4452 - Testing Final

Question 1

What does statistical testing reflect and what does it measure?

Answer 1

reflects: frequency of user inputs
measures: system reliability

Question 2

What does defect testing discover?

Answer 2

system defects

Question 3

What are the 4 testing stages?

Answer 3

1. unit testing
2. integration testing
3. system testing
4. user/acceptance testing

Question 4

What is unit testing?

Answer 4

the testing of individual components

Question 5

What is integration testing?

Answer 5

the testing of interactions between components

Question 6

What is system testing?

Answer 6

testing the complete system prior to delivery

Question 7

What is acceptance testing?

Answer 7

testing done by end users to ensure that the system delivers on business and user needs

Question 8

What is black box testing?

Answer 8

Its where something is inputted to the system and then the output is compared to the expected output

Question 9

What is white box testing?

Answer 9

Its where the input is selected with explicit knowledge of the internal workings of the system

Question 10

What types of testing are included in the white box test suite?

Answer 10

• edge (decision) testing
• path testing
• statement testing
• condition testing

Question 11

What is regression testing? What does it ensure?

Answer 11

• Regression testing is used to make sure that a defect fix, added functionality, really any changes to the code does not change functionalities or behaviors that should not be affected
• ensures that modified code has not broken the code it modified

Question 12

What are the two broad techniques used during unit testing?

Answer 12

functional testing and structural testing

Question 13

What are the two types of structural testing methods? What is the difference between them?

Answer 13

Control flow testing, data flow testing

- one is based on control flow graphs the other is based on data flow graphs

Question 14

What does integration testing attempt to construct?

Answer 14

the system architecture

Question 15

Integration testing wants to uncover defects associated with what?

Answer 15

interfaces

Question 16

When is integration testing complete?

Answer 16

• when all modules are fully integrated together
• when all the test cases have been executed
• when all the severe and moderate defects have been found and fixed

Question 17

What does system testing check the system against?

Answer 17

the quality requirements

Question 18

A system must be constructed in a ________ for system testing to be performed

Answer 18

an emulated environment that is as close to the real production environment as possible

Question 19

Where is acceptance testing performed and who performs it?

Answer 19

in the production environment by the end users

Question 20

what is the key difference between testing and debugging?

Answer 20

testing confirms the presence of defects, debugging actually locates and fixes them

Question 21

What are the activities in testing?

Answer 21

IDBEC:

• identify
• design
• build
• execute
• compare

Question 22

What is “built” during the build activity in testing?

Answer 22

test cases

Question 23

What are the activities in debugging?

Answer 23

LDRRe

• locate
• design
• repair
• re-test

Question 24

What is a test condition?

Answer 24

it is the goal of a test case, it is something you want to verify

Question 25

What does a test case consist of?

Answer 25

test data to be inputted and an expected output

Question 26

What is a test set?

Answer 26

a collection of test cases

Question 27

What do test scripts contain?

Answer 27

data and instructions for testing

Question 28

What is the system that performs the checking of the observed behavior referred to as?

Answer 28

oracle

Question 29

program behavior can be specified in which three ways?

Answer 29

• plain natural language
• state diagrams
• formal mathematical specifications

Question 30

What are automated oracles?

Answer 30

a pre determined input output relationship that is checked for all outputs

Question 31

What is considered completeness for functionality testing and structural testing?

Answer 31

functional; the behavior of all functional partitions are tested
structural; all statement, all branches, all loops

Question 32

What are the three reasons for test stopping?

Answer 32

1. budget exceeded or deadline needs to be met
2. desired coverage reached
3. desired level of failure intensity reached

Question 33

What does boundary value testing do?

Answer 33

targets failures in application at the boundary of the equivalence classes

Question 34

what does equivalence class partitioning do?

Answer 34

selects partitions from WITHIN equivalence classes

Question 35

boundary value testing and equivalence partitioning tests may overlap (T/F)

Answer 35

T

Question 36

What are nodes in a CFG?

