes>> arrow. OK. Maybe I was right - there's no need to already be on the system to be able to make an appointment. You'd think they might have mentioned that in the case study. But anyway..."

Which led to this:

The morals of the story:

  • Use the number of marks to help determine how much needs to be done. The mark allocation is usually logical: one mark for each thing expected.
  • Also use common sense, such as the need to be identified before being about to cancel an appointment.


Students needed to carefully and logically consider the system. Students often confused solid lines and dotted lines, and misused extends and includes. Students are encouraged to attempt all questions and to use reading time to re-read questions that require careful thought, such as this one.
There were a number of appropriate responses. Below is one possible response.

Average mark 1.1/3






Question 4 (4 marks)

Patel and Janette have asked the developers to take a simple approach to the design of the Keep Fit app. They want error-handling features, simple navigation between the components of the solution, and a clean and clear interface that allows for easy data entry regardless of the device. They also want it to be interesting to look at.
Sue-Lee has developed two design ideas for the app. Each design idea includes a start screen and one of the data entry screens. The design ideas are shown below.

a. Describe one feature of each design idea that contributes to its effectiveness. 2 marks

Feature of Design idea A

Sensible and time-efficient, easy-to-use data entry control choices, such as the calendar and slider, compared to the ugly and awkward scrolling and text entry needed for design idea B.

Feature of Design idea B

Text on the controls main screen with text to explain their purpose, rather than the potentially-confusing or meaningless icons of design idea A.


Most students were able to identify a feature of the design, but many students struggled to articulate how it contributes to effectiveness. Ideally students should have linked the feature to one of the following effectiveness measures: completeness, readability, attractiveness, clarity, accuracy, accessibility, timeliness, communication of message, relevance, usability (as listed on page 12 of the study design).
The following are four examples of high-scoring responses.

Feature of Design idea A:
Design A improves accuracy as drop-down boxes, which are easy to use on a touch screen, are used instead of text field, which could contain errors like misspelled words.
Accessibility - the use of icons rather than words make the design more accessible/effective for visually impaired.

Feature of Design idea B:
Clarity - Everything in this is labeled with what it is, it makes this design clearer and thus contributing to it's effectiveness.
Readability/Clarity The program is clear and easy to read and understand what to do and where. It is also clear and uncluttered. This will allow most clients of Body and Soul to easily use this design.

Average mark 1/2

b. Which design idea would you choose based on the stated requirements? Justify your choice. 2 marks

Both offer error-handling (home/reset links).

The text-based navigation of idea B is clearer and simpler.

Idea A is more interesting to look at, and allows for easier data entry.

Since the ease of data entry is especially important, I'd choose idea A because of its superior choice of appropriate data entry controls.


It is important that students consider the key command terms given in questions. In this question students were asked to select which design idea would meet the solution requirements (stated in the information prior to the question) and justify their selection. When justifying, students should ensure they give a clear reason why the selected design is the better design, and it is appropriate to indicate why the alternative design was not appropriate. Either option was accepted if there were reasoned justification.
The following is an example of a high-scoring response.

Design B - the distance 'slider' is contradictory to the need for 'error-handling features', as more errors would be made with this. Similarly, the design of B is more clean/clear in the each button/label is clearly defined rather than made vague through pictures.

Average mark 1.1/2







Question 5 (3 marks)

Sue-Lee also looks at the flow of data to and from the Keep Fit app and the Soul & Body Health system by starting to draw a context diagram.
Continue the context diagram below by naming the three entities and showing one data flow from each entity.

Query - is the app meant to be seen as part of the Soul & Body Health system? If so, the app cannot not be classed as an external entity. That's how I read it. Instead, the patient would be the data provider/entity.

Note 1 - the question is asking for a data flow FROM each entity, not TO it. This is difficult in the case of the health care system since the case study only describes data flows TO it, not FROM it (rebate claims, other data files). I believe the question was worded incorrectly.

Rather than invent an data flow FROM the healthcare system, I've assumed the question was bad and provided data flow TO it. That, I figure, is What The Examiner Wanted Me To Say.

Sit on the naughty step.

Naughty Examiner

Note 2 - assuming that one entity is a clinic, what data flows are described in the case study between SBH and the clinic? None that I can see. Do we have to invent one as we did with the Gantt chart milestone?

STUDENTS SHOULD NOT HAVE TO BE EXPERIENCED BUSINESS OWNERS in order to figure out how The Real World works and invent probable scenarios in an exam!

And, back you go.

Naughty Examiner


C5 answer

Now, let's see. If my interpretations above are right, two sits on the naughty step must add up to one Dog's Breakfast Award.

