Ch 20

Question 1

1. Which one of the following is not a component of the DevOps model?

A. Information security
B. Software development
C. Quality assurance
D. IT operations

Answer 1

Answer: A

The three elements of the DevOps model are software development, quality assurance, and IT operations

Question 2

2. Bob is developing a software application and has a field where users may enter a date. He wants to ensure that the values provided by the users are accurate dates to prevent security issues. What technique should Bob use?

A. Polyinstantiation
B. Input validation
C. Contamination
D. Screening

Answer 2

Answer: B

Input validation ensures that the input provided by users matches the design parameters.

Question 3

3. What portion of the change management process allows developers to prioritize tasks?

A. Release control
B. Configuration control
C. Request control
D. Change audit

Answer 3

Answer: C

The request control provides users with a framework to request changes and developers with the opportunity to prioritize those requests.

Question 4

4. What approach to failure management places the system in a high level of security?

A. Fail open
B. Fail mitigation
C. Fail secure
D. Fail clear

Answer 4

Answer: C

In a fail-secure state, the system remains in a high level of security until an administrator intervenes.

Question 5

5. What software development model uses a seven-stage approach with a feedback loop that allows progress one step backward?

A. Boyce-Codd
B. Waterfall
C. Spiral
D. Agile

Answer 5

Answer: B

The waterfall model uses a seven-stage approach to software development and includes a feedback loop that allows development to return to the previous phase to correct defects discovered during the subsequent phase

Question 6

6. What form of access control is concerned primarily with the data stored by a field?

A. Content-dependent
B. Context-dependent
C. Semantic integrity mechanisms
D. Perturbation

Answer 6

Answer: A

Content-dependent access control is focused on the internal data of each field.

Question 7

7. Which one of the following key types is used to enforce referential integrity between database tables?

A. Candidate key
B. Primary key
C. Foreign key
D. Super key

Answer 7

Answer: C

Foreign keys are used to enforce referential integrity constraints between tables that participate in a relationship.

Question 8

8. Richard believes that a database user is misusing his privileges to gain information about the company’s overall business trends by issuing queries that combine data from a large number of records. What process is the database user taking advantage of?

A. Inference
B. Contamination
C. Polyinstantiation
D. Aggregation

Answer 8

Answer: D

In this case, the process the database user is taking advantage of is aggregation. Aggregation attacks involve the use of specialized database functions to combine information from a large number of database records to reveal information that may be more sensitive than the information in individual records would reveal.

Question 9

9. What database technique can be used to prevent unauthorized users from determining classified information by noticing the absence of information normally available to them?

A. Inference
B. Manipulation
C. Polyinstantiation
D. Aggregation

Answer 9

Answer: C

Polyinstantiation allows the insertion of multiple records that appear to have the same primary key values into a database at different classification levels.

Question 10

10. Which one of the following is not a principle of Agile development?

A. Satisfy the customer through early and continuous delivery.
B. Businesspeople and developers work together.
C. Pay continuous attention to technical excellence.
D. Prioritize security over other requirements.

Answer 10

Answer: D

In Agile, the highest priority is to satisfy the customer through early and continuous delivery of valuable software.

Question 11

11. What type of information is used to form the basis of an expert system’s decision-making process?

A. A series of weighted layered computations
B. Combined input from a number of human experts, weighted according to past performance
C. A series of “if/then” rules codified in a knowledge base
D. A biological decision-making process that simulates the reasoning process used by the human mind

Answer 11

Answer: C

Expert systems use a knowledge base consisting of a series of “if/then” statements to form decisions based on the previous experience of human experts.

Question 12

12. In which phase of the SW-CMM does an organization use quantitative measures to gain a detailed understanding of the development process?

A. Initial
B. Repeatable
C. Defined
D. Managed

Answer 12

Answer: D

In the Managed phase, level 4 of the SW-CMM, the organization uses quantitative measures to gain a detailed understanding of the development process.

Question 13

13. Which of the following acts as a proxy between an application and a database to support interaction and simplify the work of programmers?

A. SDLC
B. ODBC
C. DSS
D. Abstraction

Answer 13

Answer: B

ODBC acts as a proxy between applications and the backend DBMS.

Question 14

14. In what type of software testing does the tester have access to the underlying source code?

A. Static testing
B. Dynamic testing
C. Cross-site scripting testing
D. Black box testing

Answer 14

Answer: A

In order to conduct a static test, the tester must have access to the underlying source code.

Question 15

15. What type of chart provides a graphical illustration of a schedule that helps to plan, coordinate, and track project tasks?

A. Gantt
B. Venn
C. Bar
D. PERT

Answer 15

Answer: A

A Gantt chart is a type of bar chart that shows the interrelationships over time between projects and schedules. It provides a graphical illustration of a schedule that helps to plan, coordinate, and track specific tasks in a project.

Question 16

16. Which database security risk occurs when data from a higher classification level is mixed with data from a lower classification level?

A. Aggregation
B. Inference
C. Contamination
D. Polyinstantiation

Answer 16

Answer: C

Contamination is the mixing of data from a higher classification level and/or need-to-know requirement with data from a lower classification level and/or need-to-know requirement.

Question 17

17. What database security technology involves creating two or more rows with seemingly identical primary keys that contain different data for users with different security clearances?

A. Polyinstantiation
B. Cell suppression
C. Aggregation
D. Views

Answer 17

Answer: A

Database developers use polyinstantiation, the creation of multiple records that seem to have the same primary key, to protect against inference attacks.

Question 18

18. Which one of the following is not part of the change management process?

A. Request control
B. Release control
C. Configuration audit
D. Change control

Answer 18

Answer: C

Configuration audit is part of the configuration management process rather than the change control process.

Question 19

19. What transaction management principle ensures that two transactions do not interfere with each other as they operate on the same data?

A. Atomicity
B. Consistency
C. Isolation
D. Durability

Answer 19

Answer: C

The isolation principle states that two transactions operating on the same data must be temporarily separated from each other such that one does not interfere with the other.

Question 20

20. Tom built a database table consisting of the names, telephone numbers, and customer IDs for his business. The table contains information on 30 customers. What is the degree of this table?

A. Two
B. Three
C. Thirty
D. Undefined

Answer 20

Answer: B

The cardinality of a table refers to the number of rows in the table while the degree of a table is the number of columns.