Domain 4 - Software Development Security

Question 1

An agile development method that uses pairs of programmers who work off a detailed specification

Answer 1

Extreme Programming (XP)

Question 2

In Software Development Security, a black box that combines code and data and sends and receives messages

Answer 2

Object

Question 3

Changes the older procedural programming methodology and treats a program as a series of connected objects that communicate via messages

Answer 3

Object-Oriented Programming

Question 4

Programming Languages that use subroutines, procedures, and functions

Answer 4

Procedural Languages (eg. Basic, C, Fortran, Pascal)

Question 5

A software development model designed to control risk.

Answer 5

Spiral Model

Question 6

A development model that focuses on security in every phase

Answer 6

Software Delevelopment Life Cycle

Question 7

An application development model that uses rigid phases; when one phase ends, the next begins

Answer 7

Waterfall Model

Question 8

Is a software that is executed directly by the CPU

Answer 8

Machine Code or Machine Language

Question 9

Is a comput prgramming language instructions that are written in text that must that must be translated to machine code before execution by the CPU

Answer 9

Source Code

Question 10

Is low level programming language

Answer 10

Assembly Language

Question 11

This converts assembly language into machine language

Answer 11

Assembler

Question 12

This attempts to convert machine language into assembly

Answer 12

Disassembler

Question 13

This take source code, such as C or Basic and compile it into machine code

Answer 13

Compilers

Question 14

A code that is compiled on the fly each time the program is run

Answer 14

Interpreted code. (eg. Perl, Object-Oriented Programming

Object-Oriented Programming

Question 16

Is a platform independent code that is converted into machine code by the Java Virtual Machine (JVM)

Answer 16

Java Bytecode

Question 17

These are computr languages that are designed to increase a programmer’s efficiency by automating the creation of computer programming code.

Answer 17

Fourth Generation Language (4GL)

Question 18

This uses programs to assist in the creation and maintenance of other computer programs

Answer 18

Computer-Aided software engineering (CASE)

Question 19

Is programming method where it starts with the broadest and highest level requirements (the concept of the final program) and works down toward low-level technical implementation details

Answer 19

Top Down

Question 20

Reverse of Top Down approach in programming

Answer 20

Bottom-up

Question 21

Is a software that is typically released in excutable form while the source code is kept confidential.

Answer 21

Closed Software

Question 22

Is software where its source code is published publicly

Answer 22

Open Source

Question 23

Is a software that is subject to intellectual property protections such as patents and copyrights

Answer 23

Proprietary Software

Question 24

A software that is free of charge to use

Answer 24

Freeware

Question 25

A fully proprietary software that maybe initially use free for a period of time

Answer 25

shareware

Question 26

Is partially functioning proprietary software, often with key features disable. User typically make a payment to unlock those features

Answer 26

Crippleware

Question 27

Its a development model that has highly overlapping steps

Answer 27

Sashimi (like japanese overlapping of fish)

Question 28

What are the XP core practices?

Answer 28

Planning Paired Programming Forty hour workweek Total Customer Involvement Detailed Test Procedures

Question 29

A rapidly develops software via the use of prototypes, dummy GUI’s, back end databases and more. It’s aim is to quickly meeting business needs of the system; technical concerns are secondary.

Answer 29

Rapid Action Development

Question 30

is an iterative approach that breaks projects into smaller tasks, creating multiple mockups(prototypes) of system design features

Answer 30

Prototyping

Question 31

Steps of SDLC Process

Answer 31

1. Inititation
2. System Concept DEvelopment
3. Planning

4, Requirements Analaysis

5. Design
6. Development
7. Integration and Test
8. Implmentation
9. Operations and Maintenance
10. Disposition

Question 32

This describes the process of having a third party store an archive of computer software

Answer 32

Software Escrow

Question 33

In OOP. this has the ability of performing different methods depending on the context of the input message

Answer 33

Polymorphism (many forms)

Question 34

In OOP, a method where two instances (specific objects) with the same names that contain different date

Answer 34

Polyinstantiation (many instances)

Question 35

A concept used to describe an object that reuires losts of otehr objects to perform basic jobs

Answer 35

Coupling

Question 36

A concept used to describe an object that can perform most functions independently

Answer 36

Cohesion

Question 37

A middleware that connect programs to programs. They can be udr to locate objects acting as object search engine.

Answer 37

Object Request Broker (ORB)

Question 38

Common Object brokers (ORB) includes

Answer 38

COM, DCOM, CORBA

Question 39

Two object broker technologies by Microsoft

Answer 39

COM - Component Object Model

DCOM - Distributed Component Object Model

Question 40

What is the difference betwween Microsoft COM and DCOM?

Answer 40

COM locates objects on a local system

DCOM can locate objects over a network

Question 41

Is an opem vendor neutral networked object broker framework by the Object Management Group (OMG). Its objects communicate via a message interface, described by the interface definition language (IDL)

Answer 41

CORBA - Common Object Request Broker Architecture

Question 42

Two software development methodologies that take the concept of of obects to a higher , more conceptual design than OOP.

Answer 42

Object Oriented Analysis (OOA)

Object Oriented Design (OOD)

Question 43

Vulnerabilities that allow an attacker with (typically limited) access to be able to access additional resources.

Answer 43

Privilege Escalation

Question 44

Is a software testing method that test code passively, that is the code is not running. This includes walkthroughs, syntax checking, and code reviews.

Answer 44

Static Testing

Question 45

is a softwaretsting method that test the code while executing it.

Answer 45

Dynamic Testing

Question 46

is a software testing method that gives the tester access to program source code , data structures, variables etc.