Dog's Breakfast Award


A majority of students were unable to identify appropriate entities, thus showed incorrect data flows. The case study did not provide a data flow diagram to model responses, so students needed to read carefully and think about the entity names. A range of names for entities and data flows was acceptable.
A suitable response would show the following on the diagram provided:

• Entity 1 - Patients/clients with an appropriate patient data flow
• Entity 2 - Clinic staff/physiotherapist with an appropriate patient medical/treatment data flow.
• Entity 3 - National healthcare system with rebate data flow.

Most students were able to successfully provide advantages of the two data storage methods described: data stored and accessed locally (Ethan's method) or data stored centrally and accessed via the internet (Sue-Lee's method).

Average mark 0.6/3






Question 6 (4 marks)

The Keep Fit app will require access to the kilojoule content of a large selection of foods. Ethan, a member of the software development team, suggests that this data be stored on the mobile device where the app is installed. Sue-Lee feels that the data should be stored centrally at the Soul & Body Health head office and accessed over the internet.

a. State two advantages of Ethan’s method. 2 marks

The app can access the kilojoule data more quickly than having to download it.

The app can use the data even when the internet is inaccessible (e.g. the phone is out of range, or 3G/4G is turned off by the user to save money)

The following are examples of high-scoring responses.

Storing the information locally allows the app to function without an internet connection and hence provide a more usable app.
The data can be access quicker by the patients, as it is already stored on their phone.
Data does not have to be sent over the internet reducing data usage.

Average mark 1.4/2

b. State two advantages of Sue-Lee’s method. 2 marks

Data storage space on the phone will be reduced.

Data can quickly and easily be added or changed centrally without having to repeatedly send large update uploads to all phones.

The following are examples of high-scoring responses.

By having the data stored centrally updates could be made to the database without having to push an update to the entire application.

Storing this information on the internet means less of the valuable (and small) storage capacity on a mobile device is taken up.

Internet access also allows for the data to be more easily and regularly updates, as users will simply retrieve this new data next connection.

Average mark 1.3/2





Question 7 (9 marks)

The system at the Soul & Body Health head office will need to store sensitive information.

a. Identify one appropriate security measure that could protect this data and explain how the measure would protect the data. 3 marks.

  • A firewall - prevents unauthorised access from outside the LAN.
  • File encryption - if data is stolen, it is unreadable to unauthorised people, so it's harmless and worthless.
  • Wifi encryption - prevent locals accessing the system through the company's wireless network.
  • Usernames/passwords required to access workstations and the database - prevents intrusion by people getting physical access to equipment or software.

Most students were able to consider an appropriate security measure; however, they often provided limited detail of the measure and how it secures data. Ideally students should have stated (identified) a measure, and then provided a detailed explanation of how it works and its role in protecting data. The mark allocation provided details of the depth required. A range of responses was accepted, including user authentication hierarchy, a firewall, encryption of stored data, and physical security measures.
The following is an example of a high-scoring response.

A firewall should be installed onto the Soul & Body Health network. Firewalls control and regulate the flow of packets through a network's ports and blocks packets with malicious or unauthorized information. A firewall would severely restrict the ability of hackers to enter the network and steal the head office's sensitive information.

Average mark 1.4/2

b. Describe one backup procedure that could be used to back up this data. Make reference to the technique used and the frequency of the backup procedure. 3 marks.

  • A cloud-based backup system could be set up to store all new and modified data immediately to a remote cloud server hosted by a reliable and reputable cloud host. Any data loss would be minimal since all changes are backed up instantly. Since the data is stored offsite, local disasters would not damage the backups. The backup scheme will be tested regularly with test data to ensure recovery works as expected. The backup procedure will be documented so new staff in charge of backups will know how it's done properly.
  • At the end of each day's business (when files are closed and able to be copied, and the network will not be slowed by a backup), an incremental backup of all new and changed data can be copied to tape or a USB hard disk and stored offsite. Once a week, a full backup of the entire system would be taken and stored offsite. In case of disaster, the latest full backup can be restored, followed by all incremental backups taken since the full backup. The backup scheme will be tested regularly with test data to ensure recovery works as expected. The backup procedure will be documented so new staff in charge of backups will know how it's done properly.

Did you know: Rumours of the demise of tape backups have been greatly exaggerated. Tape backup is still alive and well in the corporate world, and can still kick hard disk's backside in terms of storage capacity and speed. Amazing, but true.

This question required students to show more than superficial knowledge of backup procedures. The mark allocation of three marks provided an indication that a detailed response was required. Appropriate responses could have included details of how the procedure worked, the type of media used, and/or the location of that media and the timeframe. Students should show their knowledge with detail, depth and accurate technical information.
The following is an example of a high-scoring response.

