Applications Security

Question 1

Aggregation Database Threat

Answer 1

Access of part of classified information by unauthorized users.

Question 2

Basic Constructive Cost Model(COCOMO)

Answer 2

Determines the total number of months a project will take to complete.

Question 3

Bypass Attacks

Answer 3

Going around security mechanisms to access unauthorized information.

Question 4

Common Object Request Broker Architecture(CORBA)

Answer 4

Allows all components to process requests and responses from each other.

Question 5

Component Object Model(COM)

Answer 5

Addresses software components and their functions. Functions are not dependent on rules of language

Question 6

Concurrency Database Threat

Answer 6

Simultaneous activity on a single point of data

Question 7

Configuration Management

Answer 7

Is a mechanism that monitors the entire Software Life Cycle. It addresses change control and ensures all personnel remain accountable for their part of the process.

Question 8

Contamination

Answer 8

Incorrect or incomplete data is entered into the database

Question 9

Data Mining

Answer 9

A method of analyzing that data stored within a data warehouse. Performed using queries.

Question 10

Data Warehouse

Answer 10

Database management mechanism that allows the storing of data from multiple databases. It requires all data to be of similar type.

Question 11

Deadlocking

Answer 11

Simultaneous attempts to access a single point of data, causing both users to be denied access.

Question 12

Detailed COCOMO

Answer 12

Determines development time and cost using the basic method as well as personnel and hardware constraints, tools, etc.

Question 13

Distributed Componenet Object Model (DCOM)

Answer 13

Same as COM but works with distributed systems.

Question 14

Distributed Database System

Answer 14

Utilizes data from multiple source databases, which reside in different places.

Question 15

Function Point Measurement Model

Answer 15

Determines development time using input types from both external and internal sources, file types, and external inquiries.

Question 16

Hierarchical Database System

Answer 16

Utilizes a tree structure with all data stemming from a root and branching into parent and child relationship

Question 17

Iterative Software Development Model

Answer 17

A method of designing and creating software that separates a project into smaller more manageable pieces, allowing independent development of each piece.

Question 18

Name 2 different Iterative Software Development Model Types

Answer 18

1. Joint Analysis Development (JAD) ? Involves end users and developers during all phases
2. Rapid Application Development(RAD) ? uses unmovable deadlines to drive the project

Question 19

Name 3 different Iterative Software Development Models

Answer 19

1. Object Oriented Programming(OOP) ? canned code i.e. VB, Java.
2. Sprial Model ? uses prototypes
3. Cleanroom ? used when projects need accreditation and certification.

Question 20

Name 3 different Waterfall Software Development Models

Answer 20

1. Computer Aided Software Engineering(CASE) ? commonly used with large projects.
2. Structured Programming Development Model(SPDM) ? often pieces are developed separately.
3. Systems Development Life Cycle(SDLC) ? Uses project management to control development.

Question 21

Name the 3 processed for Change Control

Answer 21

1. Request
2. Process
3. Release

Question 22

Name the 5 levels of the Software Capabiltiy Maturity Model

Answer 22

1. Initiate
2. Repeatable
3. Defined
4. Managed
5. Optimized

Question 23

Object Linking and Embedding (OLE)

Answer 23

Allows computer wide components to function with all software types.

Question 24

Object Oriented Database System

Answer 24

Utilizes multiple data types, which are located using objects stored in the data keying tothe actual item (i.e. active directory)

Question 25

Object Request Broker (ORB)

Answer 25

Addreses System components.

Question 26

Online Transaction Processing (OLTP)

Answer 26

Using unauthorized query tools to access the database.

Question 27

Open Database Connectivity (ODBC)

Answer 27

Allows for database access using SQL

Question 28

Polyinstantiation Database Threat

Answer 28

Storing of identical data in multiple locations.

Question 29

Relational Database System

Answer 29

Utilizes a column and row data orientation with headers and primary keys to locate attributes (i.e. Access)

Question 30

Security Controls

Answer 30

The mechanisms used to handle software threats. No single control will address all possible threats. (i.e. secure state, AV, Backup, Password, Security kernal)

Question 31

Software Capability Maturity Model

Answer 31

A five level model that evaluates an organization's software development process. Higher levels of maturity indicate the project's dedication to improvement. Lower levels of maturity indicate a lack of procedure.

Question 32

Software Life Cycle Model(SLIM)

Answer 32

Determines the total number of months a project will take to complete and its cost using the number of software instructions for a simple project to estimate the end result.

Question 33

Waterfall Software Development Model

Answer 33

Requires edit completion before moving to the next phase. No changes are allowed to a past phase.

Question 34

What are the 2 types of Artificial Intelligence(AI)

Answer 34

1. Expert Systems ? software program designed to answer complex questions in the form of a human export. Can incorporate fuzzy logic. 2. Neural Networks ? Functions similar to the human brain.It learns over time. Also can use fuzzy logic.

Question 35

What are the 3 types of Database Integrity?

Answer 35

1. Entity integrity ? ensures data rows have a unique identity. 2. Referential integrity ? ensures an identifier from one table references an existing correct identifier in another. 3. Semantic integrity ? ensures that database rules are enforced.

Question 36

What are the 6 stages to the Software Life Cycle

Answer 36

1. Initiation ? Key phase, prjct proposal and risk analysis. 2. Analysis ? security requirements and Baselines outlined. 3. System Specification ? explores how the software will interact with networks, internet, etc. 4. Design and Development ? Actual code is created. 5. Implementation ? software project released & installed. accreditation and certification are initiated and completed. 6. Maintenance ? any software changes or updates. Continuous audit.