Domain 8: Software Development Security

Question 1

Change management process has three basic components:

Answer 1

Request Control/Change Control/Release Control

Question 2

Request Control

Answer 2

Provides an organized framework within which users can request modifications,
managers can conduct cost/ benefit analysis, and developers can prioritize tasks.

Question 3

Change Control

Answer 3

Provides an organized framework within which multiple developers can create and
test a solution prior to rolling it out into a production environment. Change control includes
conforming to quality control restrictions, developing tools for update or change deployment, properly
documenting any coded changes, and restricting the effects of new code to minimize diminishment of
security.

Question 4

Release Control

Answer 4

Once the changes are finalized, they must be approved for release through the release control procedure.

Question 5

Configuration Identification

Answer 5

Administrators document the configuration of covered software products throughout the organization.

Question 6

Configuration Control

Answer 6

Ensures that changes to software versions are made in accordance with the
change control and configuration management policies. Updates can be made only from authorized
distributions in accordance with those policies.

Question 7

Configuration Status Accounting

Answer 7

Formalized procedures are used to keep track of all authorized changes that take place

Question 8

Configuration Audit

Answer 8

Periodic configuration audit should be conducted to ensure that the actual
production environment is consistent with the accounting records and that no unauthorized
configuration changes have taken place

Question 9

5 levels of SW-CMM

Answer 9

initiating , repeatable, defined, managed, Optimizing

Question 10

initiating

Answer 10

competent people, informal processes, ad-hoc, absence of formal process

Question 11

repeatable

Answer 11

project management processes, basic life-cycle management processes

Question 12

defined

Answer 12

Engineering processes, presence of basic life-cycle management processes and reuse
of code, use of requirements management, software project planning, quality assurance,
configuration management practices

Question 13

managed

Answer 13

product and process improvement, quantitatively controlled

Question 14

Optimizing

Answer 14

continuous process improvement Works with an IDEAL model.

Question 15

IDEAL Model

Answer 15

Initiate , Diagnose, Establish an action plan,, Action implement improvements, , Leverage reassesses and continuously improve

Question 16

PERT

Answer 16

Program Evaluation Review Technique is a project-scheduling tool used to judge the size of a
software product in development and calculate the standard deviation (SD) for risk assessment. PERT
relates the estimated lowest possible size, the most likely size, and the highest possible size of each
component. PERT is used to direct improvements to project management and software coding in order
to produce more efficient software

Question 17

DevOps

Answer 17

The word DevOps is a combination of Development and Operations, symbolizing
that these functions must merge and cooperate to meet business requirements.
Integrates:
• Software Development,
• Quality Assurance
• IT Operations

Question 18

DBMS

Answer 18

Refers to a suite of software programs that maintains and provides controlled access to data
components store in rows and columns of a table

Question 19

Relational

Answer 19

One-to-one relationships, has DDL and DML, has TUPLES and ATTRIBUTES
(rows and columns)

Question 20

Key-Value Store

Answer 20

key-value database, is a data storage paradigm designed for storing,
retrieving, and managing associative arrays, a data structure more commonly known today as a
dictionary or hash.

Question 21

DDL – Data definition language

Answer 21

defines structure and schema

Question 22

DML – Data manipulation language

Answer 22

View, manipulate and use the database via VIEW, ADD,

MODIFY, SORT and DELETE commands.

Question 23

Degree of Db

Answer 23

Number of attributes (columns) in table

Question 24

Cardinality

Answer 24

rows

Question 25

Tuple

Answer 25

Row or record

Question 26

DDE – Dynamic data exchange

Answer 26

Enables applications to work in a client/server model by providing the
inter-process communications mechanism (IPC)

Question 27

DCL – Data control language

Answer 27

Subset of SQL used to control access to data in a database, using GRANT and REVOKE statements

Question 28

Semantic integrity

Answer 28

Make sure that the structural and semantic rules are enforced on all data types,
logical values that could adversely affect the structure of the database

Question 29

Referential integrity

Answer 29

all foreign keys reference existing primary keys,

Question 30

Candidate Key

Answer 30

An attribute that is a unique identifier within a given table, one of the candidate keys
is chosen to be the primary key and the others are alternate keys, A candidate key is a subset of
attributes that can be used to uniquely identify any record in a table. No two records in the same table
will ever contain the same values for all attributes composing a candidate key. Each table may have one
or more candidate keys, which are chosen from column headings.

