Skip to content

Quiz: Graph Traversal and Dependency Analysis

Test your understanding of dependency tracing, blast radius calculation, impact analysis, and configuration drift with these review questions.

1. What is the distinction between an upstream dependency and a downstream dependency when analyzing an application component?

  1. Upstream dependencies are those deployed to production, while downstream dependencies remain in staging or development environments
  2. Upstream dependencies are the components a given component depends on, while downstream dependencies are the components that depend on it
  3. Upstream dependencies exist only at the network layer, while downstream dependencies exist only at the application layer
  4. Upstream dependencies are defined in configuration files, while downstream dependencies are discovered automatically at runtime
Show Answer

The correct answer is B. Upstream dependencies are the components that a given component requires in order to function—the things it calls or consumes. Downstream dependencies are the components that call or consume the given component. Tracing upstream from a failing application helps identify the root cause; tracing downstream from a failing component reveals which other services are impacted.

Concept Tested: Upstream Dependency / Downstream Dependency

2. A database server hosts three production databases that are dependencies for seven applications, which together support four Tier-1 business services. What does "blast radius" refer to in this scenario?

  1. The physical area of the data center affected by a hardware failure in the server room
  2. The set of all downstream components—applications and business services—that would be affected if the database server fails
  3. The number of database backups that would need to be restored in the event of a disk failure
  4. The financial penalty incurred when a Tier-1 SLA is breached due to a server outage
Show Answer

The correct answer is B. Blast radius is the complete set of downstream components affected by a component's failure. In this scenario, the blast radius of the database server includes all three databases, all seven applications that depend on those databases, and all four Tier-1 business services those applications support. Graph traversal calculates this automatically in milliseconds by following incoming dependency edges from the failed component upward.

Concept Tested: Blast Radius

3. During a production incident, a graph-based root cause analysis query returns multiple upstream components marked as DEGRADED or FAILED. Why are the components farthest upstream most likely to be the root cause?

  1. Components farther upstream have been deployed longer and accumulate more bugs over time
  2. Failures propagate downstream, so a component failing at depth N causes dependent components closer to the symptom to also show degraded health
  3. Graph databases discover components farther upstream first because they have fewer edges and are queried more quickly
  4. The farthest upstream components are always infrastructure-level servers, which fail more frequently than software components
Show Answer

The correct answer is B. Failures propagate downstream through dependency relationships. When a root cause fails, it causes its dependent components (closer to the user-facing symptom) to also fail or degrade. Components nearest to the reported symptom are often showing effects rather than causes. A failing database (upstream) causes dependent applications (downstream) to throw errors—the application is showing a symptom, not the cause.

Concept Tested: Root Cause Analysis

4. What differentiates a Change Impact Assessment from general Impact Analysis in IT operations?

  1. Change Impact Assessment is performed after a change is deployed and any problems arise, while Impact Analysis is performed before any changes
  2. Change Impact Assessment is a proactive evaluation of proposed changes before implementation, while Impact Analysis is a general term for assessing consequences of any event including failures
  3. Change Impact Assessment is limited to hardware changes, while Impact Analysis covers software deployments and configuration updates
  4. Change Impact Assessment requires manual approval from a change advisory board, while Impact Analysis can be run automatically by monitoring tools
Show Answer

The correct answer is B. Change Impact Assessment is specifically proactive—it evaluates proposed changes before they are implemented to identify which services, teams, and customers would be affected. General Impact Analysis is broader, encompassing assessment of any event's consequences including failures, outages, and capacity changes. Change Impact Assessment integrates with change management workflows to prevent "we didn't know this would break everything" incidents.

Concept Tested: Change Impact Assessment

5. A dependency chain is found between a business service and a server spanning 7 hops. Why does a longer dependency chain represent greater architectural fragility?

  1. Longer chains require more storage in the graph database, reducing query performance proportionally
  2. Each hop in the chain represents an additional potential failure point, and longer chains have a higher cumulative probability of experiencing at least one failure
  3. Dependency chains longer than 5 hops cannot be queried in real time, requiring batch analysis that delays incident response
  4. Business services and servers should always be in the same physical location, so any chain longer than 3 hops violates architecture standards
Show Answer

The correct answer is B. Every hop in a dependency chain represents a component that could fail independently. If each component has 99.9% reliability, a 7-hop chain has an overall reliability of approximately 99.3% (0.999^7)—lower than any individual component. Longer chains also add latency, create more complex deployment ordering requirements, and make debugging more difficult. Shorter, simpler chains with fewer dependencies improve resilience.

