๐ฏ SE Scenarios Challenge
Multi-Topic Knowledge Application
Topic Coverage Progress
Security
Web Development
ML & Automation
OOP
Database
Testing
Project Management
Ethics
Completion: 0%
1
E-commerce Security Breach
"ShopSafe, a popular online shopping platform, suffered a major data breach where hackers stole 50,000 customer records including credit card information through SQL injection attacks. The breach went undetected for 3 months, and customers are now filing lawsuits."
๐ Security
๐ Web Development
๐๏ธ Database
โ๏ธ Ethics
1.1
Security
Web
Which THREE secure coding practices could have prevented this SQL injection attack?
โ
Correct Answer: A
Input validation prevents malicious SQL code from being accepted, parameterized queries separate SQL code from data, and proper error handling prevents information leakage. These are fundamental defensive coding practices for preventing SQL injection.
Input validation prevents malicious SQL code from being accepted, parameterized queries separate SQL code from data, and proper error handling prevents information leakage. These are fundamental defensive coding practices for preventing SQL injection.
๐ฌ Discuss with your tutor:
- Real-world examples: Can you think of other companies that have faced SQL injection attacks? What were the consequences?
- Prevention layers: Why isn't just one security measure enough? How do these three practices work together?
- Developer responsibility: What should developers prioritize when they're under time pressure - functionality or security? Why?
1.2
Database
Security
Write a secure SQL query to retrieve user login information that prevents SQL injection. Include proper parameterization.
๐ก Sample Answer:
Using parameterized queries (? placeholders) prevents SQL injection by separating SQL code from user data. Never concatenate user input directly into SQL strings.
SELECT user_id, username FROM users WHERE username = ? AND password_hash = ?Using parameterized queries (? placeholders) prevents SQL injection by separating SQL code from user data. Never concatenate user input directly into SQL strings.
๐ฌ Discuss with your tutor:
- Code analysis: Look at your query - what specific elements make it secure? What would an unsafe version look like?
- Database design: Why do we store password_hash instead of plain passwords? What hashing algorithms would you recommend?
- Error scenarios: What should happen if someone tries to login with invalid credentials? How do we balance security with user experience?
1.3
Ethics
Security
What are TWO ethical responsibilities ShopSafe had to their customers that they failed to meet?
โ
Correct Answer: B
Companies have ethical and legal responsibilities to protect customer data and notify customers immediately when breaches occur. The 3-month delay violated trust and prevented customers from protecting themselves.
Companies have ethical and legal responsibilities to protect customer data and notify customers immediately when breaches occur. The 3-month delay violated trust and prevented customers from protecting themselves.
๐ฌ Discuss with your tutor:
- Ethical vs Legal: What's the difference between what companies are legally required to do and what they should ethically do?
- Stakeholder impact: Who are all the different groups affected by this breach? How does the impact differ for each group?
- Corporate responsibility: Should companies face criminal charges for security negligence, or are fines enough? What would motivate better security practices?
2
Banking App Performance Crisis
"MegaBank's mobile app crashes every weekday between 9-10 AM when customers check their accounts before work. The database queries are taking 30+ seconds, and customers are switching to competitor banks. The CTO discovers poorly optimized SQL queries are causing the bottleneck."
๐๏ธ Database
๐ Web Development
๐ค ML/Automation
๐ฆ OOP
2.1
Database
Write an optimized SQL query to retrieve account balances that uses proper indexing techniques:
๐ก Sample Answer:
Key optimizations: Use indexed columns (user_id), avoid SELECT *, use specific WHERE conditions, and LIMIT results.
SELECT account_balance FROM accounts WHERE user_id = ? AND account_type = 'checking' ORDER BY last_updated DESC LIMIT 1;Key optimizations: Use indexed columns (user_id), avoid SELECT *, use specific WHERE conditions, and LIMIT results.
๐ฌ Discuss with your tutor:
- Performance trade-offs: What happens when you optimize for speed vs accuracy? How do you measure if your optimization worked?
- Database indexing: Explain how database indexes work like a book's index. What are the costs and benefits?
- Scaling challenges: This works for thousands of users, but what about millions? What architectural changes would you need?
2.2
ML
Automation
How could machine learning help predict and prevent these peak-hour crashes?