Answer 36

statements or groups of statements

Question 37

what are edges in CFG?

Answer 37

the flow of control; there is an edge between i and j if j can be executed immediately after i completes

Question 38

what is statement coverage?

Answer 38

run tests until all statements have been executed

Question 39

what is edge coverage?

Answer 39

run tests until all edges in control flow graph have been executed at least once

Question 40

what is condition coverage?

Answer 40

like edge coverage but with additional attention being paid to conditionals - ensuring that all combinations have been tested

Question 41

what is path coverage?

Answer 41

ensuring that all paths (start node to end node) have been executed multiple times

Question 42

for loop based paths what test cases should you write?

Answer 42

three cases:

1. skip the loop
2. execute it once
3. execute it multiple times

Question 43

what does the driver component do in unit tests?

Answer 43

it takes test case data and passes it into the component being tested and returns the results

Question 44

what do stubs do? what MUST they use?

Answer 44

replace the modules that are subordinate to the subsystem being tested. They MUST use the modules exact interface

Question 45

why is test selection difficult?

Answer 45

because of two aspects of the input domain for the partition; its large size and complexity

Question 46

how does equivalence portioning solve the input domain size issue?

Answer 46

by creating a relatively small number of disjoint sub-domains that allow the system to be tested with N test cases for N sub domains or partitions

Question 47

what are the two objectives for test generation?

Answer 47

completeness and efficiency

Question 48

what is the difference between weak and strong equivalence class testing?

Answer 48

weak; uses one variable from each equivalence class in a test case
strong; uses the Cartesian product of the partition subset

Question 49

what is the minimum number of test cases that can be in weak equivalence class testing?

Answer 49

the number of classes in the partition with the largest number of subsets

Question 50

in strong equivalence classes the interactions between the represented values and any ______ is tested?

Answer 50

subsets

Question 51

What is the foundation for partitioning equivalence classes?

Answer 51

expected behavior

Question 52

what is the difference between normal and robust testing strategies

Answer 52

normal: equivalence classes of valid values of inputs
robust: equivalence classes of valid and invalid values of inputs

Question 53

what is efficiency for equivalence classes?

Answer 53

identify test cases using only one element from each equivalence classes

Question 54

what ratio is effectiveness evaluated on for equivalence class testing

Answer 54

failures exposed by equivalence class testing vs total failures in the system

Question 55

what is the typically effectiveness of equivalence partitioning?

Answer 55

less than 1

Question 56

what are ways to improve the effectiveness of equivalence class testing?

Answer 56

1. unambiguous and complete specifications of the requirements
2. carefully selected equivalence partitioning

Question 57

what is uni dimensional partitioning for compound data types?

Answer 57

when you consider only 1 variable at a time

Question 58

what is multi-dimensional partitioning for compound data types?

Answer 58

the input domain is the set product of the the variable inputs

Question 59

what are the 4 steps of equivalence classing?

Answer 59

1. identify the input domain
2. equivalence classing: partition the set of values of each variable into disjoint subsets
3. combine the equivalence classing
4. identify the infeasible equivalence classes

Question 60

what is the main source for identifying inputs and outputs for equivalence testing?

Answer 60

the software requirements

Question 61

input variables don’t include environmental variables (T/F)

Answer 61

F; they do

Question 62

how can equivalence classes be defined?

Answer 62

using multidimensional partitioning

Question 63

what inputs are used in infeasible equivalence classes?

Answer 63

inputs that cannot be generated during the test

Question 64

what are the three steps to boundary value testing?

Answer 64

1. partition the input domain
2. identify the boundary
3. select test data

Question 65

when does BVA work well?

Answer 65

when program to be tested is a function of several independent variables that are physically bounded quantities and when the selected test data is chosen with no consideration for the function of the program or the semantic meaning of the variable

Question 66

what do decision variables make easier?