Question 31

Primary Key

Answer 31

Provide the sole tuple-level addressing mechanism within the relational model. Cannot
contain a null value and cannot change or become null during the life of each entity. When the primary
key of one relation is used as an attribute in another relation, it is the foreign key in that relation.
Uniquely identify a record in a database

Question 32

Foreign Key

Answer 32

Represents a reference to an entry in some other table that is a primary key there. Link
between the foreign and primary keys represents the relationship between the tuples. Enforces
referential integrity

Question 33

Main Components of a Db using Db

Answer 33

• Schemas; blueprints
• tables
• views

Question 34

Incorrect Summaries

Answer 34

When one transaction is using an aggregate function to summarize data stored
in a Db while a second transaction is making modifications to a Db, causing summary to include
incorrect information

Question 35

Dirty Reads

Answer 35

When one transaction reads a value from a Db that was written by another transaction
that did not commit, Db concurrency issue

Question 36

Lost Updates

Answer 36

When one transaction writes a value to the Db that overwrites a value needed by
transactions that have earlier precedence

Question 37

Dynamic Lifetime Objects

Answer 37

Objects created on the fly by software in an Object Oriented

Programming environment. An object is preassembled code that is a self-contained module

Question 38

ODBC

Answer 38

Open Database Connectivity is a database feature that allows applications to communicate
with different types of databases without having to be directly programmed for interaction with each
type. ODBC acts as a proxy.

Question 39

Database contamination

Answer 39

Mixing data with different classification levels and/ or need-to-know
requirements and is a significant security challenge. Often, administrators will deploy a trusted front
end to add multilevel security to a legacy or insecure DBMS.

Question 40

Database partitioning -

Answer 40

Is the process of splitting a single database into multiple parts, each with a
unique and distinct security level or type of content

Question 41

Polyinstantiation

Answer 41

Occurs when two or more rows in the same relational database table appear to have
identical primary key elements but contain different data for use at differing classification levels. It is
often used as a defense against inference attacks

Question 42

Database transactions

Four required characteristics

Answer 42

atomicity, consistency, isolation, and durability.
Together, these attributes are known as the ACID model, which is a critical concept in the development of database
management systems.

Question 43

Atomicity

Answer 43

Database transactions must be atomic—that is, they must be an “all-or-nothing” affair. If
any part of the transaction fails, the entire transaction must be rolled back as if it never occurred

Question 44

Consistency

Answer 44

All transactions must begin operating in an environment that is consistent with all of the
database’s rules (for example, all records have a unique primary key). When the transaction is
complete, the database must again be consistent with the rules, regardless of whether those rules were
violated during the processing of the transaction itself. No other transaction should ever be able to use
any inconsistent data that might be generated during the execution of another transaction.

Question 45

Isolation

Answer 45

Principle requires that transactions operate separately from each other. If a database
receives two SQL transactions that modify the same data, one transaction must be completed in its
entirety before the other transaction is allowed to modify the same data. This prevents one transaction
from working with invalid data generated as an intermediate step by another transaction.

Question 46

Durability

Answer 46

Database transactions must be durable. That is, once they are committed to the database,
they must be preserved. Databases ensure durability through the use of backup mechanisms, such as
transaction logs

Question 47

Expert Systems

Answer 47

Expert systems seek to embody the accumulated knowledge of experts on a
particular subject and apply it in a consistent fashion to future decisions.
Every expert system has two main components: the knowledge base and the inference engine.