โ
Correct Answer: C
Supervised learning can analyze historical usage patterns to predict traffic spikes, allowing the system to automatically scale server resources before crashes occur.
Supervised learning can analyze historical usage patterns to predict traffic spikes, allowing the system to automatically scale server resources before crashes occur.
๐ฌ Discuss with your tutor:
- ML applications: What other business problems could this predictive approach solve? How would you apply it to different industries?
- Data requirements: What historical data would you need to train this model effectively? How much history is enough?
- Automation risks: What could go wrong if the ML system makes incorrect predictions? How do you build safety nets?
2.3
OOP
Web
Design a simple BankAccount class that demonstrates basic OOP principles:
๐ก Sample Answer:
class BankAccount:
def __init__(self, account_number, initial_balance=0):
self.account_number = account_number # Public attribute
self.__balance = initial_balance # Private attribute (encapsulation)
def deposit(self, amount):
if amount > 0:
self.__balance += amount
return True
return False
def get_balance(self): # Getter method
return self.__balance
๐ฌ Discuss with your tutor:
- OOP principles: How does this class demonstrate encapsulation with the private __balance attribute? Why use private attributes instead of public ones?
- Method design: What other methods would you add to make this a complete BankAccount class? How would you implement withdrawal with proper validation?
- Error handling: Why does the deposit method return True/False instead of just adding the amount? What banking business rules should be enforced in code?
3
Autonomous Vehicle Safety Failure
"AutoDrive's self-driving cars are failing to recognize stop signs during heavy rain, causing 3 accidents. The machine learning model was trained only on clear-weather images. The company faces potential lawsuits and government investigation."
๐ค ML/Automation
๐ Security
๐งช Testing
โ๏ธ Ethics
3.1
ML
Automation
Which ML training approach would improve weather-based recognition accuracy?
โ
Correct Answer: A
Semi-supervised learning with diverse weather conditions in training data would help the model generalize to different environmental conditions, preventing weather-related recognition failures.
Semi-supervised learning with diverse weather conditions in training data would help the model generalize to different environmental conditions, preventing weather-related recognition failures.
๐ฌ Discuss with your tutor:
- Training data bias: Why didn't the original developers consider weather conditions? What does this teach us about dataset creation?
- AI limitations: What other environmental factors could affect AI systems? How do you plan for unknown edge cases?
- Safety-critical AI: Should AI systems be allowed to make life-or-death decisions? What level of accuracy is "good enough" for autonomous vehicles?
3.2
Security
Testing
Describe TWO defensive programming practices for safety-critical systems:
๐ก Sample Practices:
1. Fail-safe defaults: System stops safely when uncertain
2. Redundant validation: Multiple sensors confirm decisions
3. Exception handling: Graceful handling of unexpected inputs
4. Timeout mechanisms: Prevent infinite loops in critical systems
1. Fail-safe defaults: System stops safely when uncertain
2. Redundant validation: Multiple sensors confirm decisions
3. Exception handling: Graceful handling of unexpected inputs
4. Timeout mechanisms: Prevent infinite loops in critical systems
๐ฌ Discuss with your tutor:
- Safety vs Performance: How do fail-safe mechanisms affect system performance? When is it worth the trade-off?
- Testing methodology: How would you test these defensive practices? What scenarios would reveal weaknesses?
- Human oversight: When should automated systems hand control back to humans? How do you design that handoff?
3.3
Ethics
What ethical principle did AutoDrive violate by not testing in diverse weather conditions?
โ
Correct Answer: A
Companies developing safety-critical systems have an ethical responsibility to thoroughly test all realistic operating conditions before public deployment to prevent harm.
Companies developing safety-critical systems have an ethical responsibility to thoroughly test all realistic operating conditions before public deployment to prevent harm.
๐ฌ Discuss with your tutor:
- Corporate ethics: Should companies be held criminally liable for AI system failures? What's the difference between negligence and accidents?
- Public trust: How do incidents like this affect public acceptance of new technology? How should companies rebuild trust?
- Regulation balance: Should governments regulate AI development more strictly, or does that stifle innovation? How do you find the right balance?
4
AI Content Moderation Bias
"SocialNet's AI content moderation system is incorrectly flagging posts from minority communities as 'hate speech' while missing actual harmful content. The training data was biased, leading to discriminatory outcomes affecting 2 million users."