Answer 66

to make sure all possible conditions have been accounted for

Question 67

what is logic based modeling?

Answer 67

associating conditions with actions to be performed

Question 68

what are default rules in limited entry decision tables?

Answer 68

indicate actions to be taken when none of the rules apply

Question 69

what must you ensure before using a decision table?

Answer 69

that the rules are complete and consistent

Question 70

how do you create a decision table? (what are the steps)

Answer 70

1. determine the actions, conditions and values, and how many rules you want to specify
2. encode all the possible rules and the actions for each rule
3. reduce where you can

Question 71

what is TAP?

Answer 71

test anything protocol :)

Question 72

what does it mean that drivers and stubs are considered “overhead”?

Answer 72

they must be written but are not considered part of the testing software product

Question 73

what is the mocha testing tool based off of?

Answer 73

the javasript test framework

Question 74

what runs mocha on server and client side

Answer 74

node-js and browser

Question 75

mocha tests run asynchronously (T/F)

Answer 75

True

Question 76

mocha test run in parallel (T/F)

Answer 76

False; they run serially

Question 77

what is a test runner?

Answer 77

the driver; takes test cases and returns results

Question 78

what is a test fixture?

Answer 78

a test environment used by multiple test cases

Question 79

what does TAP allows in terms of communications?

Answer 79

it allows for communication between unit tests and the test harness

Question 80

what is the test harness?

Answer 80

the automated test framework

Question 81

what was tap initially designed for and when?

Answer 81

for the perl interpreter in 1987

Question 82

what are the two inputs of the describe function in mocha?

Answer 82

the name of the test group and the all back function

Question 83

what are the two inputs of the it function

Answer 83

the name of the test case and the call back function that contains the actual test

Question 84

what is the difference between the it and describe function

Answer 84

describe –> test group (higher level)

it –> test case

Question 85

what are the 4 hooks in mocha?

Answer 85

• beforeEach
• afterEach
• after
• before

Question 86

what runs first beforeEach() or before()?

Answer 86

before

Question 87

what does SDK testing use for white box testing?

Answer 87

user code test coverage reports

Question 88

what kind of testing does api testing use?

Answer 88

black box testing

Question 89

what does api testing use of the server side?

Answer 89

REST

Question 90

what function are stubs written in for EQT?

Answer 90

beforeEach and afterEach

Question 91

what does the spy function solve?

Answer 91

it prevents the program from not calling subsequent arguments after an invalid return

Question 92

what are the three types of functional testing?

Answer 92

• equivalence class
• boundary value
• decision table

Question 93

what three basic metrics can be used to evaluate functional testing methods?

Answer 93

• effort
• efficiency
• effectiveness

Question 94

what functional testing method requires the highest identification effort?

Answer 94

decision tables

Question 95

what functional testing method requires the highest execution effort?

Answer 95

boundary value testing

Question 96

what is the most efficient functional testing technique?

Answer 96

decision tables

Question 97

How do we measure efficiency in functional testing?

Answer 97

you can’t really do it

Question 98

what is single fault assumption?

Answer 98

that faults rarely occur as the result of two or more simultaneous faults

Question 99

if single fault assumption is assumed what functional testing method should be considered?

Answer 99

equivalence class testing with robustness

Question 100

if variables are independent and refer to physical domains what functional testing method should be considered?

Answer 100

equivalence class testing

Question 101

if variables are logical quantities what functional testing methods can be considered?

Answer 101

equivalence class testing or decision table

Question 102

if variables are dependent what functional testing methods can be considered?

Answer 102

decision table

Question 103

structural testing provides test definitions relating to what?

Answer 103

• control flow
• data flow
• program language semantics
• coverage criteria

Question 104

what is used to select test data in structural testing?

Answer 104

the internal workings of the system

Question 105

data flow testing uses a test strategy based on what?

Answer 105

selecting paths through the programs control flow graph

Question 106

if a program has compound conditionals what must you ensure?

