Domain 8 -- Software Development Security

Question 1

What are the phases of the SDLC?

Answer 1

• Requirements
• Design
• Development
• Testing
• Operations and Maintenance

Question 2

What are examples of Privacy Risk?

Answer 2

• P1, High Privacy Risk
• P2, Moderate Privacy Risk
• P3, Low Privacy Risk

Question 3

What are three models for software requirements?

Answer 3

• Informational model
• Functional model
• Behavioral model

Question 4

What is an attack surface?

Answer 4

An attack surface is what is available to be used by an attacker against the product itself.

Question 5

What is test driven development?

Answer 5

It means developing the unit tests for their modules before they even start coding

Question 6

What are the 4 testing types for the exam

Answer 6

1. Unit testing
2. Integration testing
3. Acceptance testing
4. Regression testing

Question 7

What are fuzzers and fuzzing?

Answer 7

• Fuzzers use complex input to impair program execution.
• Fuzzing is a technique used to discover flaws and vulnerabilities in software by sending large amounts of malformed, unexpected or random data to teh target program in order to trigger failures

Question 8

What’s a manual test?

Answer 8

A manual test is used to analyze aspects of the program that require human intuition and can usually be judged using computing techniques.

Testers try to locate design flaws and hack the software

Question 9

What’s the difference between Verification and Validation?

Answer 9

• Verification determines if the product accurately represents and meets the specs. Did we build the product right?
• Validation determines if the product provides the necessary solution for the intended real-world problem. Did we build the right product?

Question 10

What is a zero-day vulnerability?

Answer 10

• A zero-day vulnerability is one that does not currently have a resolution

Question 11

What are the key security tasks of the Requirements gathering phase?

Answer 11

• Security risk assessment
• Privacy Risk Assessment
• Risk-level acceptance
• Informational, functional and behavioral requirements

Question 12

What are two key security tasks in the Design phase?

Answer 12

• Attack surface analysis
• Threat modeling

Question 13

What are 2 key security tasks in the Development Phase?

Answer 13

• Automated CASE tools
• Static analysis

Question 14

What are two key security activities in the Testing phase?

Answer 14

• Dynamic analysis
• Fuzzing
• Manual testing
• Unit, integration, acceptance and regression testing

Question 15

• What is the key security related activity during the Operations and maintenance phase?

Answer 15

• Final security review

Question 16

Why is the V-shaped methodology better than waterfall in some respects?

Answer 16

V-shaped emphasizes testing throughout the development process, not just at the end. Thus, it has a higher chance of success

Question 17

What is a prototype?

Answer 17

A prototype is a sample of software code or a model that can be developed to explore a specific approach to a problem before investing expensive time and resources

Question 18

What’s the difference between?

• Rapid prototyping
• Evolutionary prototypes
• Operational prototypes

Answer 18

• Rapid prototype lets the dev team quickly create a prototype to test the validity. Quick and dirty – not meant to used. Throw-away.
• Evolutionary prototypes - prototype will be improved upon and used
• Operational prototypes - an extension of evolutionary prototypes. Designed to be implemented in Prod while it is being tweaked

Question 19

What is the incremental methodology with respect to software development?

Answer 19

• It allows the dev team to carry out multiple development cycles on a piece of software throughout its development.
• After each iteration, it is a working piece of software that will be implemented in production.
• Advantages:
  
  • Product is delivered more quickly
  • Initial delivery costs are lower
  • Customer gets functionality earlier
  • Risks of critical changes taking place are lower

Question 20

What is the Spiral Methodology?

Answer 20

• The spiral methodology uses an iterative approach to software development and places emphasis on risk management
• Four main phases that are iterated through:
  
  • Objectives
  • Risk analysis
  • Development
  • Test
• At the conclusion of each cycle of the spiral a Prototype is created
• Eventually, an operational prototype will be created

Question 21

What are the advantages of the spiral methodology?

Answer 21

• Good methodology for complex projects that have fluid requirements
• Allows new requirements to be addressed as they are uncovered
• Each prototype allows for early testing and feedback

Question 22

What is the Rapid Application Development methodology?

Answer 22

• RAD is a methodology that relies more on the use of rapid prototyping, rather than on extensive upfront planning.
• Uses prototyping and iterative development

Question 23

Do Agile methodologies use prototypes to represent the full product?