Perform an incremental backup on Monday through to Saturday (of only data that has been changed/added) to an external hard-drive. On Sunday, perform a full-backup of every file used in the health system to magnetic tape (for its large storing capacity)

Average mark 1.5/3

c. It has been suggested that patients who have not visited Soul & Body Health for over five years should have their records archived. Explain what is meant by archiving and provide one advantage of archiving records. 3 marks

Archiving is the copying of old, unwanted, irrelevant, bulky records to offline storage (for example disc, tape, hard disk) that is still accessible, but requires media to be located and loaded before data can be read. The original data is deleted after being copied.

The advantage of archiving is that storage space is freed up for new, active data.

Note my use of emphasis to mark the answer to each part of the question, and to stress key concepts that make all the difference, such as the deletion of archived data (compared with backup data which is copied and retained in place.) If you make the marker's job easier by stressing key parts of your answer, everyone is better off. In an exam, you can underline or highlight key text.

This set of questions required detailed and technically accurate information. Many students provided very generic responses. Students are urged to use the number of lines and the mark allocation to guide the length and depth of their responses. These more technical questions can be practised throughout the year in all knowledge areas. The following is an example of a high-scoring response.

Archiving is when inactive customer details are removed from the head office Soul and Body server and transferred to a secondary storage medium, the transferred data is then deleted from the head office server. The archiving of customer records is beneficial as space on the main system is freed up for newer customer data, it also decreases the size of backups as well as decreasing how long it takes to perform a backup.

Average mark 1.8/3





Question 8 (5 marks)

The new software for Soul & Body Health’s system will be receiving sensitive information from the new Keep Fit app from all of the patients. Sue-Lee is investigating how the mobile devices could send this information as securely as possible. To do this, she is exploring the use of protocols.

a. Apart from the patient’s name, list two different pieces of sensitive information that the new software will need to keep secure. 2 marks.

Bank account / PayPal account details.

Personal information of diet and exercise.

(Note - medical records would not be sent from the app. They are stored on the HQ's file server, but not sent by users of the app.)

Most students were able to consider what data would be considered sensitive, with many giving variations of payment details or medical records.

Average mark 1.8/2

b. Identify a suitable protocol for securing this sensitive information and explain how the protocol achieves this. 3 marks

I reckon the question is fishing for an answer like

SSL or TLS over HTTP so web traffic is encrypted by the sending device, and decrypted by the receiving device, making it unreadable if it is intercepted in transit.

But the case study gives no clue about how the app communicates with the SBH system. Does all 3G/4G mobile phone traffic travel via HTTP? I dunno.
I doubt most kids would know either. They're not telecommunication engineers, for dog's sake.
I shall research, but I'm not liking the assumptions that this question is making, given the paucity of information given in the case study.

This question required students to show their understanding of key knowledge and not just provide generalised information. Students were required to identify a protocol that would help to secure the system's sensitive information. Options could have included HTTPS, Secure Socket Layer (SSL) or Transport Layer Security (TSL).
Many students were able to name a protocol but were unable to explain how the protocol worked or how it aided in securing data.
The following is an example of a high-scoring response.

Secure Socket Layer (SSL) is an asymmetrical encryption protocol which would be suitable for the Soul & Body Health system. First, a transfer request and a public key relating to how to turn plaintext into ciphertext are exchanged. A private key is then encrypted with the public key and then sent, which explains how to decrypt ciphertext. A secure connection is then established and information can then be exchanged quickly and securely.

Average mark 0.5 3/






Question 9 (5 marks)

A commercial software company has contacted Patel with a proposal about some newly developed software that is suitable for Soul & Body Health’s system. The software would search the data and provide extra information about the patients, which could help Soul & Body Health improve its business.

a. What is this process called? 1 mark

Data mining.

The only answer for the process described was data mining.

Average mark 0.4/1

b. The software company is willing to load its software onto Soul & Body Health’s system so it can provide information automatically. Patel is concerned about how this new software will affect the rest of Soul & Body Health’s system. Discuss two technical issues Patel should investigate before making a decision regarding the offer. 4 marks

1. Whether the system has the capacity to do its normal business and also run the mining software.

2. Whether the software is compatible with his system.

3. Whether the software may contain malware, spyware or other PUP (potentially unwanted program) that may damage or steal data from his system.

Issues such as cost, ease of use etc are not relevant because the question asked for technical issues.