Answer 106

that all the combinations have been tested

Question 107

what is the fault assumption in path testing?q

Answer 107

that the program may make take a different path then the one expected

Question 108

what are the characteristics of a dd path graph

Answer 108

1. that all nodes are DD paths from the CFG

2. edges represent control flow between DD paths

Question 109

what graph enables the precise description of test coverage?

Answer 109

DDpath graphs

Question 110

DD path testing provides metrics and coverage criteria for what?

Answer 110

effectiveness

Question 111

what does predicate coverage aim to reduce all program predicates to?

Answer 111

a true or false (single predicate)

Question 112

for n conditions how many test cases are there typically for MC/DV coverage testing? For regular multiple decision coverage how many should there be?

Answer 112

MC/DC: n + 1

MDC: 2^n

Question 113

what is the issue with C1 (simple coverage criteria) for DD path testing?

Answer 113

it only covers all edges of the DD path but does not take into consideration dependencies between paths; for example if a variable is declared in one path and then referenced in another, they will be tested independently from each other which isn’t what happens in practice

Question 114

what is Cd and what does it solve?

Answer 114

data flow dependency modeling coverage criteria for DD path testing; ensures that all edges as well as all dependent DD path pairs are tested

Question 115

what is C2 and what are the two basic outcomes?

Answer 115

loop testing

1. traverse loop
2. exit loop

Question 116

how can C2 be extended to consider the loop index?

Answer 116

by doing a modified boundary value analysis on the index

Question 117

statement coverage ensures that all loops reach their termination condition (T/F_)

Answer 117

F; only ensures that all statement within the loop were executed

Question 118

it is not acceptable to release code based exclusively on statement coverage (T/F)

Answer 118

T

Question 119

what is the flaw with decision coverage?

Answer 119

it can produce gaps in programming languages that support short circuit logic operators (will skip the evaluation of logic if some other condition is accepted)

Question 120

what is function coverage?

Answer 120

it ensures that all functions in the program have been called

Question 121

what is call coverage?

Answer 121

ensures that all function calls in the program have been executed

Question 122

what is mutliple decision coverage?

Answer 122

ensures that all possible combinations of Boolean sub expressions occurs

Question 123

for languages without short circuit logic operators what is multiple decision coverage equal to ?

Answer 123

path coverage

Question 124

what is MC/DC?

Answer 124

multiple decision coverage but only combinations whose result can effect the decision are evaluated

Question 125

what are the problems with path testing?

Answer 125

1. the number of paths has an exponential relationship to the number of branches
2. some paths cannot be exercised due to the relationship of the data

Question 126

path coverage includes decision coverage (T/F)

Answer 126

T

Question 127

statement coverage includes decision coverage (T/F)

Answer 127

F; the other way around

Question 128

what is a baseline path?

Answer 128

corresponds to a normal execution of the program, from start node to end node, that encompasses as many decisions as possible

Question 129

what is the difference between topological feasible paths and logically feasible paths?

Answer 129

topological is strictly based on the graph, logical incorporates program logic and identifies constraints that eliminate certain paths that are present in the topological model

Question 130

what selection criteria exercises every statement or instruction?

Answer 130

C0; statement coverage

Question 131

what selection criteria exercises each branch and case statement at least once in each direction?

Answer 131

C1; branch coverage

Question 132

what selection criteria exercises each condition in a decision with all possible outcomes

Answer 132

C1p; predicate to outcome

Question 133

what selection criteria exercises every compound predicate outcome?

Answer 133

C2; multiple condition coverage (MCC)

Question 134

what selection criteria exercises every path from entry to exit?

Answer 134

C(infinite), all possible execution paths

Question 135

what is the core difference between functional and structural (path) testing?

Answer 135

functional testing is directly derived from the software quality requirements and specifications and is not based on the source code, whereas structural testing is directly based on the the source code and the resulting graph

Question 136

path testing is based on the logic of the code (T/F)

Answer 136

F; it is based on the graph

Question 137

data flow diagrams explore the events related to what?