๐ค ML/Automation
โ๏ธ Ethics
๐ Security
๐งช Testing
4.1
ML
Ethics
How can you reduce bias in machine learning training data for content moderation?
๐ก Bias Reduction Strategies:
1. Diverse training data: Include content from different demographics
2. Balanced datasets: Equal representation across groups
3. Regular auditing: Test model performance across different communities
4. Human oversight: Review and correct automated decisions
1. Diverse training data: Include content from different demographics
2. Balanced datasets: Equal representation across groups
3. Regular auditing: Test model performance across different communities
4. Human oversight: Review and correct automated decisions
๐ฌ Discuss with your tutor:
- Systemic bias: How do societal biases get embedded into AI systems? Can technology ever be truly neutral?
- Data collection ethics: How do you collect diverse training data without invading privacy or perpetuating stereotypes?
- Algorithmic justice: Who should decide what constitutes "fair" moderation? How do cultural differences affect these decisions?
4.2
Testing
ML
What testing methodology should be used to validate fair AI moderation?
โ
Correct Answer: B
A/B testing with diverse demographic groups helps identify if the AI system performs differently for different communities, revealing bias in real-world conditions.
A/B testing with diverse demographic groups helps identify if the AI system performs differently for different communities, revealing bias in real-world conditions.
๐ฌ Discuss with your tutor:
- Testing limitations: What are the challenges of testing AI systems fairly? How do you ensure your test groups are truly representative?
- Continuous monitoring: Should AI bias testing be a one-time check or ongoing? How do you detect bias that emerges after deployment?
- Metrics definition: How do you quantify fairness? What metrics would you use to measure if content moderation is working equally for all users?
5
Hospital Data Privacy Compliance
"MediCare Hospital must digitize patient records while complying with privacy laws and enabling medical research. The system must protect sensitive health information while allowing anonymized data analysis for disease research."
๐ Security
๐๏ธ Database
๐ค ML/Automation
โ๏ธ Ethics
5.1
Security
Apply the CIA security principles (Confidentiality, Integrity, Availability) to patient data:
๐ก CIA Applied to Healthcare:
Confidentiality: Encrypt patient data, role-based access control, audit logs
Integrity: Digital signatures, checksums, version control for medical records
Availability: Redundant systems, backup procedures, 99.9% uptime for emergency access
Confidentiality: Encrypt patient data, role-based access control, audit logs
Integrity: Digital signatures, checksums, version control for medical records
Availability: Redundant systems, backup procedures, 99.9% uptime for emergency access
๐ฌ Discuss with your tutor:
- Competing priorities: In a medical emergency, which is more important - patient privacy or immediate access to records? How do you balance these needs?
- Healthcare complexity: Why are medical systems more complex to secure than other industries? What unique challenges do hospitals face?
- Long-term impact: How do security decisions made today affect patient care 10 years from now? What are the risks of being too restrictive vs too permissive?
5.2
ML
Ethics
How can you use anonymized patient data for ML research while protecting privacy?
โ
Correct Answer: A
Privacy-by-design requires removing identifiers, using differential privacy techniques to add statistical noise, and ensuring research conclusions don't reveal individual patient information.
Privacy-by-design requires removing identifiers, using differential privacy techniques to add statistical noise, and ensuring research conclusions don't reveal individual patient information.
๐ฌ Discuss with your tutor:
- Privacy vs Progress: Does anonymizing data reduce the quality of medical research? How do you balance individual privacy with potential benefits to society?
- Re-identification risks: Even with anonymization, could sophisticated attackers still identify individuals by combining datasets? How do you prevent this?
- Informed consent: Should patients have the right to opt out of anonymized research use of their data? What are the ethical implications of both choices?
6
Gaming Platform Security
"GameForge is launching a new multiplayer platform for 10,000+ concurrent players. They need secure authentication, real-time gameplay, and an AI anti-cheat system to detect suspicious player behavior patterns."