Concept Tested: Dependency Chain

6. Which of the following describes a circular dependency, and what problem does it create for deployment ordering?

  1. A dependency that spans multiple data centers, requiring network latency tolerance in the dependent application
  2. A situation where component A depends on B, B depends on C, and C depends back on A, making it impossible to determine a safe deployment order without simultaneous deployment of all components in the cycle
  3. A dependency relationship that is duplicated in both directions—DEPENDS_ON from A to B and DEPENDS_ON from B to A as separate edge records
  4. A dependency where an application depends on a deprecated API version that is scheduled for removal in the next release
Show Answer

The correct answer is B. A circular dependency creates a logical deadlock for deployment ordering: you cannot deploy A before B is available, cannot deploy B before C is available, and cannot deploy C before A is available. This forces coordinated simultaneous deployment of all components in the cycle, which is complex and risky. Circular dependencies also complicate failure recovery and unit testing, and typically indicate architectural tight coupling that should be refactored.

Concept Tested: Circular Dependency

7. How does service mapping differ from business service mapping, and why does the distinction matter for incident response communication?

  1. Service mapping is performed manually by architects, while business service mapping is performed automatically by monitoring tools
  2. Service mapping documents how technical components connect to each other, while business service mapping connects those technical components to the business capabilities they deliver—enabling business-language impact communication during incidents
  3. Service mapping covers only internal services, while business service mapping includes external third-party services and cloud providers
  4. Service mapping creates visual diagrams, while business service mapping produces financial reports on service costs and return on investment
Show Answer

The correct answer is B. Service mapping documents technical interdependencies—how services call each other, which applications depend on which databases. Business service mapping extends this by connecting the technical graph to business capabilities: "This database supports this application, which implements this technical service, which enables Online Banking." During incidents, this mapping allows teams to instantly translate "db-prod-01 is down" into "Online Banking is unavailable, impacting $150K/hour revenue and 50,000 customers"—information that drives executive decisions.

Concept Tested: Business Service Mapping

8. What is configuration drift, and why is it particularly dangerous for IT security and compliance?

  1. Configuration drift describes the gradual improvement of system configurations as administrators apply best practices over time, which can occasionally conflict with older compliance policies
  2. Configuration drift occurs when systems deviate from their intended configuration, potentially creating security vulnerabilities, inconsistent behavior, and compliance violations that are invisible until an audit or incident reveals them
  3. Configuration drift is a feature of modern infrastructure-as-code tools that allows configurations to adapt automatically to changing workload patterns without manual intervention
  4. Configuration drift refers to the latency introduced when configuration changes replicate across geographically distributed servers in a multi-region deployment
Show Answer

The correct answer is B. Configuration drift occurs when systems deviate from their intended state through manual changes, failed automation, or incomplete deployments. The danger lies in invisibility: a server missing security patches, a firewall with an extra open port, or an application pointing to the wrong endpoint may not cause immediate failures but creates security vulnerabilities, compliance violations, and unpredictable behavior. Drift detection in IT management graphs compares observed state against expected state to surface these hidden deviations proactively.

Concept Tested: Configuration Drift

9. Dynamic topology differs from a static dependency map in which important way?

  1. Dynamic topology uses three-dimensional visualizations, while static maps use flat two-dimensional diagrams
  2. Dynamic topology maintains accuracy through continuous automated discovery and updates, while static maps become outdated as infrastructure changes without corresponding documentation updates
  3. Dynamic topology is calculated on demand when an incident occurs, while static maps are precomputed and stored for quick access
  4. Dynamic topology covers only cloud resources that change frequently, while static maps document on-premises infrastructure that rarely changes
Show Answer

The correct answer is B. A static dependency map is a snapshot that becomes obsolete as infrastructure evolves—new services appear, relationships change, and components are decommissioned. Dynamic topology uses continuous automated discovery to keep the graph current, detecting new dependencies, modified configurations, and removed components in near real-time. This accuracy is critical for incident response, where decisions based on stale maps can send responders down the wrong diagnostic path.

Concept Tested: Dynamic Topology

10. A graph query identifies that the same database component appears in the dependency chains of both a Tier-1 customer-facing business service and an internal reporting application. Why is this information architecturally significant?

  1. It means the database needs to be documented separately in two different configuration management systems to satisfy compliance requirements for each application type
  2. It reveals a shared dependency that creates correlated risk—a database failure would simultaneously impact both the critical customer-facing service and the internal application, and any changes require coordination with both teams
  3. It indicates a data governance violation because customer data and internal reporting data should never share the same database infrastructure
  4. It shows that the database has been over-provisioned and could be split into two smaller databases to reduce costs
Show Answer

The correct answer is B. When multiple services share a dependency, a failure in that dependency causes correlated failures—both services fail simultaneously rather than independently. This shared dependency also means any change to the database (patching, schema changes, performance tuning) must be coordinated with both application teams. The shared component may require a higher SLA than either individual service needs, since it serves both. Graph-based blast radius analysis reveals these shared dependencies that might otherwise be discovered only during an incident.

Concept Tested: Impact Analysis