Answer 137

the status of variables

Question 138

what are the 3 types of data flow anomalies?

Answer 138

1. variable is defined then defined again
2. variable is referenced but no defined
3. variable is defined but not referenced

Question 139

what is the difference between a defining node and a usage node in CFG?

Answer 139

a defining node is DEFINED at the statement

a usage node is USED at the statement

Question 140

what is the triple that defines def-use?

Answer 140

x - variable
d - node containing definition of x
u - statement or predicate node that uses x

Question 141

what is a du-path

Answer 141

for variable x, its a path whose first node is a definition for x and last node is a usage node for x

Question 142

what is a dc-path

Answer 142

a du-path where there are no other defining nodes for x

Question 143

what is AduP

Answer 143

a testing coverage where every du-path from every definition of every variable to every use of that definition is exercised under some test

Question 144

what does integration testing attempt to construct?

Answer 144

the system architecture

Question 145

integration testing attempts to uncover errors associated with what?

Answer 145

interfaces and interactions among units

Question 146

what are the three testing areas of integration testing

Answer 146

internal, external, interactions

Question 147

what are the three approaches to base integration testing off of and what is the associated dependency?

Answer 147

• function decomposition (functional dependency)
• call graph (interaction dependency)
• paths (flow dependency)

Question 148

what are the three types of incremental integration functional decomposition?

Answer 148

top down (module --> stub)
bottom up (module --> driver)
sandwich testing (mix of above two)

Question 149

what are the pros and cons of top down integration testing?

Answer 149

pros
- test cases can be created based on the functionality of the system
- makes sure that the majority of control points are tested early on
cons
- stubs are a waste
- stubs are tricky
- stubs make it so no significant data flow can occur until later level testing

Question 150

what is a test driver?

Answer 150

a fake routine that requires a valid subsystem and passes a test case to it

Question 151

what are the pros and cons of bottom up integration testing?

Answer 151

pros
- low level data processes are tested early on
- no stubs
cons
- you need to build test drivers which constitutes overhead
- testing may be incomplete

Question 152

how does sandwich testing work?

Answer 152

functional groups are tested alternatively between high level and low level modules, once complete its on to the next functional group

Question 153

what is the advantage to sandwich testing?

Answer 153

it has all the positives of top down and bottom down while minimizing the need for stubs or drivers

Question 154

what are the two methods of call based integration testing?

Answer 154

pair wise and neighbourhood

Question 155

what is pair wise integration testing?

Answer 155

uses test sessions that are restricted to a particular pair of units, corresponding to one edge in the call graph equally to one integration test session

Question 156

what is neighborhood integration testing?

Answer 156

where a test session makes up all nodes that are one edge away from the current node, meaning that all predecessor and successor nodes are in the session

Question 157

neighborhood testing has more test sessions than pair wise testing (T/F)

Answer 157

F; pair wise has way more

Question 158

interface based testing is behavioral (T/F)

Answer 158

F; its structural

Question 159

interaction based testing is behavioral (T/F)

Answer 159

T

Question 160

what is a source node?

Answer 160

a node where the program execution begins or resumes (in the case of control transfer from one unit to another)

Question 161

what is a sink node?

Answer 161

a node where the program terminates can be both the end of all execution or when control is transfered to another unit

Question 162

what is a module execution path (MEP)?

Answer 162

a sequence of statements that begins with a source node and ends in a sink node with no intervening sink nodes

Question 163

what is the program mechanism that transfer flow of control from one unit to another?

Answer 163

a message

Question 164

what is an MM-path?

Answer 164

a chain of MEP & messages

Question 165

what are the nodes and edges in an MM-path graph

Answer 165

nodes - MEP

edges - messages

Question 166

what three things does continuous integration try and automate?

Answer 166

the build, tests, and deployment

Question 167

what are the three key steps to the CI build cycle?

