Webserver use, configuration and management
The exam this year was quite poor with an average mark of 46% (about the same as last year), and 12 people failed out of 43 who took it (last year 20 out of 55 did). 2 of the failures were due to absence from the exam. However, the top score was an excellent 83, indicating that the unit was by no means impossible.
Despite giving lots of specific advice about how to answer the questions relating to the scenario, a few people drew nothing relevant out from it. Instead, their answers were full of generic material clearly copied (and often inaccurately, indicating lack of understanding) from the lecture notes.
I suspect students did badly for one or more of the following reasons:
There were also students who failed because of bad exam technique, exemplified by:
Hopefully the 12 failing students will now address the course seriously, otherwise they are likely to repeat their failure in the resit exam.
A nice easy question about requirements to start off! This was reflected by it being the highest scoring question. Most people were able to say that they would talk to staff and read existing documentation and observe existing system(s). The most common reason for losing marks was to give an answer about the requirements process in the abstract rather than about Supercars. Another problem was giving a non-functional requirement to the part of the question that specifically asked for a functional one, and vice-versa.
The first part of this was about the DocumentRoot and ServerName directives. An occasional mistake was to misread the latter as ServerRoot. However the most common mistake was to fail to accurately specify the relevant httpd.conf entries.
The second part of the question asked you to give a file path - some students clearly don't know what a file is! More confused this with the HTTP request that would be sent - many obviously believing that the URL -> file path mapping is done on the client rather than the server.
The third part usually generated an answer that mentioned the HTTP 404 response, but clearly some students are confused by what the server and client each do. One thing: the server never responds with nothing.
This question was about CGI. Answers fell into four groups:
The alternatives to CGI were generally competently described, but few people made a specific recommendation, and virtually nobody justified their recommendation based on any element of the scenario. I recall that one person did use an element of the scenario to justify their recommendation, but in my view made the wrong recommendation based on it! I marked that sympathetically.
This was about security policy. Most people came up with 3 sensible answers for the issues to be included. In the second part, the most common problem was not giving specific examples, as required by the question.
This was the most popular of the optional questions to answer.
Most people who answered this question said that emailing a new password to the user was the best way of solving the problem of forgotten passwords. The discussion of whether this was a good approach or not, and whether other information should be used to verify the identity of the user, was variable. For example, asking the user to give their mother's maiden name (or similar personal information) isn't very useful. Since this is not one of the pieces of information the web site holds on its users, how would the system know whether the answer was correct?
In the second part, many people gave good attempts at coming up with roles - common ones included player, coach, referee, administrator. I was generous in marking the functionality associated with each role - any reasonable answer was credited, even if it isn't actually a function that BAFA provides.
Incredibly, a large number of people who attempted the first part did NOT attempt the second part. Some who did attempt the second part thought that by roles I meant security issues, but what was required should have been clear from the lecture session we held on that topic.
12 people attempted this question. In the first part, there was considerable confusion between the ways of passing data and the HTTP methods that use them (i.e. GET, POST, etc.). In the second part, the most common fault was not providing the steps in sufficient detail. In the third part, we had some novel and innovative environment variables mentioned that are not part of CGI, but in the main those people who attempted it scored highly. Again, a number of people omitted parts of this question.
This was the question about DNS. In the first part, most people made reasonable points about choosing a name like supercars.co.uk, but several omitted to explain how you check whether it was available, and register it if it was.
The second part (about DNS lookup) asked you basically to reproduce an example I went through in the lectures. Few people did so effectively, perhaps indicating a lack of note-taking ability on the part of the rest. A few people did poorly through lack of detail.
This was the open-ended essay question about the future of the web and web applications. There were no appalling answers, but no excellent ones either. This reflects that the majority just wanted to give their opinion without backing it up with any evidence or argument.
General moan about poor handwriting, but I've seen worse.
Spelling of chauffeur was appalling - I kept wondering why people were writing about "chuffers", something to do with "chuffer trains" perhaps? It's not as if the word did not appear on the exam paper. This is a place where copying is allowed!!
Only a minority of students followed the instruction on the answer book to commence each question on a new page.
Many students ignored the instruction on the answer book to insert the numbers of the questions answered on the front cover.