๐ Security
๐ Web Development
๐ค ML/Automation
๐ฆ OOP
6.1
Security
Web
Design a secure user authentication system with proper encryption:
๐ก Secure Authentication Components:
1. Password hashing: bcrypt/scrypt with salt for storage
2. Multi-factor authentication: SMS/email verification
3. JWT tokens: Stateless authentication with expiration
4. HTTPS: Encrypted data transmission
5. Rate limiting: Prevent brute force attacks
1. Password hashing: bcrypt/scrypt with salt for storage
2. Multi-factor authentication: SMS/email verification
3. JWT tokens: Stateless authentication with expiration
4. HTTPS: Encrypted data transmission
5. Rate limiting: Prevent brute force attacks
๐ฌ Discuss with your tutor:
- Security layers: Why do we need multiple security measures instead of just strong passwords? How do they work together to protect users?
- User experience vs Security: How do you balance strong security with ease of use? When might users disable security features?
- Attack vectors: What are the most common ways attackers try to compromise gaming accounts? How does each security measure defend against specific attacks?
6.2
Web
What client-server architecture supports 10,000+ concurrent players?
โ
Correct Answer: A
High concurrency requires load balancers to distribute players across multiple servers, WebSockets for real-time communication, and horizontal scaling with distributed game instances.
High concurrency requires load balancers to distribute players across multiple servers, WebSockets for real-time communication, and horizontal scaling with distributed game instances.
๐ฌ Discuss with your tutor:
- Scaling patterns: What's the difference between horizontal and vertical scaling? When would you choose each approach for a gaming platform?
- Real-time requirements: Why are WebSockets better than regular HTTP for gaming? What happens to gameplay experience if there's network lag?
- Geographic distribution: How would you handle players from different continents fairly? What technical challenges arise with global multiplayer games?
6.3
ML
Automation
Create an ML algorithm to detect cheating players based on unusual behavior patterns:
๐ก Anti-cheat ML Approach:
def detect_cheating(player_stats):
# Features: accuracy, reaction time, movement patterns
features = [stats.headshot_ratio, stats.avg_reaction_time,
stats.movement_predictability]
# Supervised learning model trained on known cheaters
if cheating_model.predict(features) > THRESHOLD:
flag_for_review(player_stats.player_id)
# Anomaly detection for unusual patterns
if anomaly_detector.is_anomaly(features):
monitor_player(player_stats.player_id)
๐ฌ Discuss with your tutor:
- False positives: What happens when the system incorrectly flags skilled players as cheaters? How do you handle appeals and maintain player trust?
- Adversarial ML: How might cheaters try to fool your detection system? What cat-and-mouse game develops between anti-cheat developers and cheaters?
- Feature selection: What player behaviors might indicate cheating vs just exceptional skill? How do you distinguish between the two?
7
Smart City AI Traffic Control
"Metro City wants AI-powered traffic lights that adapt to real-time conditions, reducing commute times by 30%. The system must handle network outages, make split-second decisions, and coordinate across 500+ intersections."
๐ค ML/Automation
๐ Security
๐ Web Development
๐ Project Management
7.1
ML
Which ML algorithms work best for real-time traffic optimization decisions?
โ
Correct Answer: A
Reinforcement learning excels at real-time decision making by learning from immediate feedback (traffic flow improvements), adjusting light timing dynamically based on current conditions.
Reinforcement learning excels at real-time decision making by learning from immediate feedback (traffic flow improvements), adjusting light timing dynamically based on current conditions.
๐ฌ Discuss with your tutor:
- Learning algorithms: How does reinforcement learning differ from supervised learning? Why is RL better suited for dynamic traffic scenarios?
- Reward systems: How do you define "success" for a traffic light AI? What metrics would you use to reward good decisions?
- Exploration vs Exploitation: Should the AI sometimes try "experimental" light timings to discover better patterns? How do you balance learning with traffic disruption?
7.2
Security
Web
How do you ensure system availability during network failures at critical intersections?
๐ก Availability Solutions:
1. Local backup systems: Each intersection has autonomous operation mode
2. Redundant connections: Multiple network paths (4G, fiber, satellite)
3. Cached decision trees: Pre-computed traffic patterns for offline operation
4. Graceful degradation: Fall back to time-based signals during outages
1. Local backup systems: Each intersection has autonomous operation mode
2. Redundant connections: Multiple network paths (4G, fiber, satellite)
3. Cached decision trees: Pre-computed traffic patterns for offline operation
4. Graceful degradation: Fall back to time-based signals during outages
๐ฌ Discuss with your tutor:
- Fault tolerance design: What's the difference between high availability and fault tolerance? How do you design systems that "fail gracefully"?