Answer 167

1. developer commits code to the source code repository
2. build server executes the master build script which does the following
   - checks source code
   - builds an executable version
   - runs other jobs like testing
3. team is notified of build results

Question 168

what is the criteria for adding new models to CI build?

Answer 168

• must be unit tested
• must be inspected/reviewed
• must have some release note

Question 169

what are the 4 types of devops processes?

Answer 169

CI - uses tools to orchestrate software changes and tests
CT - uses tools to orchestrate test environment and management
CD - uses tools to manage deliverable
CM - uses tools to run analytics

Question 170

when does regression testing occur?

Answer 170

many times throughout the life of a product

Question 171

what does regression testing ensure?

Answer 171

that changes do not affect functionalities that should not be affected

Question 172

what tests should not be included in regression tests?

Answer 172

any tests that have become obsolete as a result to the changes

Question 173

what is test re validation

Answer 173

identifying obsolete tests in regression testing

Question 174

what are the 3 types of regression testing?

Answer 174

1. test all
2. random
3. selected modification traversing tests

Question 175

what tests are included in the test all approach?

Answer 175

all valid tests from the previous versions and any new tests added to test new functionality

Question 176

what is the problem with the test all approach?

Answer 176

it may not be feasible depending on the size of the program

Question 177

what tests are included in the random approach for regression testing?

Answer 177

random tests from valid previous and new

Question 178

what is selected modified traversing testing for regression testing?

Answer 178

selecting a subset of the original test set such that the execution of the modified code against this subset implies that all functionality was carried over from the previous version, and then also testing any new test cases developed to test new functionality

Question 179

what is a “safe” regression technique?

Answer 179

where no test cases that will traverse modified code are disgarded

Question 180

the sequence of node that a test traverses in a CFG is called what?

Answer 180

its execution trace

Question 181

what are some examples of testable entities?

Answer 181

statements, decisions, branches, def-us path

Question 182

what does the naive algorithm do?

Answer 182

computes all subsets of the test set starting by the smallest subset and stops when one that covers all the entities covered by the test set is found

Question 183

what does the greedy algorithm do?

Answer 183

finds the local optimum choice at each stage and hopes to find the global optimum

Question 184

when do you use test prioritization instead of test minimization?

Answer 184

when you can’t discard any test cases due to quality requirements

Question 185

what is the goal of test prioritization

Answer 185

to identify faults as early as possible in the test process

Question 186

which tests get maximum priority?

Answer 186

tests with the most coverage

Question 187

what type of environment is system testing typically performed on?

Answer 187

a constructed by reasonably stable emulated production environment

Question 188

what is perceived performance

Answer 188

user perspective of system performance

Question 189

what are the two approaches to performance testing?

Answer 189

bench marking and profiling

Question 190

comparing performance against some pre determine criteria is called what?

Answer 190

benchmarking

Question 191

comparing performance against measures relative to the system statistics is called what?

Answer 191

profiling

Question 192

what type of performance testing measures the absolute performance of the application?

Answer 192

benchmarking

Question 193

what type of performance testing measures the run-time performance of the application?

Answer 193

profiling

Question 194

what are the typical criteria used in benchmarking?

Answer 194

execution time (cpu usage), response time and memory usage

Question 195

what are some ways to optimize to improve performance?

Answer 195

reduce I/O routines, lazy evaluation saves (computing/loading), hashing/cashing save (reloading resource)

Question 196

what is the difference between contiguous and non contiguous memory testing

Answer 196

contiguous; assigns the consecutive blocks of memory to a process requesting for memory
non contiguous; assigns the separate memory blocks at different locations in memory space in a non consecutive manner for a process requesting memory

Question 197

how do you optimize memory access?

Answer 197

changing non contiguous memory access to contiguous

Question 198

how do you improve data structures?

Answer 198

by using hash based functions and dealing with their limitations in an intelligent way

Question 199

how do you optimize evaluation saves?