Question 48

Expert Systems Two modes

Answer 48

• Forward chaining: acquires info and comes to a conclusion

* Backward chaining: backtracks to determine IF a hypothesis is correct

Question 49

Neural Networks

Answer 49

• Use complex computations to replace partial functions of the human mind
• Based on function of biologic neurons
• Works with weighted inputs
• If a threshold is exceeded there will be output
• Single-layer: only one level of summoning codes
• Multi-level: more levels of summoning codes
• Training period needed to determine input vectors - adaptability (learning process)

Question 50

Encapsulation (Data Hiding)

Answer 50

Only data it needs, no accidental access to data

Question 51

Message

Answer 51

Communication to object to perform an action

Question 52

Method

Answer 52

Code that defines an action an object performs in response to a message

Question 53

Behavior

Answer 53

Results exhibited by an object in response to a msg

Question 54

Class

Answer 54

Collection of methods that defines the behavior of objects

Question 55

Instance

Answer 55

Objects are instances of classes that contain their methods

Question 56

Inheritance

Answer 56

Allows a subclass to access methods belonging to a superclass

Question 57

Multiple Inheritance

Answer 57

Class inherits characteristics from more than one parent class

Question 58

Delegation

Answer 58

Forwarding a request to another object

Question 59

Polymorphism

Answer 59

Objects of many different classes that are related by some common super class. When
different subclasses may have different methods using the same interfaces that respond differently

Question 60

Poly-instantiation

Answer 60

Occurs when two or more rows in the same relational database table appear to
have identical primary key elements but contain different data for use at differing classification levels.
It is often used as a defense against some types of inference attacks

Question 61

OORA, Requirements Analysis

Answer 61

Defines classes of objects and their interactions

Question 62

OOA, Analysis

Answer 62

Understanding and modeling a particular problem Domain Analysis (DA) seeks to
identify classes and objects that are common to all applications in a domain

Question 63

OOD, Design

Answer 63

Objects are the basic units, and instances of classes

Question 64

OOP, Programming

Answer 64

Employment of objects and methods
If class = airplane, objects like fighter plane, cargo plane, passenger plane can be created. Method
would be what a plane would do with a message like: climb, dive, and roll.

Question 65

ORBs, Object Request Brokers

Answer 65

Middleware that acts as locators and distributors of the objects across networks.

Question 66

CORBA, Common object request

Answer 66

Broker architecture enables programs written in different languages and using different platforms and OS’s through IDL (Interface Definition Language)

Question 67

COM, Common Object Model

Answer 67

Support exchange of objects amongst programs. This used to be called OLE. DCOM is the network variant (distributed)

Question 68

Conclusion

Answer 68

Object orientation (e.g. with C++ and Smalltalk) supports reuse of objects and reduces
development risk, natural in its representation of real world entities.

Question 69

Cohesion

Answer 69

Ability to perform without use of other programs, strength of the relationship between the
purposes of methods within the same class

Question 70

High cohesion

Answer 70

Without use of other modules

Question 71

Low cohesion

Answer 71

Must interact with other modules

Question 72

Coupling

Answer 72

Effect on other modules. Level of interaction between objects

Question 73

High coupling

Answer 73

Module largely affects many more modules. High cohesion | GOOD

Question 74

Low coupling

Answer 74

It doesn’t affect many other modules Low coupling | GOOD

Question 75

Abstraction

Answer 75

One of the fundamental principles behind object-oriented programming. It is the “blackbox” doctrine that says that users of an object (or operating system component) don’t necessarily need
to know the details of how the object works; they need to know just the proper syntax for using the
object and the type of data that will be returned as a result

Question 76

Separation of privilege

Answer 76

Builds on the principle of least privilege. It requires the use of granular
access permissions; that is, different permissions for each type of privileged operation. This allows
designers to assign some processes rights to perform certain supervisory functions without granting
them unrestricted access to the system.