Students found it difficult to clearly and accurately write about any technical issues that should be considered before implementing additional commercial software. Many students discussed compatibility when in fact they meant interoperability, i.e. the ability for a number of systems and software applications to communicate, exchange and use exchanged data. The following are examples of three high-scoring responses.

  • The amount of space the new software will take up on the existing soul and body system may be a factor as the system already holds thousands of records and the new software may take up space on the storage that the system does not have.
  • Patel should verify that the software does not contain any vulnerabilities and can be trusted to operate in the secure manner when handling information.
  • The security of the software. This may compromise the security of the overall system as although Patel has ensured that Soul & Body Health's system will adequately deal with sensitive data, this software may not.

Average mark 1.1/4





Question 10 (3 marks)

Patel has questions about the use of patient information. He is concerned about who owns the patient information stored on Soul & Body Health’s system and what his legal obligations are concerning this information.
Outline three actions that Patel should take to ensure that he meets Soul & Body Health’s legal obligations before purchasing the software.

1. Patel is subject to the Privacy Act 1988 because he holds health information about people. He must ensure that the information: is well protected and not used for any other purpose than that for which it was collected; not disclosed; is accurate, complete and up to date. He must also clearly advertise his privacy policy and allow information owners to check what is stored about them.

2. Under the Victorian Health Records Act 2001 - basically everything is repeated as for the Privacy Act.

3. Under the Spam Act 2003, Patel would need to know that the software would not be used to send unsolicited commercial email to patients.

The relevance of the Spam Act is a bit of a stretch, I grant you, but three actions are needed. Maybe I could have unpacked required actions from the Privacy Act and just used those. The question did not demand three different laws to be quoted; it asked for three actions, and there's no reason they could not have been based on a single relevant law. I went the difficult route to show you how the question might have been handled.

The first paragraph of the question relates onto to privacy legislation, but the rest of it only refers to "legal obligations" in general, not purely those related to privacy. So it might be relevant to bring in the Copyright Act 1968 and say that Patel must ensure the software is legally owned by the seller. Again, a stretch.

Note that the Privacy and Data Protection Act 2014 is not relevant since S&BH is not a state government body or agency.

Also, the only other legislation - the Charter of Human Rights & Responsibilities Act (Vic) 2006 - doesn't have any relevance to this case.

Hmmm. The 'three' in the question was not highlighted, as numeric parameters usually are.

Most students were able to list at least one action that should be taken to ensure Soul & Body met their legal obligations; however, students should re-read their responses to ensure they are not repeating similar actions. There were a number of possible appropriate answers. The following are examples of possible responses.

  • Patel must make sure he has the consent of patients to allow the software to handle their information.
  • Create an open and easily accessible Privacy Policy in accordance with APP1 of the Australian Privacy Policy.
  • All information provided to the data mining company should be void of any identifying patient information.
    Patients should be given the opportunity to opt out of the program at any point of time.

Average mark 1.4/3





Question 11 (4 marks)

Soul & Body Health’s new software will be able to connect to the national healthcare system so that patient healthcare numbers can be verified.
Sue-Lee would like to be able to check that the data that will be used by Soul & Body Health’s new software has integrity.

List two characteristics of data that has integrity and explain one method Sue-Lee could use to check the integrity of the data. (A healthcare number contains 10 digits, as shown on the card above.)

Data with integrity is: complete; accurate; up-to-date; internally consistent; valid; trustworthy; authentic.


Any one of these:

A type check could discover if a number contained any character other than a digit or space.

An existence check could find numbers that have not been entered.

A range check could detect numbers that had the wrong number of digits.

The characteristics of data that has integrity include accuracy, timeliness, reasonableness, authenticity and correctness, as listed in Unit 4 of the study design. Familiarity with these key knowledge terms allowed students to provide detailed and accurate responses; however, while many students knew these terms, many were unable to explain a method to check this data integrity. The following is an example of a high-scoring response.

When a healthcare number is entered into the software, a validation check should be performed to ensure that the input is indeed a possible healthcare number and hence reasonable. The check would confirm that the input was a 10 digit number.

Average mark 1.3/4





Question 12 (8 marks)

The Keep Fit app will record all exercise that a patient does and calculate the energy used. It will give the patient a choice of exercise style and then ask questions such as distance travelled and how much time the exercise took.
One exercise that can be selected is running. The app takes into account the patient’s weight and any other special factors in a disability index that a physiotherapist can set.
The patient’s average speed can be calculated by dividing the distance covered by the time taken.
The algorithm to do this is complicated and will work properly only for speeds greater than 1 km/h and less than 30 km/h. This is considered a satisfactory range.

a. It is necessary to make sure that the speed is within these limits. What is this input testing called? 1 mark


I assume that's what they want to hear. The 'appropriate answer' below shows the question was ambiguously worded. "Validation" is correct too.

