Domain 8

Question 1

What is a Tuple

Answer 1

It is a row in a table in a relational database

Question 2

What is an Attribute

Answer 2

It is a column in a relational Database

Question 3

What is a table

Answer 3

It is the database that consists of tuples (rows) and attributes (columns)

Question 4

Main Components of SQL database

Answer 4

1. Schema
2. Tables
3. Views

Question 5

What is a Schema

Answer 5

Describes a structure of a database, including any access controls limiting how the users will view the information contained in the tables

Question 6

What are Tables

Answer 6

Columns and rows (tuples) of the data are contained in tables

Question 7

what are Views

Answer 7

“Defines what information a user can view in the tables. The view can be customized so that an entire table may be visible or a user may be limited to only being able to see just a row or a column. Views are created dynamically by the system for each user and provide access control granularity.”

Question 8

SDLC

Answer 8

Software Development Lifecycle

Question 9

Waterfall SDLC

Answer 9

“highly structured and does not allow for changes once the project is started and moved onto subsequent phases. Revisions are not allowed in later phases.”

Question 10

Common SDLC Types

Answer 10

Waterfall, agile, spiral, others

Question 11

Prototyping

Answer 11

“In prototyping, the objective is to build a simplified version of the entire application, release it for review, and use the feedback from the stakeholders to review to build a second, much better version. This is repeated until the owner and stakeholders are satisfied with the final product. Prototyping is broken down into a step-by-step process that includes initial concept, design and implementation of initial prototype, refining the prototype until acceptable to the owner, and complete and release final version”

Question 12

MPM

Answer 12

Modified Prototype Model

Question 13

Define MPM

Answer 13

“A refined form of the above prototyping methodology that is ideal for web application development, it allows for the basic functionality of a desired system or component to be formally deployed in a quick time frame. The maintenance phase is set to begin after the deployment. The goal is to have the process be flexible enough so the application is not based on the state of the organization at any given time. As the organization grows and the environment changes, the application evolves with it rather than being frozen in time”

Question 14

RAD

Answer 14

Rapid Application Development

Question 15

Define RAD

Answer 15

“Also, a refined form of prototyping, rapid application development (RAD) requires strict time limits on each phase and relies on efficient tools that enable quick development. The goal is to produce quality code quickly. While this sounds attractive, it must be handled properly because the quick development process may be a disadvantage if decisions are made so rapidly that it leads to poor design”

Question 16

JAD

Answer 16

Joint Analysis Development

Question 17

Define JAD

Answer 17

“The premise is to have facilitation techniques that become an integral part of the management process that helps developers to work directly with owners and stakeholders to develop a working application. This is a novel idea that involves all stakeholders in the entire process. The success of this methodology is based on having key players communicating at all critical phases of the project. “

Question 18

Define JAD

Answer 18

“The premise is to have facilitation techniques that become an integral part of the management process that helps developers to work directly with owners and stakeholders to develop a working application. This is a novel idea that involves all stakeholders in the entire process. The success of this methodology is based on having key players communicating at all critical phases of the project. “

Question 19

Implementations of Agile philosophy

Answer 19

SCRUM

Question 20

SCRUM

Answer 20

1. user story “as a ___, I need___ so I can___”
   EPICS are large User stories
2. Product backlog >Sprint backlog > WIP > done
3. How to track progress
   burn up/burn down chart. Used to determine progress in what is being accomplished

Question 21

Roles of SCRUM

Answer 21

(want around 5-9 people on the team)

1. SCRUM Master
   Job to remove impediment
   Keep the team adhering to SCRUM rules
2. Product Owner (arguably most important)
   Voice of the customer. Needs to understand the business
3. Team Member
   Testers, developers

Question 22

Clean room development

Answer 22

1. Rigorous testing, focused on detecting, controlling, and avoiding bugs.
2. Preferred as a security concern, quality achieved through design.
3. Security should always be designed into the system based on requirements

Question 23

Trusts Computer Bases (TCB)

Answer 23

“is the collection of all the hardware, software, and firmware components within an architecture that are specifically responsible for security. The TCB is a term that is usually associated with security kernels and the reference monitor.”

