Analyzing Application Assessments Flashcards

1
Q

A comprehensive testing program validates the effectiveness of protecting confidentiality,
integrity, and availability

A

Software Assessments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Process of reviewing uncompiled source code either manually or using automated
tools

A

Static Code Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The process of validating software design through mathematical modeling of
expected inputs and outputs

A

Formal Verification Method

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Beta testing by the end users that proves a program is usable and fit-for-purpose
in real-world conditions

A

User Acceptance Testing (UAT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The process of checking that updates to code do not compromise existing security
functionality or capability

A

Security Regression Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The process of analyzing the structure of hardware or software to reveal more
about how it functions

A

Reverse Engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Software that has been assembled into the binary instructions that are expressed
as hexadecimal digits native to the processor platform

A

Machine Code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Reverse engineering software that converts machine language code into assembly
language code

A

Disassembler

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A compiled software program is converted to binary machine code using the
instruction set of the CPU platform and is represented in human-readable text

A

Assembly Code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A reverse engineering tool that converts machine code or assembly language
code to code in a specific higher-level language or pseudocode

A

Decompiler

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Code that is easier for humans to read, write, and understand

A

High-level Code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The execution of a compiled program to analyze the way it executes and interacts
with a system or network

A

Dynamic Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A dynamic testing tool used to analyze software as it executes

A

Debugger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A software testing method that evaluates how software performs under extreme
load

A

Stress Test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A dynamic code analysis technique that involves sending a running application
random and unusual input to evaluate how the application responds

A

Fuzzing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A vulnerability testing tool designed to identify issues with web servers and web
applications

A

Web Application Scanners

17
Q

Vulnerability scanner that can be used to identify known web server
vulnerabilities and misconfigurations, identify web applications running on a
server, and identify potential known vulnerabilities in those web applications

A

Nikto

18
Q

A proprietary interception proxy and web application assessment tool

A

Burp Suite

19
Q

Software that sits between a client and server (a Man-in-the-Middle) and allows
requests from the client and responses from the server to be analyzed and
modified

A

Interception Proxy

20
Q

An open-source interception proxy and web application assessment tool written
in Java

A

OWASP Zed Attack Proxy (ZAP)