The most appropriate answer was range checking.

Average mark 0.6/1

b. Sue-Lee has written the following pseudocode to check that the speed meets this range.


Again, the exam's indentation is incorrect. The second line should be pushed in.
They also neglected to bolden 'And' and 'Then' in line 3. Sloppy editing.

Onto the step.

Naughty Examiner

Complete the following test data table to fully test this pseudocode. 4 marks



Expected results

Actual results



ValidSpeed = True

ValidSpeed = True



ValidSpeed = False

ValidSpeed = True



ValidSpeed = False

ValidSpeed = True



ValidSpeed = False

ValidSpeed = False



ValidSpeed = False

ValidSpeed = False

Again, the tiny "=" in the pseudcode is the villain. It always is.
Agatha Christie once wrote a Miss Marple mystery and the killer turned out to be an equals sign.
Sadly, it was never published because Agatha by that time was clinically insane.

Students are encouraged to use their skills with desk checking and trace tables to work through the algorithm and avoid assuming results. The most appropriate set of test data would be one that checks all boundary conditions.

(The official answer was the same as mine)

Average mark 2.1/4

c. What is the invalid response produced by the pseudocode given in part b.? 1 mark

It marks speeds of 1 and 30 as valid, but it supposed to identify them as invalid.

Huh? "Response"? The pseudocode has no "response" - no message or action. Perhaps the question meant to say "What is the inappropriate action taken..."

The pseudocode range checking is incorrect. At 1 and 30, actual results are true instead of false.

Average mark 0.5/1

d. Rewrite the pseudocode given in part b. so that it works correctly. 2 marks.

To save time, just remove the two equals signs from line 3.

The official appropriate answer matched my answer.

Average mark 1/2






Question 13 (5 marks)

At the end of each day, the federal government requires a summary of who has been treated under its health plans and what treatment they received.
Sue-Lee was originally going to send this data in a simple file organised on the basis of when data was created. Now she has found out that an XML file is required.

a. In terms of the structure of the file, what advantages does an XML file have over a simple file? 2 marks.

It contains not just the raw data, but information (metadata tags) on the field names and structure of the data. This makes the file self-descriptive. It lets any database read and interpret the file as a database table.

Students are required to have knowledge of the formatting and structural characteristics of input and output, including XML file formats. This area is new to the course and many students struggled with describing this with any level of technical detail. Students need to ensure they are able to define all key terms. Using a glossary of terms throughout the course may assist.
The following is an example of a high-scoring response.

XML files are structured using tags to give data meaning in any program. They allow for structure and meaning to be conserved when transporting data, whereas simple files are seen to lack structure/meaning due to them only storing raw data as opposed to structured data.

Average mark 0.4/2

b. The federal government requires the transmission of this file via a virtual private network (VPN). Explain one advantage of using a VPN over another form of transmission. 3 marks.

It's a private, encrypted channel using the normal internet infrastructure, so it's relatively cheap and easy to set up (compared to laying a private cable from point A to point B), yet it is very secure.

As in other areas requiring technically accurate information, in general, students struggled to provide a clear explanation of a virtual private network and its advantage over another form of transmission. It is important for students to fully read the question and their response to ensure all parts of the question are covered. In this question students failed to address the part that required a comparison to another form of transmission.
The following is an example of a high-scoring response.

A VPN creates an encrypted connection through which to send data. This is good as encrypted information is practically unreadable by anyone without a decryption key. In contrast, plan text message are easily intercepted and read by unauthorised personnel.

Average mark 0.7/3

That's it. All done for another year.



Section C summary

Section C was a bit more gentle than in some previous years that threw up nasty and complicated code walkthroughs or stack simulations.

The formatting of the pseudocode was just plain sloppy. The indentation and bolding of the keywords was all over the shop.

More room to answer sometimes needs to be provided.

The examination of new theory (e.g. hash functions) was handled with care and grace.

The wording of some questions was dubious, for example C5 asking for a data flow from an entity that has no such flow provided in the case study.

C8b was weird. Students are supposed to be experts on mobile phone communication technology? If you want to examine SSL/TLS, do that. Don't muddy the water.


Back to the IT Lecture Notes index

Back to the last page you visited

Created 10 November 2016

Last changed: November 17, 2017 1:15 PM

Original Content © Mark Kelly 2016
Images and questions are © Victorian Curriculum and Assessment Authority 2016.
Reproduced here with permission for educational purposes.

Thanks, VCAA!

VCE IT Lecture notes © Mark Kelly