Question 77

Process isolation

Answer 77

Requires that the operating system provide separate memory spaces for each
process’s instructions and data. It also requires that the operating system enforce those boundaries,
preventing one process from reading or writing data that belongs to another process.
• It prevents unauthorized data access. Process isolation is one of the fundamental requirements
in a multilevel security mode system.
• It protects the integrity of processes

Question 78

Layering processes

Answer 78

You implement a structure similar to the ring model used for operating modes and apply it to each operating system process.

Question 79

Hardware segmentation

Answer 79

Is similar to process isolation in purpose. Difference is that hardware
segmentation enforces these requirements through the use of physical hardware controls rather than the
logical process isolation controls imposed by an operating system.

Question 80

Covert channels

Answer 80

Is a way to receive information in an unauthorized manner, information flood that is not protected by a
security mechanism
2 types
• Storage covert channel - processes communicate via storage space on the system
• Covert timing channel - one process relays to another by modulating its use of system
resources. Typing rhythm of Morse Code is an example
Countermeasures: eal6 systems have less than eal3 systems because covert channels are normally a
flaw in design.

Question 81

Java

Answer 81

Sandboxes, no warnings, programs are compiled to bytecode

Question 82

ActiveX

Answer 82

Authenticode, relies on digital signatures, annoying dialogs people click away

Question 83

Virus

Answer 83

Reproduces using a host application. It inserts or attaches itself to the file, spread thru infected
media

Question 84

Worm

Answer 84

Reproduces on its own without host application

Question 85

Logic Bomb/Code Bomb

Answer 85

Executes when a certain event happens (like accessing a bank account or employee being fired) or a data/time occurs

Question 86

Trojan Horse

Answer 86

Program disguised as a useful program/tool

Question 87

HOAXES

Answer 87

False warnings like: DON’T OPEN X SEND TO ALL YOUR COLLEAGUES

Question 88

RAT, Remote Access Trojan

Answer 88

Remote control programs that have the malicious code and allow for
unauthorized remote access Back orifice, sub seven, net bus )

Question 89

Buffer Overflow

Answer 89

Excessive information provided to a memory buffer without appropriate bounds
checking which can result in an elevation of privilege. If executable code is loaded into the overflow, it
will be run as if it were the program.

Buffer overflows can be detected by disassembling programs and looking at their operations.
Buffer overflows must be corrected by the programmer or by directly patching system memory.

Question 90

LOKI

Answer 90

Is a tool used for covert channel that writes data directly after the ICMP header

Question 91

Directory Traversal Attack –

Answer 91

Attacker attempts to force the web application to navigate up the file
hierarchy and retrieve a file that should not normally be provided to a web user.

Question 92

Hash Collisions

Answer 92

Two different files produce the same result from a hashing operation

Question 93

Boot sector Virus

Answer 93

Moves or overwrites the boot sector with the virus code.

Question 94

Companion virus

Answer 94

A specific type of virus where the infected code is stored not in the host program,
but in a separate ‘companion’ files. For example, the virus might rename the standard NOTEPAD.EXE
file to NOTEPAD.EXD and create a new NOTEPAD.EXE containing the virus code. When the user
subsequently runs the Notepad application, the virus will run first and then pass control to the original
program, so the user doesn’t see anything suspicious. Takes advantage of search order of an

Question 95

Multipart virus

Answer 95

Infects both the boot sector and executable files; becomes resident first in memory
and then infects the boot sector and finally the entire system, uses two or more propagation
mechanisms

Question 96

Self-garbling virus

Answer 96

attempts to hide by garbling its code; as it spreads, it changes the way its code is
encoded

Question 97

Polymorphic virus

Answer 97

This is also a self-garbling virus where the virus changes the “garble” pattern
each time is spreads. As a result, it is also difficult to detect

Question 98

Macro virus

Answer 98

Usually written in Word Basic, Visual Basic or VBScript and used with MS Office

Question 99

Resident virus

Answer 99

Virus that loads when a program loads in memory

Question 100

Master boot record/boot sector

Answer 100

(MBR) virus attack the MBR—the portion of bootable media (such
as a hard disk, USB drive, or CD/ DVD) that the computer uses to load the operating system during the
boot process. Because the MBR is extremely small (usually 512 bytes), it can’t contain all the code
required to implement the virus’s propagation and destructive functions. To bypass this space
limitation, MBR viruses store the majority of their code on another portion of the storage media. When
the system reads the infected MBR, the virus instructs it to read and execute the code stored in this
alternate location, thereby loading the entire virus into memory and potentially triggering the delivery
of the virus’s payload.

Question 101

Signature based Anti-Virus

Answer 101

Cannot detect new malware

Question 102

Heuristic behavioral Anti-Virus

Answer 102

Can detect new malware

Question 103

Protection domain

Answer 103

Execution and memory space assigned to each process

Question 104

TRUSTED COMPUTER BASE

Answer 104

Combination of protection systems within a computer system, which include the hardware, software
and firmware that are trusted to enforce the security policy.

Question 105

Security Kernel

Answer 105

Hardware, software, firmware, elements of TCB that implement the reference
monitor concept — must be isolated from reference monitor (reference monitor: isolation,
completeness and verifiability, that compares the security labels of subjects and objects)

Question 106

Multistate systems

Answer 106

Capable of implementing a much higher level of security. These systems are
certified to handle multiple security levels simultaneously by using specialized mechanisms

Question 107

Protection rings

Answer 107

• Ring 0 - Operating system kernel. The OS’ core. The kernel manages the HW (for example,
processor cycles and memory) and supplies fundamental services that the HW does not provide.
• Ring 1 - Remaining parts of the operating system
• Ring 2 - I/O drivers and utilities
• Ring 3 - Applications and programs

Question 108

CSRF (XSRF)

Answer 108

Cross site request forgery, attacks exploit the trust that sites have in a user’s browser
by attempting to force the submission of authenticated request to third-party sites.

Question 109

Cross-site Scripting

Answer 109

Uses reflected input to trick a user’s browser into executing untrusted code from
a trusted site

Question 110

Session Hijacking

Answer 110

Attempt to steal previously authenticated sessions but do not force the browser to
submit request.

Question 111

SQL Injection

Answer 111

Directly attacks a database through a web app,, CARROT’1=1; - quotation mark to
escape out of input field

Question 112

Service Pack

Answer 112

Collection of unrelated patches released in a large collection

Question 113

Patch management system

Answer 113

Prevents outages from known attacks by ensuring systems are patched.
Patches aren’t available for new attacks. However, the patch management system doesn’t provide the
updates. Ensuring systems are patched reduces vulnerabilities but it does not eliminate them

Question 114

Threat Modeling

Answer 114

Reduce the number of security-related design and coding flaws, reduce severity of
non-security related files, not to reduce number of threat vectors

Question 115

Open system

Answer 115

Is one with published APIs that allow third parties to develop products to interact with
it.

Question 116

Keys

Answer 116

Like passwords and should be treated as very sensitive information. They should always be
stored in secure locations and transmitted only over encrypted communications channels. If someone
gains access to your key, they can interact with a web service as if they were you! Limit access to

Question 117

Nessus

Answer 117

is a popular vulnerability scanner managed by Tenable Network Security, and it combines
multiple techniques to detect a wide range of vulnerabilities. It uses port scans to detect open ports and
identify the services and protocols that are likely running on these systems.

Question 118

OWASP

Answer 118

Open Web Application Security Project, most authoritative source on web application
security issues

Question 119

Shadow Password File

Answer 119

/etc./ shadow. This file contains the true encrypted PWs of each user, but it is
not accessible to anyone but the administrator. The publicly accessible /etc./ passwd file then simply
contains a list of usernames without the data necessary to mount a dictionary attack. “x”

Question 120

User Mode

Answer 120

Processor mode used to run the system tools used by admins to make configuration
changes to a machine

Question 121

Kernel Mode

Answer 121

Used by processor to execute instructions from