Domain 4 - Software Development Security Flashcards

1
Q

An agile development method that uses pairs of programmers who work off a detailed specification

A

Extreme Programming (XP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In Software Development Security, a black box that combines code and data and sends and receives messages

A

Object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Changes the older procedural programming methodology and treats a program as a series of connected objects that communicate via messages

A

Object-Oriented Programming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Programming Languages that use subroutines, procedures, and functions

A

Procedural Languages (eg. Basic, C, Fortran, Pascal)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A software development model designed to control risk.

A

Spiral Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A development model that focuses on security in every phase

A

Software Delevelopment Life Cycle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An application development model that uses rigid phases; when one phase ends, the next begins

A

Waterfall Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Is a software that is executed directly by the CPU

A

Machine Code or Machine Language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Is a comput prgramming language instructions that are written in text that must that must be translated to machine code before execution by the CPU

A

Source Code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Is low level programming language

A

Assembly Language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

This converts assembly language into machine language

A

Assembler

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This attempts to convert machine language into assembly

A

Disassembler

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

This take source code, such as C or Basic and compile it into machine code

A

Compilers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A code that is compiled on the fly each time the program is run

A

Interpreted code. (eg. Perl, Object-Oriented Programming

Object-Oriented Programming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Is a platform independent code that is converted into machine code by the Java Virtual Machine (JVM)

A

Java Bytecode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

These are computr languages that are designed to increase a programmer’s efficiency by automating the creation of computer programming code.

A

Fourth Generation Language (4GL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

This uses programs to assist in the creation and maintenance of other computer programs

A

Computer-Aided software engineering (CASE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Is programming method where it starts with the broadest and highest level requirements (the concept of the final program) and works down toward low-level technical implementation details

A

Top Down

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Reverse of Top Down approach in programming

A

Bottom-up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Is a software that is typically released in excutable form while the source code is kept confidential.

A

Closed Software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Is software where its source code is published publicly

A

Open Source

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Is a software that is subject to intellectual property protections such as patents and copyrights

A

Proprietary Software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A software that is free of charge to use

A

Freeware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A fully proprietary software that maybe initially use free for a period of time

A

shareware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Is partially functioning proprietary software, often with key features disable. User typically make a payment to unlock those features

A

Crippleware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Its a development model that has highly overlapping steps

A

Sashimi (like japanese overlapping of fish)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What are the XP core practices?

A

Planning Paired Programming Forty hour workweek Total Customer Involvement Detailed Test Procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A rapidly develops software via the use of prototypes, dummy GUI’s, back end databases and more. It’s aim is to quickly meeting business needs of the system; technical concerns are secondary.

A

Rapid Action Development

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

is an iterative approach that breaks projects into smaller tasks, creating multiple mockups(prototypes) of system design features

A

Prototyping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Steps of SDLC Process

A
  1. Inititation
  2. System Concept DEvelopment
  3. Planning

4, Requirements Analaysis

  1. Design
  2. Development
  3. Integration and Test
  4. Implmentation
  5. Operations and Maintenance
  6. Disposition
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

This describes the process of having a third party store an archive of computer software

A

Software Escrow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

In OOP. this has the ability of performing different methods depending on the context of the input message

A

Polymorphism (many forms)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

In OOP, a method where two instances (specific objects) with the same names that contain different date

A

Polyinstantiation (many instances)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A concept used to describe an object that reuires losts of otehr objects to perform basic jobs

A

Coupling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

A concept used to describe an object that can perform most functions independently

A

Cohesion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

A middleware that connect programs to programs. They can be udr to locate objects acting as object search engine.

A

Object Request Broker (ORB)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Common Object brokers (ORB) includes

A

COM, DCOM, CORBA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Two object broker technologies by Microsoft

A

COM - Component Object Model

DCOM - Distributed Component Object Model

40
Q

What is the difference betwween Microsoft COM and DCOM?

A

COM locates objects on a local system

DCOM can locate objects over a network

41
Q

Is an opem vendor neutral networked object broker framework by the Object Management Group (OMG). Its objects communicate via a message interface, described by the interface definition language (IDL)

A

CORBA - Common Object Request Broker Architecture

42
Q

Two software development methodologies that take the concept of of obects to a higher , more conceptual design than OOP.

A

Object Oriented Analysis (OOA)

Object Oriented Design (OOD)

43
Q

Vulnerabilities that allow an attacker with (typically limited) access to be able to access additional resources.

A

Privilege Escalation

44
Q

Is a software testing method that test code passively, that is the code is not running. This includes walkthroughs, syntax checking, and code reviews.

A

Static Testing

45
Q

is a softwaretsting method that test the code while executing it.

A

Dynamic Testing

46
Q

is a software testing method that gives the tester access to program source code , data structures, variables etc.

A

White Box Software Testing

47
Q

Is software testing method where tester have no internal details; the software is treated as a blackbox that receives input.