Answer 46

White Box Software Testing

Question 47

Is software testing method where tester have no internal details; the software is treated as a blackbox that receives input.

Answer 47

Black Box Testing

Question 48

This can be use to map customer’s requirements to the software testing plan: It traces the requirements and ensures that they are being met.

Answer 48

Traceability Matrix

Question 49

What are the software testing levels?

Answer 49

1. Unit Testing
2. Installation Testing
3. Integration Testing
4. Regression Testing
5. Acceptance Testing

Question 50

In software testing, it is a low level tests of software components, such as functions, procedures or objects

Answer 50

Unit Testing

Question 51

Testing software as it is installed and first operated

Answer 51

Installation Testing

Question 52

In software testing, testing multiple software components as they are combined into a working system; substes maybe tested, or Big Bang integration testing tests all integrated software components

Answer 52

Integration Testing

Question 53

Testing software after updates, modification or updates

Answer 53

Regression Testing

Question 54

Testing to ensure the software meets the customer’s operational requirements; when this testing is done directly by the customer, it is called “User Acceptance Testing”

Answer 54

Acceptance Testing

Question 55

Is a type of blackbox testing that enters random, malformed data as inputs into software programs to determine if they will crash

Answer 55

Fuzzing or Fuzz testing

Question 56

Is a black box testing method that seeks to identify and test all unique combinations of software inputs

Answer 56

Combinatorial Software Testing

A good example of this is the Pairwise Testing

Question 57

This describes the action taken by a security researcher after discovering a software vulnerability

Answer 57

Disclosure

Question 58

It is the controversial practice of releasing vulnerability details publicly.

Answer 58

Full Disclosure

Question 59

Is the practice of privately sharing vulnerability information with a vendor and withholding public release until a patch is available

Answer 59

Responsible Disclosure

Question 60

Is a maturity framework for evaluating and improving the software development process

Answer 60

Software Capability Maturity Model (CMM)

Question 61

What are the five levels of Software Capability Mature Model?

Answer 61

1. Initial
2. Repeatable
3. Defined
4. Managed
5. Optimizing

Question 62

Is a structured collection of related data

Answer 62

Database

Question 63

Databases are managed by ______ which controls all access to the database and enforces the database security

Answer 63

Database Management System (DBMS)

Question 64

Is a mathematical attack where an attacker aggregates details at a lower classification to determine information at higher classification

Answer 64

Aggregation

Question 65

Is a simillar attack to aggragation but the attacker must logically deduced missing details

Answer 65

Inference

Question 66

What are the formal database types?

Answer 66

Relational (two dimensional)

Hierarchical

Object Oriented

Question 67

The simplest form of database, a text file that contains multiple lines of data , each in a standard format

Answer 67

Flat File

Question 68

A table in database is also called ____

Answer 68

Relation

Question 69

A row is a database record which is also called _____

Answer 69

Tuple

Question 70

A column in database table is called _____

Answer 70

Attribute

Question 71

A single cell (intersection of row and column) in a database is called ____

Answer 71

value

Question 72

Relational database requires a unique value called ____ in each tuple in a table

Answer 72

Primary Key

Question 73

Is a key in related database table that matches a primary key in the parent database

Answer 73

Foreign Key

Question 75

Databases must ensure the integrity of of the data in the tables; this is called _____

Answer 75

Data Integrity

Question 76

____________ means that every foreign key in a secondary table matches a primary key in the parent table

Answer 76

Referential Integrity

Question 77

______ means that each attribute (column) value is consistent with the attribute data type

Answer 77

Semantic Integrity

Question 78

____ means each tuple has a unique primary key that is not a null

Answer 78

Entity Integrity

Question 79

This seek to make that data in a database table logically concise , organised, and consistent. It removes redundant data and improves the integrity and availability of database

Answer 79

Database Normalisation

Question 80

Normalisation has three rules called Forms. What are these?

Answer 80

First Normal Form(1NF)- Divide data into tables

Second Normal Form (2NF) - Move data that is partially dependent on the primary key to another table

Third Normal Form (3NF) - Remove data that is not dependent on the primary key

Question 81

The results of database query

Answer 81

Database View

Question 82

This contains a description of the database tables

Answer 82

Data Dictionary

Question 83

A data about data

Answer 83

Metadata

Question 84

A critical data dictionary component which describes the attributes and values of the database table

Answer 84

Database Schema

Question 85

______ is a log of all database transactions

Answer 85

Database Journal

Question 86

____ mirrors live database., allowing simulataneous reads and writes to multiple replicated databases by clients

Answer 86

Database Replication

Question 87

Its similar to a replicated database but all changes is made to a primary database, but clients do not access this. It serves as a live data backup of the primary

Answer 87

Shadow Database

Question 88

Is a large collection of data may store even petabytes (1000) terabytes of data

Answer 88

Data Warehouse

Question 89

This is use to search for patterns in a data warehouse. Commonly sought patterns includes signs of fraud

Answer 89

Data Mining

Question 90

The science of programming electronic computers to think more intelligently, sometimes mimicking the ability of mammal brains

Answer 90

Artificial Intelligence

Question 91

Simulate neural networks found in humans and animals

Answer 91

Artificial Neural Networks

Question 92

Creates Random Programs and assigns them a task of solving a problem

Answer 92

Genetic Programming

Question 93

Is a form of aritificial intelligence that uses knowledge base and inference engine

Answer 93

Expert System

Question 94

Is a form of artificial intelligence normally use to identify spam

Answer 94

Bayesan Filtering