Question 24

Security Kernel Must Meet What three basic fundamental requirement

Answer 24

Completeness - all accesses to information must go through

Question 25

Security Kernel Must Meet What three basic fundamental requirement

Answer 25

Completeness - all accesses to information must go through the kernel

Isolation - The Kernel itself must be protected from any type of unauthorized access

Verifiability - The kernel must be proven to meet design specifications

Question 26

Time Multiplexing

Answer 26

“allows the operating system to provide structured access by processes to resources according to a controlled and tightly managed time schedule. This schedule is defined as a short period of time, or a time slice, which will grant access to the system resources required by the process and then terminate that access once the time period has expired. “

Question 27

Time Multiplexing

Answer 27

“allows the operating system to provide structured access by processes to resources according to a controlled and tightly managed time schedule. This schedule is defined as a short period of time, or a time slice, which will grant access to the system resources required by the process and then terminate that access once the time period has expired. “

Question 28

Types of Unit or Bench Testing

Answer 28

White Box/Black box Testing - level or prior knowledge before testing system, for vulnerabilities penetration

Automated/manual Testing -

Static/Dynamic

Positive/negative test - Enter a test case with expectation it will pass it positive test case. a test case tested with the expectation to get a failure is a negative test case.

Question 29

Memory Manager Responsivities

Answer 29

1. Relocation
2. Protection
3. Sharing
4. Logical Organization
5. Physical Organization

Question 30

OWASP Hosts 10 Ten Software Security vulnerabilties?

Answer 30

True

Question 31

OWASP Top 10 Currently

Answer 31

1. Verify Security Early and Often
2. Parameterize Queries
3. Encode/Encrypt Data
4. Validate ALL inputs
5. Implement Identity and authentication Controls
6. Implement Access Controls (2FA)
   7 Protect Data
7. Implement Logging and Intrusion Detection
8. Leverage Security and Frameworks and Libraries
9. Handle errors and exceptions gracefully

Question 32

Steps of SDLC

Answer 32

1. Initiation
2. Design
3. Development
4. Implementation
5. Maintenance
6. End-of-life

Question 33

Step 3 of SDLC

Answer 33

Development

Question 34

Step 6 of SDLC

Answer 34

End-of-life

Question 35

Step 4 of SDLC

Answer 35

Implementation

Question 36

Step 1 of SDLC

Answer 36

Initiate

Question 37

Step 5 of SDLC

Answer 37

Maintenance

Question 38

Step 2 of SDLC

Answer 38

Design

Question 39

What do you do in each step of SDLC

Answer 39

1. Initiate - identify security concerns
2. Design - Formalize plans to address security
3. Develop - Build Security into the software
4. Implement - Test and Deploy Security Process
5. Maintenance - exercise security and DR
6. End-of-life - Unwind and destroy processes

Question 40

Varieties of Testing

Answer 40

1. Unit Testing
2. Integration Testing
3. Regression Testing
4. User-Acceptance Testing (UAT)

Question 41

Code Review types

Answer 41

Quality Assurance Review
Resolve Bugs/flaws
Review CVES

Question 42

Change Management Controls happen during which part of SDLC

Answer 42

Implementation and Maintenance Phase

Question 43

5 Categories of CMMI

Answer 43

1. Initial
2. Managed
3. Defined
4. Quantitatively Managed
5. Optimized

Question 44

CMMI

Answer 44

Capability Maturity Model

Question 45

Steps of CMMI explained

Answer 45

initial - reactive, unpredictable, not controlled (think start up company)

Managed - reactive (minimal control, planned)

Defined - Proactive (standardized, documented processes

Quantitative Managed - proactive (like defined but using metrics to alter and tailor process)

Optimized - Industry Leader, standard maker

Question 46

IDEAL

Answer 46

Initiate
Diagnosing
Establishing
Acting
Learning

Question 47

IDEAL is a model for

Answer 47

Software process improvement

Question 48

Two Software Method Approahes

Answer 48

Imperative - State changes are instructed by programmer
Procedural
Object-oriented

Declarative - Desired outcome is instructed
Functional
Logical
Mathematical