- Cost vs Risk: Redundant systems are expensive - how do you decide which backup systems are worth the cost for traffic management?
- Human override: Should traffic officers be able to manually control lights during emergencies? How do you design human-AI handoff procedures?
7.3
Project Management
Plan the project timeline for citywide deployment using appropriate methodology:
โ
Correct Answer: A
Agile methodology allows iterative testing and refinement, starting with pilot intersections to validate the system before citywide deployment, reducing risk and enabling continuous improvement.
Agile methodology allows iterative testing and refinement, starting with pilot intersections to validate the system before citywide deployment, reducing risk and enabling continuous improvement.
๐ฌ Discuss with your tutor:
- Project methodology choice: Why is Agile better than Waterfall for this type of smart city project? What are the risks of each approach?
- Stakeholder management: How do you manage different city departments, politicians, and citizens during a gradual rollout? Who are your key stakeholders?
- Success metrics: How would you measure if the pilot phase is successful enough to proceed citywide? What data would you collect?
8
Inclusive Learning Platform
"EduAccess is building an online learning platform that must work for students with visual, hearing, and motor impairments. The platform needs to comply with accessibility standards while providing an engaging learning experience for all students."
๐ Web Development
๐งช Testing
โ๏ธ Ethics
๐ Project Management
8.1
Web
Apply W3C accessibility guidelines to create an inclusive web interface:
๐ก W3C Accessibility Implementation:
1. Alt text: Descriptive image alternatives for screen readers
2. Keyboard navigation: Full functionality without mouse
3. High contrast: Colors meet WCAG contrast ratios
4. ARIA labels: Semantic markup for assistive technologies
5. Captions: Text alternatives for audio/video content
1. Alt text: Descriptive image alternatives for screen readers
2. Keyboard navigation: Full functionality without mouse
3. High contrast: Colors meet WCAG contrast ratios
4. ARIA labels: Semantic markup for assistive technologies
5. Captions: Text alternatives for audio/video content
๐ฌ Discuss with your tutor:
- Universal design principles: How does designing for accessibility actually improve usability for everyone? Can you think of examples where accessible features benefit all users?
- Legal vs Ethical: Should accessibility compliance be driven by legal requirements or ethical responsibility? What's the difference in outcomes?
- Implementation challenges: What makes accessibility difficult to implement in modern web applications? How do complex interactive elements complicate accessibility?
8.2
Testing
How do you test and validate accessibility compliance?
โ
Correct Answer: A
Comprehensive accessibility testing requires both automated tools (WAVE, axe-core) to catch technical violations and real user testing with people who have disabilities to validate actual usability.
Comprehensive accessibility testing requires both automated tools (WAVE, axe-core) to catch technical violations and real user testing with people who have disabilities to validate actual usability.
๐ฌ Discuss with your tutor:
- Testing methodology: Why aren't automated accessibility tools enough on their own? What kinds of issues can only be found through human testing?
- User involvement: How do you ethically recruit people with disabilities for usability testing? What considerations ensure testing is respectful and valuable?
- Iterative improvement: How do you build accessibility testing into your regular development workflow? When in the development process should accessibility testing occur?
8.3
Web
Ethics
Design a Progressive Web App (PWA) feature that improves accessibility:
๐ก PWA Accessibility Features:
1. Offline functionality: Works without internet for consistent access
2. Push notifications: Audio alerts for hearing-impaired users
3. Installable app: Reduces navigation barriers
4. Responsive design: Works on assistive technology devices
5. Custom user preferences: Save accessibility settings locally
1. Offline functionality: Works without internet for consistent access
2. Push notifications: Audio alerts for hearing-impaired users
3. Installable app: Reduces navigation barriers
4. Responsive design: Works on assistive technology devices
5. Custom user preferences: Save accessibility settings locally
๐ฌ Discuss with your tutor:
- PWA vs Native apps: What specific advantages do PWAs offer for users with disabilities compared to traditional native apps or websites?
- Personalization ethics: How do you balance storing user preference data for accessibility while respecting privacy? What data should be stored locally vs remotely?
- Technology adoption: What barriers might prevent students with disabilities from adopting new learning technologies? How do you design for different comfort levels with technology?
Progress: