Domain 6 - Security Assessment and Testing Flashcards

1
Q

Verification

A

objective evidence that the design outputs of a phase of the SDLC meet requirements.
3rd party sometimes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Validation

A

Develop “level of confidence” that the software meets all requirements and expectations,
software improve over time
Find back doors thru structured walk through

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Fagan inspections

A
Most formal code review processes, known as Fagan inspections, follow a rigorous review and testing process with
six steps:
• Planning
• Overview
• Preparation
• Inspection
• Rework
• Follow-up
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Dynamic Testing

A

does not require access to source code, evaluates code in a runtime environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Static Testing

A

Requires access to source code, performs code analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CVE

A

The CVE dictionary provides a standard

convention used to identify vulnerabilities, list by MITRE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CVSS

A

Common Vulnerability Scoring System, metrics and calculation tools for exploitability,
impact, how mature exploit code is, and how vulnerabilities can be remediated, also to score
vulnerabilities against unique requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Regression testing

A

is the verification that what is being installed does not affect any portion of the
application system already installed. It generally requires the support of automated process to repeat
tests previously undertaken. Known inputs against an application then compares results to earlier
version results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

nonRegression testing

A

code works as planned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

STRIDE

A

Is often used in relation to assessing threats against applications or operating systems, threat
categorization scheme, spoofing, tampering, repudiation, information disclosure, denial of service, and
elevation of privilege.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Spoofing

A

An attack with the goal of gaining access to a target system through the use of a falsified
identity. Spoofing can be used against IP addresses, MAC address, usernames, system names, wireless
network SSIDs, and other types of logical identification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

TCP SYN Scanning

A

Sends a single packet to each scanned port with the SYN flag set. This indicates
a request to open a new connection. If the scanner receives a response that has the SYN and ACK flags
set, this indicates that the system is moving to the second phase in the three-way TCP handshake and
that the port is open. TCP SYN scanning is also known as “half-open” scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

TCP Connect Scanning

A

Opens a full connection to the remote system on the specified port. This
scan type is used when the user running the scan does not have the necessary permissions to run a
half-open scan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

TCP ACK Scanning

A

Sends a packet with the ACK flag set, indicating that it is part of an open
connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Xmas Scanning

A

Sends a packet with the FIN, PSH, and URG flags set. A packet with so many flags
set is said to be “lit up like a Christmas tree,” leading to the scan’s name.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Static Testing

A

evaluates the security of software without running it by Analyzing either the source
code or the compiled application. Static analysis usually involves the use of automated tools designed
to detect common software flaws, such as buffer overflows

17
Q

Dynamic Testing

A

Evaluates the security of software in a runtime environment and is often the only
option for organizations deploying applications written by someone else. In those cases, testers often do
not have access to the underlying source code. One common example of dynamic software testing is
the use of web application scanning tools to detect the presence of cross-site scripting, SQL injection,
or other flaws in web applications. Testing may include the use of synthetic transactions to verify
system performance

18
Q

Fuzz Testing

A

Is a specialized dynamic testing technique that provides many different types of input to
software to stress its limits and find previously undetected flaws. Fuzz testing software supplies invalid
input to the software, either randomly generated or specially crafted to trigger known software
vulnerabilities. Often limited to simple errors, does find important, exploitable issues, don’t fully cover
code

19
Q

Mutation (Dumb) Fuzzing

A

Takes previous input values from actual operation of the software and manipulates (or mutates) it to create fuzzed input. It might alter the characters of the content, append strings to the end of the content, or perform other data manipulation techniques.

20
Q

Generational (Intelligent) Fuzzing

A

Develops inputs based on models of expected inputs to perform the same task. The zzuf tool automates the process of mutation fuzzing by manipulating input according
to user specifications.

21
Q

Unit testing

A

Testing small piece of software during a development stage by developers and quality
assurance, ensures quality units are furnished for integration into final product

22
Q

Integration level testing

A

Focus on transfer of data and control across a programs interfaces

23
Q

SOC Reports

A

Service organization control report

24
Q

SOC-1 report,

A
SOC-1 report, covers only internal controls over financial reporting. SSAE 16 is the same most
common synonym (SOC 1 - Finances)
25
Q

SOC-2

A

design and operational effectiveness) If you want to verify the security, integrity,
privacy, and availability controls, in detail for business partners, auditors @security

26
Q

SOC-3 report;

A

Shared with broad community, website seal, support organizations claims about
their ability to provide CIA
• Type 1 – point in time covering design
• Type 2 – period of time covering design and operating effectiveness

27
Q

OPSEC process

A

Understanding your day-to-day operations from the viewpoint of a competitor,
enemy, or hacker and then developing and applying countermeasures

28
Q

Pen-test

A

Testing of network security as would a hacker do to find vulnerabilities. Always get
management approval first

29
Q

Port scanner

A

Program that attempts to determine whether any of a range of ports is open on a
particular computer or device

30
Q

Ring zero

A

Inner code of the operating system. Reserved for privileged instructions by the itself

31
Q

Superzapping

A

System utility or application that bypasses all access controls and audit/logging
functions to make updates to code or data

32
Q

Operational assurance

A

Verification that a system is operating according to its security requirement. Assurance – degree of confidence that the implemented security measures work as intended

33
Q

Supervisor mode

A

processes running in inner protected ring