CISSP (Domain 4 - Software Development Security)

Question 1

Waterfall Method

Answer 1

• Traditional model
• Completion of one task goes to another
• Long term projects

Question 2

Prototyping Method

Answer 2

• Address time issues with waterfall
• Evolves each round
• Four Phases
  + initial concept, implement pt, refine, release

Question 3

Spiral Model

Answer 3

• Combination of waterfall and prototyping

- Develop initial with PT then each with Waterfall

Question 4

Software Development Life Cycle (SDLC) (7 things)

PI/FD/SD/SD/ITI/OM/D

Answer 4

• Project initiation
• Functional design analysis and planning
• System design specifications
• Software development
• Installation/Test/Implementation
• Operational/Maintenance
• Disposal

Question 5

Project Initiation - SDLC

Answer 5

Identify security requirements

Question 6

Functional Design - SDLC

Answer 6

Function to address the threat

Question 7

System Design - SDLC

Answer 7

What security technology will be used

Question 8

Software Development - SDLC

Answer 8

Write code to meet specifications

Question 9

Testing and Installation - SDLC

Answer 9

Test system components, create manuals, UAT

Question 10

Operations/Maintenance - SDLC

Answer 10

Maintain system through SLA

Question 11

Disposal - SDLC

Answer 11

Data moved to another system or discarded

Question 12

Verification

Answer 12

Test features for functionality

Question 13

Validation

Answer 13

Test system as a whole

Question 14

Computer Aided Software Engineering (CASE)

Answer 14

Tools used to help programmers/PM/Analyst for automation, debugging, and rapid prototyping

Question 15

Capability Maturity Model (5 levels)

IRDMO

Answer 15

Used to improve processes which improves output

• Initiating
• Repeatable
• Defined
• Managed
• Optimizing

Question 16

Initiating - CMM

Answer 16

Processes are disorganized, ad-hoc processes

Question 17

Repeatable - CMM

Answer 17

Processes made, established, defined, and documented

Question 18

Defined - CMM

Answer 18

Know the date it will be done

Question 19

Managed - CMM

Answer 19

% measurements of completion

Question 20

Optimizing - CMM

Answer 20

Constant process improvement

Question 21

Object Oriented Programming

Answer 21

• Closely maps to real activities in the business world
• Highly modular
• Self contained

Question 22

Classes

Answer 22

Define attributes and characteristics of the possible objects within them

Question 23

Objects

Answer 23

Software entities that are grouped into Classes

Question 24

Polymorphism

Answer 24

Two objects sent the same message but react differently.

Same input different output with different object in same class.

Question 25

Polyinstantiation

Answer 25

Creation of another version of an object using different values for its variables to ensure lower level subjects do not access data at higher classification.

Data masking

Question 26

Cohesive - Module Interaction

Answer 26

Perform single task with little help from other modules

Question 27

Coupling - Module Interaction

Answer 27

Measurement of interaction between objects. Modules should not affect each other drastically.

Question 28

Meta-Data

Answer 28

• Data about data

- Data used to describe the database and the data within it

Question 29

Open Database Connectivity (ODBC)

Answer 29

Manager between the application and the database’s.

Question 30

Data Warehousing

Answer 30

Combine data from multiple databases into a large database for information retrieval and data analysis

Question 31

Data Mining

Answer 31

Process of analyzing a database using tools that look for trends or anomalies without having the knowledge of the meaning of the data.

Massage data to be more meaningful

Question 32

Database ACID Test

Answer 32

• Atomicity: Either all changes take effect or none do
• Consistency: A transaction is allowed if it follows constraints
• Isolation: The result of the transaction are not visible until the transaction is complete
• Durability: Results of a completed transaction are permanent

*Maintain integrity of DB

Question 33

Aggregation - DB Security Attack

Answer 33

Act of combining information from separate sources to form new information for which attacker does not have access to

Question 34

Inference - DB Security Attack

Answer 34

Ability to derive additional information from learned facts about a particular system.

Lower security level indirectly portrays data at a higher level.

