Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > Domain 6: Security Assessment and Testing pt 2 > Flashcards

Domain 6: Security Assessment and Testing pt 2 Flashcards

1
Q
  • Attempts to identity the degree to which code testing applies to the entire application
  • Goal is to ensure there are no significant gaps in the testing of software that would allow for bugs and security vulnerabilities
A

Test Coverage Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The goal here is to ensure that security is uniformly applied across the various facets of an application

A

Interface Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Common Vulnerability Scoring System (CVSS) is influenced by what three metrics?

A
  1. Base metrics
  2. Temporal metrics
  3. Environmental metrics
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  • Common Vulnerability Scoring System (CVSS) metric
  • Indicates the severity of the vulnerability
  • Established by the vendor has the largest influence on the final CVSS score
A

Base metrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  • Common Vulnerability Scoring System (CVSS) metric
  • Indicates the urgency of the vulnerability
  • Established by the vendor or originator and can change over time
A

Temporal metrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • Common Vulnerability Scoring System (CVSS) metric
  • Optional indicates how much an organization or end-user is affected by a vulnerability
  • Established by each end-user organization
A

Environmental metrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Modifies previous known inputs from actual operation of the software to generate synthetic inputs that may trigger unexpected behavior

A

Mutation fuzzing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Develops inputs based on models of expected inputs to perform the same task

A

Generational fuzzing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  • Administrator activity

- Ensures that systems are not misused

A

Log Reviews

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Ensures only authorized users retain access to information systems

A

Account management reviews

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Ensures that the organization’s data protection process is functioning properly

A

Backup verification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Provides a high-level view of the security program effectiveness

A

Key performance and risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  • Type of interface that should be tested during the software testing process
  • Allow code models a way to interact and may be exposed to the outside world
A

Application Programming Interfaces (APIs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  • Type of interface that should be tested during the software testing process
  • Provides end users the ability to interact with the software (i.e. GUI)
A

User Interfaces (UIs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  • Type of interface that should be tested during the software testing process
  • Applications that manipulate machinery (i.e. machinery, logic controller, or other objects in the physical world)
A

Physical Interfaces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the formula for the Test Coverage Analysis?

A

test coverage = number of use cases tested / total number of use cases

17
Q

What are the 5 common criteria that can be used in the Test Coverage Analysis?

A
  1. Branch Coverage
  2. Condition Coverage
  3. Function Coverage
  4. Loop Coverage
  5. Statement Coverage
18
Q
  • Common criteria for Test Coverage Analysis

- Has every if statement been executed under all if and else conditions?

A

Branch Coverage

19
Q
  • Common criteria for Test Coverage Analysis

- Has every logical test in the code been executed under all sets of inputs?

A

Condition Coverage

20
Q
  • Common criteria for Test Coverage Analysis

- Has every function in the code been called and returned results?

A

Function Coverage

21
Q
  • Common criteria for Test Coverage Analysis
  • Has every loop in the code been executed under conditions that cause code execution multiple times, only once, and not at all?
A

Loop Coverage

22
Q
  • Common criteria for Test Coverage Analysis

- Has every line of code been executed during the test?

A

Statement Coverage

23
Q
  • Website monitoring

- Analyzes actual network traffic sent to a website by capturing it as it travels the network

A

Passive Monitoring

24
Q
  • Website monitoring
  • Resembles the activity of individual users to track their interaction with the website
  • Variant of passive monitoring
A

Real User Monitoring

25
Q
  • Website monitoring

- Performs artificial transactions against a website to assess performance

A

Synthetic Monitoring (or active Monitoring)

26
Q

List the 6 processes for the Fagan inspection

A
  1. Planning
  2. Overview
  3. Preparation
  4. Inspection
  5. Rework
  6. Follow-up

CISSP (30 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions