Domain 8: (Software Development Security) Flashcards

1
Q

What can improve application security and reduce risk for some important core functions?

A

Code Libraries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What evaluates security of an application during runtime?

A

Dynamic Application Security Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What will improve recoverability and issues tracking?

A

Release Versioning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What describes the analysis of cpu software performed without actually executing programs, where the tester has access to the underlying framework, design, and implementation and requires source code.

A

Static Application Security Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a program which communicates w/ a web app and the tester has no knowledge of the technologies or frameworks that the app is built on, and no source code is required.

A

Dynamic Application Security Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In a basic relational database management system, what contains a number of attributes or fields and corresponds to a column.

A

Tables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In a basic relational database management system, what is a data record within a table?

A

Rows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In a basic relational database management system, what represents a set of data values of a particular type, one value for each row of the database.

A

Columns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a subset of attributes that can be used to uniquely identify any record in a table?

A

Candidate Keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is selected from the set of candidate keys for a table to be used to uniquely identify the record in a table, each table can only have one, and is selected by the database designer.

A

Primary Keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is used to enforce relationships between two table, also known as referential integrity.

A

Foreign Keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What ensures that if one table contains a foreign key, it corresponds to a still-existing primary key in the other table in the relationship.

A

Referential Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are two common RDMS attacks?

A

Aggregation
Inference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the ability to create sensitive information by combining non-sensitive from separate sources?

A

Aggregation Attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the ability to deduce or assume sensitive information from observing non-sensitive pieces of information?

A

Inference Attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What can prevent an aggregation attack?

A

Need-to-know and least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What can prevent an inference attack?

A

Blurring data and database partitioning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What allows a systems to stimulate additional primary memory resources through the use of secondary storage?

A

Virtual Memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What consists of more inexpensive, nonvolatile storage resources available to a sys for long-term use?

A

Secondary storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What allows the operating sys to request contents from any point within the media?

A

Random Access Storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are examples of random access storage?

A

RAM and Hard Drives

22
Q

What requires scanning through the entire media from the beginning to reach a specific address?

A

Sequential Access Storage

23
Q

What are example/s of sequential access storage?

A

Magnetic Tape

24
Q

What allows a sys to stimulate secondary storage resources through the use of primary storage.

A

Virtual Storage

25
What consists of two main components: a knowledge base that contains a series of "if/then" rules and an inference engine that uses that information to draw conclusions about other data.
Expert Systems
26
What simulate functions of the human mind by arranging a series of layered calculations to solve problems and require extensive training on a particular problem before they can offer solutions.
Neural Networks
27
What uses several iterations of waterfall model to produce a number of fully specified and tested prototypes?
Spiral Model
28
What are the four principles of the agile model?
Individuals and Interactions Working software Customer collaboration Responding to change
29
What are the seven stages of the waterfall model?
System Requirements Software Requirements Preliminary Design Detailed Design Code and Debug Testing Ops & Maintenance
30
What are the steps and plans of the software capability maturity model (SW-CMM)?
Initial: No Plan Repeatable: Basic lifecycle mgmt Defined: Formal, documented SW development processes Managed: Quantitative measures to gain detailed understanding Optimized: Continuous development process, w/ feedback loops
31
What are the steps and process of the IDEAL model?
Initiating: Business reasons outlined Diagnosing: Engineers analyze current state of org Establishing: Org takes recommendations & develops plan for changes Acting: Plan is put into action Learning: Org continuously analyzes efforts and results and proposes new actions
32
What provides an organized framework within which users can request modifications?
Request Control
33
What is used by developers to re-create the situation encountered by the user and analyze the appropriate changes to remedy the situation.
Change Control
34
What are four main propagation techniques viruses use?
File Infection Service Injection Boot Sector Infection Macro Infection
35
What infects different types of executable files and trigger when the operating sys attempts to execute them?
File Infection
36
What can escape detection by injecting themselves into trusted runtime processes of the OS, such as svchost.exe, winlogin.exe, and explorer.exe.
Service Injection
37
What can infect the legitimate boot sector and are loaded into memory during the OS load process?
Boot Sector Infection
38
What can infect and spread through code in macros?
Macro Infection
39
What uses signature-based detection algorithms to look for telltale patterns of known viruses?
Antiviruses Software
40
What is freely available on the internet and used as a 2nd step by attackers to exploit know vulnerabilities in various OSs enabling attackers to elevate privileges?
Rootkit Attack
41
What type of web application attack uses unexpected input to a web app to gain unauthorized access to an underlying database?
SQL Injection Attack
42
What type of web app attack injection that uses malicious scripts into otherwise benign and trusted sites?
Cross-site Scripting (XSS)
43
What are some network reconnaissance techniques?
IP Probes Port Scans Vulnerability Scans
44
What are automated tools simply used to attempt to ping each address in a range?
IP Probes
45
What scans a sys for open/listening ports, often web servers, file servers and other servers supporting critical operations?
Port Scans
46
What ring level is the kernel?
Ring 0
47
What ring level are device drivers?
Ring 1 and Ring 2
48
What ring level are applications?
Ring 3
49
What is the software development lifecycle?
Requirements Analysis Design Implementation Testing Evolution
50
What represents several mutually independent security apps, processes, or services that operate toward a single common goal?
Concentric Circle Security
51
What type of attack is an act of exploiting holes in unpatched or poorly configured software you buy and install?
Shrink Wrap Code Attacks