Chapter 20 – Software Development Security

Question 1

1. Which one of the following is not a component of the DevOps model?
   Information security

Answer 1

Information security

Question 2

2. Bob is developing a software application and has a field where users may enter a date. He wants to ensure that the values provided by the users are accurate dates to prevent security issues. What technique should Bob use?
   Input validation

Answer 2

Input validation

Question 3

3. What portion of the change management process allows developers to prioritize tasks?
   Request control

Answer 3

Request control

Question 4

4. What approach to failure management places the system in a high level of security?
   Fail-secue

Answer 4

Fail-secure

Question 5

5. What software development model uses a seven-stage approach with a feedback loop that allows progress one step backward?
   Waterfall

Answer 5

Waterfall

Question 6

6. What form of access control is concerned primarily with the data stored by a field?
   Content-dependent

Answer 6

Content-dependent

Question 7

7. Which one of the following key types is used to enforce referential integrity between database tables?
   Foreign key

Answer 7

Foreign key

Question 8

8. Richard believes that a database user is misusing his privileges to gain information about the company’s overall business trends by issuing queries that combine data from a large number of records. What process is the database user taking advantage of?
   Aggregation

Answer 8

Aggregation

Question 9

9. What database technique can be used to prevent unauthorized users from determining classified information by noticing the absence of information normally available to them?
   Polyinstantiation

Answer 9

Polyinstantiation

Question 10

10. Which one of the following is not a principle of Agile development?
    A series of “if/then” rules codified in a knowledge base

Answer 10

A series of “if/then” rules codified in a knowledge base