Chapter 7 ( Lecture 6) Flashcards
- How does a worm travel from system to system?
- Worms travel from system to system under their own power by exploiting flaws in networking software.
- Describe three benefits of using applets instead of server-side code for web applications.
- The processing burden is shifted from the server to the client, allowing the web server to handle a greater number of simultaneous requests. The client uses local resources to process the data, usually resulting in a quicker response. The privacy of client data is protected because information does not need to be transmitted to the web server.
- What are the three requirements for an operational reference monitor in a secure computing system?
- It must be tamperproof, it must always be invoked, and it must be small enough to be subject to analysis and tests, the completeness of which can be assured.
- What operating systems are capable of processing ActiveX controls posted on a website?
- Microsoft Windows platforms only.
- What type of key is selected by the database developer to uniquely identify data within a relational database table?
- Primary key.
- What database security technique appears to permit the insertion of multiple rows sharing the same uniquely identifying information?
- Polyinstantiation.
- Explain the difference between static and dynamic analysis of application code.
- Static analysis performs assessment of the code itself, analyzing the sequence of instructions for security flaws. Dynamic analysis tests the code in a live production environment, searching for runtime flaws.
- How far backward does the waterfall model allow developers to travel when a development flaw is discovered?
- One phase.
- Which one of the following malicious code objects might be inserted in an application by a disgruntled software developer with the purpose of destroying system data after the developer’s account has been deleted (presumably following their termination)?
A. Virus
B. Worm
C. Trojan horse
D. Logic bomb
D. Logic bombs are malicious code objects programmed to lie dormant until certain logical conditions, such as a certain date, time, system event, or other criteria, are met. At that time, they spring into action, triggering their payload.
- What term is used to describe code objects that act on behalf of a user and operate in an unattended manner?
A. Agent
B. Worm
C. Applet
D. Browser
A. Intelligent agents, also called bots, are code objects programmed to perform certain operations on behalf of a user in their absence.
- What portion of the change management process allows developers to prioritize tasks?
A. Release control
B. Configuration control
C. Request control
D. Change audit
C. The request control provides users with a framework to request changes and developers with the opportunity to prioritize those requests.
- Which of the following characteristics can be used to differentiate worms from viruses?
A. Worms infect a system by overwriting data on storage devices.
B. Worms always spread from system to system without user intervention.
C. Worms always carry a malicious payload that impacts infected systems.
D. All of the above.
B. The major difference between viruses and worms is that worms are self-replicating, whereas viruses require user intervention to spread from system to system. Both viruses and worms are capable of carrying malicious payloads.
- What programming language(s) can be used to develop ActiveX controls for use on an Internet site?
A. Visual Basic
B. C
C. Java
D. All of the above
D. Microsoft’s ActiveX technology supports a number of programming languages, including Visual Basic, C, C++, and Java. On the other hand, only the Java language can be used to write Java applets.
- What form of access control is concerned primarily with the data stored by a field?
A. Content-dependent
B. Context-dependent
C. Semantic integrity mechanisms
D. Perturbation
A. Content-dependent access control is focused on the internal data of each field.
- Which one of the following key types is used to enforce referential integrity between database tables?
A. Candidate key
B. Primary key
C. Foreign key
D. Super key
C. Foreign keys are used to enforce referential integrity constraints between tables that participate in a relationship.