Answer 199

• don’t do computation when you already know the answer
• hoist computation heavy code outside of a loop
• use dynamic programming

Question 200

what is the classic question that define profiling?

Answer 200

where is the most time being spent

Question 201

what are the two types of profiling (with definitions)

Answer 201

point; events are simple and independent

context; event consist of simple ordered events

Question 202

what is the difference between insertion and sampling profiling?

Answer 202

• insertion means writing profiling code

- sampling means monitoring cpu at regular intervals

Question 203

what is hprof?

Answer 203

a tool built into JDK for profiling

Question 204

why should you design your profiler code to be short?

Answer 204

because profiling slows down code a ton

Question 205

where should security mechanisms be positioned?

Answer 205

in subsystems and in the communication links between sub systems

Question 206

what are the 6 steps to the treat modeling?

Answer 206

1. identify assets with security quality requirements
2. create an architecture overview
3. decompose the application in terms of processes
4. identify threats
5. document threat
6. rank threat severity

Question 207

what are security testing mechanisms (VESPP)

Answer 207

vulnerability scanning, ethical hacking, security scanning, penetration testing, password crackingq

Question 208

malware exploits arise from what coding problems?

Answer 208

• buffer overflow
• format string vulnerabilities
• integer vulnerabilities

Question 209

how is a buffer overflow attack done?

Answer 209

injecting attack code into the buffer and overflow the buffer so that it jumps to the attack code

Question 210

how do you defend against an overflow buffer attack

Answer 210

• non overflow buffers testing
• array bound checking
• code pointer integrity

Question 211

what does non overflow buffer testing do?

Answer 211

makes attack code injected into input buffer non-executable

Question 212

what does array bound checking do?

Answer 212

ensure that all read and writes to arrays are within array bounds

Question 213

what does code pointer integrity testing detect?

Answer 213

if a code pointer has been corrupted before it was de-referenced

Question 214

what is XSS?

Answer 214

cross site scripting which allows you to inject code directly into contents of a website

Question 215

what is SQL injection?

Answer 215

when you fuck with queries

Question 216

what is important do not do when building SQL queries?

Answer 216

string concatenation

Question 217

what is XSSI?

Answer 217

an attack that forces the server to perform actions that the client never requested

Question 218

what is path traversal?

Answer 218

a vulnerability that allows attackers to read from folder that they don’t have access to

Question 219

what is DDOS attack?

Answer 219

an attack where a server is unable to fulfill ordinary requests

Question 220

what are configuration vulnerabilities?

Answer 220

vulnerabilities that can allow an attacker to take control of a system given that they have knowledge of the default system configuration

Question 221

what is malware?

Answer 221

any software program that works against the interest of the user

Question 222

how to antiviruses identify malware?

Answer 222

by looking for specific signatures in the code

Question 223

what are viruses?

Answer 223

self replicating programs

Question 224

what are worms?

Answer 224

malware that uses the internet to spread

Question 225

what is the difference between a worm and a virus (not internet propogation)

Answer 225

a virus requires user intervention to initiate replication, worms do not

Question 226

what is a trojan horse?

Answer 226

a seemingly innocent program that contains malware

Question 227

what is a backdoor?

Answer 227

malware that creates a covert access channel

Question 228

what is sticky software?

Answer 228

malware that prevents the user from uninstalling it manually

Question 229

what does load testing try and expose?

Answer 229

faults that would not come up under normal conditions (only occur after a long time under full load)

Question 230

what type of testing is used to evaulate software under full load?

Answer 230

stress testing

Question 231

what do availability tests verify?

Answer 231

the systems ability to recover from hardware and software failures without having adverse impacts on other functionality

Question 232

what do degreaded node test verify?

Answer 232

the ability of the system to remain operational after a portion of the system become non-operational

Question 233

what is a p-use?

Answer 233

predicate use, statement is a predicate statement

Question 234

what is a c-use?

Answer 234

computational use, statement is a computation