Domain 6 - Security Assessment and Testing

Question 1

Verification

Answer 1

objective evidence that the design outputs of a phase of the SDLC meet requirements.
3rd party sometimes

Question 2

Validation

Answer 2

Develop “level of confidence” that the software meets all requirements and expectations,
software improve over time
Find back doors thru structured walk through

Question 3

Fagan inspections

Answer 3

Most formal code review processes, known as Fagan inspections, follow a rigorous review and testing process with
six steps:
• Planning
• Overview
• Preparation
• Inspection
• Rework
• Follow-up

Question 4

Dynamic Testing

Answer 4

does not require access to source code, evaluates code in a runtime environment

Question 5

Static Testing

Answer 5

Requires access to source code, performs code analysis

Question 6

CVE

Answer 6

The CVE dictionary provides a standard

convention used to identify vulnerabilities, list by MITRE

Question 7

CVSS

Answer 7

Common Vulnerability Scoring System, metrics and calculation tools for exploitability,
impact, how mature exploit code is, and how vulnerabilities can be remediated, also to score
vulnerabilities against unique requirements.

Question 8

Regression testing

Answer 8

is the verification that what is being installed does not affect any portion of the
application system already installed. It generally requires the support of automated process to repeat
tests previously undertaken. Known inputs against an application then compares results to earlier
version results

Question 9

nonRegression testing

Answer 9

code works as planned

Question 10

STRIDE

Answer 10

Is often used in relation to assessing threats against applications or operating systems, threat
categorization scheme, spoofing, tampering, repudiation, information disclosure, denial of service, and
elevation of privilege.

Question 11

Spoofing

Answer 11

An attack with the goal of gaining access to a target system through the use of a falsified
identity. Spoofing can be used against IP addresses, MAC address, usernames, system names, wireless
network SSIDs, and other types of logical identification.

Question 12

TCP SYN Scanning

Answer 12

Sends a single packet to each scanned port with the SYN flag set. This indicates
a request to open a new connection. If the scanner receives a response that has the SYN and ACK flags
set, this indicates that the system is moving to the second phase in the three-way TCP handshake and
that the port is open. TCP SYN scanning is also known as “half-open” scanning

Question 13

TCP Connect Scanning

Answer 13

Opens a full connection to the remote system on the specified port. This
scan type is used when the user running the scan does not have the necessary permissions to run a
half-open scan.

Question 14

TCP ACK Scanning

Answer 14

Sends a packet with the ACK flag set, indicating that it is part of an open
connection.

Question 15

Xmas Scanning

Answer 15

Sends a packet with the FIN, PSH, and URG flags set. A packet with so many flags
set is said to be “lit up like a Christmas tree,” leading to the scan’s name.

Question 16

Static Testing

Answer 16

evaluates the security of software without running it by Analyzing either the source
code or the compiled application. Static analysis usually involves the use of automated tools designed
to detect common software flaws, such as buffer overflows

Question 17

Dynamic Testing

Answer 17

Evaluates the security of software in a runtime environment and is often the only
option for organizations deploying applications written by someone else. In those cases, testers often do
not have access to the underlying source code. One common example of dynamic software testing is
the use of web application scanning tools to detect the presence of cross-site scripting, SQL injection,
or other flaws in web applications. Testing may include the use of synthetic transactions to verify
system performance

Question 18

Fuzz Testing

Answer 18

Is a specialized dynamic testing technique that provides many different types of input to
software to stress its limits and find previously undetected flaws. Fuzz testing software supplies invalid
input to the software, either randomly generated or specially crafted to trigger known software
vulnerabilities. Often limited to simple errors, does find important, exploitable issues, don’t fully cover
code

Question 19

Mutation (Dumb) Fuzzing

Answer 19

Takes previous input values from actual operation of the software and manipulates (or mutates) it to create fuzzed input. It might alter the characters of the content, append strings to the end of the content, or perform other data manipulation techniques.

Question 20

Generational (Intelligent) Fuzzing

Answer 20

Develops inputs based on models of expected inputs to perform the same task. The zzuf tool automates the process of mutation fuzzing by manipulating input according
to user specifications.

Question 21

Unit testing

Answer 21

Testing small piece of software during a development stage by developers and quality
assurance, ensures quality units are furnished for integration into final product

Question 22

Integration level testing

Answer 22

Focus on transfer of data and control across a programs interfaces

Question 23

SOC Reports

Answer 23

Service organization control report

Question 24

SOC-1 report,

Answer 24

SOC-1 report, covers only internal controls over financial reporting. SSAE 16 is the same most
common synonym (SOC 1 - Finances)

Question 25

SOC-2

Answer 25

design and operational effectiveness) If you want to verify the security, integrity,
privacy, and availability controls, in detail for business partners, auditors @security

Question 26

SOC-3 report;

Answer 26

Shared with broad community, website seal, support organizations claims about
their ability to provide CIA
• Type 1 – point in time covering design
• Type 2 – period of time covering design and operating effectiveness

Question 27

OPSEC process

Answer 27

Understanding your day-to-day operations from the viewpoint of a competitor,
enemy, or hacker and then developing and applying countermeasures

Question 28

Pen-test

Answer 28

Testing of network security as would a hacker do to find vulnerabilities. Always get
management approval first

Question 29

Port scanner

Answer 29

Program that attempts to determine whether any of a range of ports is open on a
particular computer or device

Question 30

Ring zero

Answer 30

Inner code of the operating system. Reserved for privileged instructions by the itself

Question 31

Superzapping

Answer 31

System utility or application that bypasses all access controls and audit/logging
functions to make updates to code or data

Question 32

Operational assurance

Answer 32

Verification that a system is operating according to its security requirement. Assurance – degree of confidence that the implemented security measures work as intended

Question 33

Supervisor mode

Answer 33

processes running in inner protected ring