Answer 23

No – Agile methodologies break the product down into individual features that are continuously being delivered

Question 24

What are some of the key features of the Scrum method of Agile development

Answer 24

• Widely used
• Allows project features to be added/changed/removed at clearly defined points
• Customer is intimately involved
• Changes can happen at the conclusion of a sprint, but not during a sprint
• Have backlogs of feature stories

Question 25

What are two key characteristics of Extreme Programming?

Answer 25

• Pair programming – having two programmers work together on the same code
• Test Driven Development - write the test before you write the code
  
  • This tends to keep code minimalistic
  • helps avoid complexity

Question 26

What are the key features of Kanban?

Answer 26

• Stresses visual tracking
• Planned / In Progress / Done

Question 27

What is an Integrated Product Team?

Answer 27

• An IPT is a multidisciplinary dev team with representatives from many or all stakeholder populations
• It is not a methodology – it is a management approach

Question 28

What is DevOps? And what are its benefits?

Answer 28

• DevOps is the practice of incorporating development, IT and QA staff into software development projects to align their incentives and enable frequent, efficient and reliable releases of software products
• Benefits:
  
  • Positive impact on security
  • Increases trust within an organization
  • Increases job satisfaction among developers, IT staff and QA

Question 29

What is the Capability Maturity Model Integration (CMMI), and what are its five levels?

Answer 29

• The CMMI is a comprehensive, integrated set of guidelines for developing products and software. Used to rate software vendors
• Five levels:
  
  1. Initial
  2. Repeatable
  3. Defined
  4. Managed
  5. Optimizing

Question 30

What’s the difference between Change Management and Change Control?

Answer 30

• Change management is a systematic approach to deliberately regulating the changing nature of projects, including software projects
• Change Control is the process of controlling the specific changes that take place during the life cycle of a system and documenting the necessary change control activities

Question 31

What’s the relationship between Change Management and Change Control?

Answer 31

Change Control is part of Change Management

Question 32

Why is it so important to secure the Source Code repositories

Answer 32

• They house intellectual property
• If the bad guys get access to the code, they can analyze it and hack it.

Question 33

What are the key points re Software Configuration Management

Answer 33

• Centralized code repositories can carry out the main functionality
  
  • Versioning
  • Concurrency management
  • Logs of who made which changes
  • Checkout code and merge it back (known as synchronization)

Question 34

What are Carnegie Mellon’s SEI list of 10 secure coding practices?

Answer 34

1. Validate inputs
2. Heed computer warnings
3. Architect and design for security policies
4. Keep it simple
5. Default deny
6. Adhere to the principle of least privilege
7. Sanitize data sent to other systems
8. Practice defense in depth
9. Use effective QA techniques
10. Adopt a secure coding standard

Question 35

Name the five generations of programming languages

Answer 35

1. Machine language
2. Assembler language
3. High level language (Fortran, Cobol)
4. Very high-level language
5. Natural language

Question 36

Why is C less secure than Java?

Answer 36

• C is more susceptible to buffer over-run and string errors (string lengths are not checked)
• C leaves garbage collection up to the developer, whereas as Java does it for the dev at the JVM level

Question 37

In OOP an object is an ___________ of a _____________.

Answer 37

instance, class

Question 38

What are the key benefits of OOP?

Answer 38

• Modularity
• Deferred Commitment (internal aspects of an object can be redefined without changing other parts of a system
• Reusability
• Naturalness

Question 39

What’s the difference between the shared portion and the private portion of an object?

What important concept in OOP does this enable?

Answer 39

• The shared portion of an object is the API that enables it to interact with other components
• The private portion of an object is how it actually works and performs the requested operations
• The private portion of an object enables data hiding (other objects don’t need to know how the object works)
• Data hiding is provided by encapsulation

Question 40

What is abstraction?

Answer 40

Abstraction is the capability to suppress unnecessary details so the important, inherent properties can be examined and reviewed

Question 41

What does polymorphism mean with respect to OOP?

Answer 41

Polymorphism takes place when different objects respond to the same command, input, or message in different ways.

Question 42

What is data modeling?

Answer 42

Data modeling considers data independently of both the way the data is processed and the components that process the data

Question 43

What is a data structure?

Give examples of different types of data structures

Answer 43

A data structure is a representation of the logical relationship between elements of data

• Examples
  
  • Scalar
  • linked list
  • hierarchical tree

Question 44

What is cohesion?

Answer 44

• Cohesion reflects how many different types of tasks a module can carry out.
• If a module only carries out one tasks or similar tasks, then it has high cohesion.

Question 45

What is coupling?