*Fought with Polyinstantiation

Question 35

Enterprise Java Bean (EJB) - Distributed Communication Standard

Answer 35

Intended to handle common concerns with persistence, transactional integrity, security in a standard way.

*Programmers can concentrate on object at hand

Question 36

Simple Object Access Protocol (SOAP) - Distributed Communication Standard

Answer 36

Replacement for DCOM and uses XML-based communication

Question 37

Distributed Component Object Model (DCOM)

Answer 37

Allows for objects on different systems to interact

Question 38

Common Object Model (COM)

Answer 38

Allow for simple inter-process communication between objects

Question 39

Object Linking and Embedding (OLE)

Answer 39

Provides a way for objects to be shared on a local workstation and uses COM as its foundation base

*Embedding an image in a document

Question 40

Cross Site Scripting (XSS)

Answer 40

Client makes request to web server. Web server is compromised to throw a popup with the contents of an attackers site

Question 41

5 Types of Malware

VMLTO

Answer 41

• Virus
• Worm
• Logic Bomb
• Trojan Horse
• Other Attack Types

Question 42

Malicious Code Detection

Answer 42

• *File integrity checker (checksum)
• File size increases
• Many unexpected disk access

Question 43

Virus

Answer 43

• Needs a delivery vehicle

- Program that searches out other programs and infects them by embedding a copy of itself

Question 44

Macro Virus

Answer 44

Written in macro language that is platform independent.

Programs run automatically when document is opened

Question 45

Compression Virus

Answer 45

Appends itself to executable’s on the system and compresses them by using the users permissions

Question 46

Stealth Virus

Answer 46

Hides modifications it has made and tricks anti-virus software by intercepting its requests to the OS and provides bogus information

Question 47

Polymorphic Virus

Answer 47

*Digital signature changes

Produces varied by operational copies of itself. (nothing identical)

Question 48

Multi-Partite Virus

Answer 48

Infects computer in multiple ways

• Boot sector
• Hard Drive

Question 49

Self-Garbling Virus

Answer 49

Attempts to hide from anti-virus software by modifying its own code so it doesn’t match predefined signatures

Question 50

Meme Virus

Answer 50

E-mail messages that are continually forwarded around the internet. Not a virus

Question 51

Worms

Answer 51

• Can reproduce on their own
• Self contained code

*Own mind

Question 52

Logic Bomb

Answer 52

An event triggers on a certain date/time

Question 53

Trojan Horse

Answer 53

Program disguised as another program and does stuff in backgroun

Question 54

Smurf Attack

Answer 54

Uses IP spoofing and ICMP replies in order to saturate a host

1. Spoofed IP (SRC Masked)
2. ICMP echo to broadcast destination (DST)
3. Bounced response (DST to SRC Masked IP)

Question 55

Fraggle Attack

Answer 55

Uses IP spoofing and UDP replies in order to saturate a host

1. Spoofed IP (SRC Masked)
2. UDP to broadcast destination (DST)
3. Bounced response (DST to SRC Masked IP)

Question 56

Stop Smurf Attacks (Internal/Target/Bounce)

Answer 56

Internal:
- Only let traffic from our own network out (SRC was masked)

Target:
- Block no ICMP from outside

Bounce Site:
- Block ICMP and Broadcast

Question 57

Zombies

Answer 57

Computers that make up botnet community

Question 58

Ingress Filtering - DDoS Countermeasure

Answer 58

Do not allow packets in with internal source addresses

Question 59

Egress Filtering - DDoS Countermeasures

Answer 59

Do not allow packets to leave with external source addresses

Question 60

Expert Systems - AI

Answer 60

• Computer users KB, algorithms, and rules
• Infer new facts from existing knowledge and incoming data
• Heuristic obtained through experiences and learning
• App

Question 61

Inference Engine - AI

Answer 61

• Rule based programming

- If/Then logic

Question 62

Artificial Neural Networks (ANN)

Answer 62

• The ability to remember and learn from new experiences
• Capacity to generalize
• Only good for the experience they are given

Question 63

Online Transaction Processing (OLTP)

Answer 63

Mechanisms that watch for problems and deal with them appropriately when they occur.

*Ensure transactions go properly