A

Black Box Testing

48
Q

This can be use to map customer’s requirements to the software testing plan: It traces the requirements and ensures that they are being met.

A

Traceability Matrix

49
Q

What are the software testing levels?

A
  1. Unit Testing
  2. Installation Testing
  3. Integration Testing
  4. Regression Testing
  5. Acceptance Testing
50
Q

In software testing, it is a low level tests of software components, such as functions, procedures or objects

A

Unit Testing

51
Q

Testing software as it is installed and first operated

A

Installation Testing

52
Q

In software testing, testing multiple software components as they are combined into a working system; substes maybe tested, or Big Bang integration testing tests all integrated software components

A

Integration Testing

53
Q

Testing software after updates, modification or updates

A

Regression Testing

54
Q

Testing to ensure the software meets the customer’s operational requirements; when this testing is done directly by the customer, it is called “User Acceptance Testing”

A

Acceptance Testing

55
Q

Is a type of blackbox testing that enters random, malformed data as inputs into software programs to determine if they will crash

A

Fuzzing or Fuzz testing

56
Q

Is a black box testing method that seeks to identify and test all unique combinations of software inputs

A

Combinatorial Software Testing

A good example of this is the Pairwise Testing

57
Q

This describes the action taken by a security researcher after discovering a software vulnerability

A

Disclosure

58
Q

It is the controversial practice of releasing vulnerability details publicly.

A

Full Disclosure

59
Q

Is the practice of privately sharing vulnerability information with a vendor and withholding public release until a patch is available

A

Responsible Disclosure

60
Q

Is a maturity framework for evaluating and improving the software development process

A

Software Capability Maturity Model (CMM)

61
Q

What are the five levels of Software Capability Mature Model?

A
  1. Initial
  2. Repeatable
  3. Defined
  4. Managed
  5. Optimizing
62
Q

Is a structured collection of related data

A

Database

63
Q

Databases are managed by ______ which controls all access to the database and enforces the database security

A

Database Management System (DBMS)

64
Q

Is a mathematical attack where an attacker aggregates details at a lower classification to determine information at higher classification

A

Aggregation

65
Q

Is a simillar attack to aggragation but the attacker must logically deduced missing details

A

Inference

66
Q

What are the formal database types?

A

Relational (two dimensional)

Hierarchical

Object Oriented

67
Q

The simplest form of database, a text file that contains multiple lines of data , each in a standard format

A

Flat File

68
Q

A table in database is also called ____

A

Relation

69
Q

A row is a database record which is also called _____

A

Tuple

70
Q

A column in database table is called _____

A

Attribute

71
Q

A single cell (intersection of row and column) in a database is called ____

A

value

72
Q

Relational database requires a unique value called ____ in each tuple in a table

A

Primary Key

73
Q

Is a key in related database table that matches a primary key in the parent database

A

Foreign Key

74
Q
A
75
Q

Databases must ensure the integrity of of the data in the tables; this is called _____

A

Data Integrity

76
Q

____________ means that every foreign key in a secondary table matches a primary key in the parent table

A

Referential Integrity

77
Q

______ means that each attribute (column) value is consistent with the attribute data type

A

Semantic Integrity

78
Q

____ means each tuple has a unique primary key that is not a null

A

Entity Integrity

79
Q

This seek to make that data in a database table logically concise , organised, and consistent. It removes redundant data and improves the integrity and availability of database

A

Database Normalisation

80
Q

Normalisation has three rules called Forms. What are these?

A

First Normal Form(1NF)- Divide data into tables

Second Normal Form (2NF) - Move data that is partially dependent on the primary key to another table

Third Normal Form (3NF) - Remove data that is not dependent on the primary key

81
Q

The results of database query

A

Database View

82
Q

This contains a description of the database tables

A

Data Dictionary

83
Q

A data about data

A

Metadata

84
Q

A critical data dictionary component which describes the attributes and values of the database table

A

Database Schema

85
Q

______ is a log of all database transactions

A

Database Journal

86
Q

____ mirrors live database., allowing simulataneous reads and writes to multiple replicated databases by clients

A

Database Replication

87
Q

Its similar to a replicated database but all changes is made to a primary database, but clients do not access this. It serves as a live data backup of the primary

A

Shadow Database

88
Q

Is a large collection of data may store even petabytes (1000) terabytes of data

A

Data Warehouse

89
Q

This is use to search for patterns in a data warehouse. Commonly sought patterns includes signs of fraud

A

Data Mining

90
Q

The science of programming electronic computers to think more intelligently, sometimes mimicking the ability of mammal brains

A

Artificial Intelligence

91
Q

Simulate neural networks found in humans and animals

A

Artificial Neural Networks

92
Q

Creates Random Programs and assigns them a task of solving a problem

A

Genetic Programming

93
Q

Is a form of aritificial intelligence that uses knowledge base and inference engine

A

Expert System

94
Q

Is a form of artificial intelligence normally use to identify spam

A

Bayesan Filtering

95
Q
A