Answer 45

• Coupling is a measurement that indicates how much interaction one module requires to carry out its tasks
• High (tight coupling) means the module depends on many other modules to carry out its tasks
• Loose coupling means the module doesn’t need to communicate with very many other modules to perform its function

Question 46

Objects should be self-contained and perform a single logical function, which is high __________. Objects should not drastically affect each other, which is low _____________.

Answer 46

cohesion

coupling

Question 47

What is an API – Application Programming Interface?

Answer 47

An API specifies the manner in which a software component interacts with other software components.

Question 48

What is the Distributed Computing Environment (DCE)?

Answer 48

• It’s a set of management services with a communications layer based on RPC
• It is not running much anywhere, but it provided the foundational technologies for technology to follow, such as CORBA, DCOM, J2EE

Question 49

What is CORBA?

Answer 49

CORBA stands for Common Object Request Broker Architecture

Its an OO standard architecture developed by the Object Management Group. Widely used today.

Objects can reside on different platforms and be written in different languages

Question 50

What’s the difference between COM and DCOM?

Answer 50

• COM - Component Object Model allows for interprocess communication within an application or between applications on the same computer system.
• DCOM supports the same model for component interaction and also supports distributed interprocess communication (IPC). DCOM enables appls to access objects that live on different parts of the network.
• DCOM is layered over RPC technology

Question 51

DCOM has largely been replaced by the ________ framework

Answer 51

.Net

Question 52

What does Object Linking and Embedding allow for?

Answer 52

Object Linking and Embedding allows for:

• objects to be embedded into documents
• The capability for one program to call another program is called linking

Question 53

What is the value proposition of Java EE

Answer 53

Java EE defines a client/server model that is object oriented and platform independent.

Similar in goals to DCOM and CORBA

Allows devs to focus on functionality and not the backend plumbing

Question 54

What is SOA?

Answer 54

SOA – Services Oriented Architecture provides a stnadardized access to the most needed services to many different applications at one time.

SOA is a more web-based approach to the goal of distributed computing

Question 55

What’s a mashup?

Answer 55

A mashup is the combination of functionality, data and presentation capabilities of two or more sources to provide some type of new service or functionality.

Question 56

What does SOAP stand for and what is an advantage of it?

Answer 56

SOAP - Simple Object Access Protocol.

An advantage of it is that it uses http or https so it can get through firewalls.

Question 57

What is mobile code and why is it dangerous?

Answer 57

Mobile code that can be transmitted across a network to be executed by a systemm or device on the other end.

It’s fine for things like downloading a file from a web site.

It’s dangerous when it’s used for malicious or compromising actions, especially when the recipient is unaware that it is taking place.

Question 58

What’s a Java Applet?

Answer 58

A java applet is typically a small program written in Java desgined to run in the user’s browser.

Question 59

What are ActiveX Controls?

Answer 59

ActiveX is a Microsoft technology based on COM and DCOM that can be used to create ActiveX controls, which are similar to Java applets and can be executed in the Windows environment

Question 60

What is the key security technology used by ActiveX?

Answer 60

Authenticode.

It’s not perfect

It relies on digital certificates and trusting CA’s.

Question 61

What are the main risks in Java applets and ActiveX controls?

Answer 61

Java has not been able to ensure that all code stays within the sandbox

ActiveX relies on Authenticode which doesn’t necessarily provide security. Users don’t understand and just hit OK.

Microsoft removed ActiveX from its Edge browser.

Question 62

What are five specific threats for Web environments?

Answer 62

• Administrative interfaces
• Authentication and access control
• Input validation
• Parameter validation
• Session Management

Question 63

What are the key characteristics of any type of database system?

Answer 63

• It ensures consistency among the data held in diff servers throughout the network
• Allows for easier backups
• Provides transaction persistence
• Provides recovery and fault tolerance
• Allows sharing of data with multiple users
• Provides security controls that implement integrity checking, access control and the necessary level of confidentiality

Question 64

Name the main database models

Answer 64

• Relational
• Hierarchical
• Network
• Object-oriented
• Object relational

Question 65

What are commonly used implementations of the hierarchical DB model?

Answer 65

• LDAP
• Windows registry

Question 66

How does a network database model work?

Answer 66

It’s like a hierarchical database, but it allows each element to have multiple parent and child relationships.

The network has to do with the relationship between the data elements, not the computer network.

Question 67

What’s different about an Object Oriented database?

Answer 67

• Objects can be created when needed and the data and procedure go with the object when it is requested
• Does not use SQL

Question 68

What’s the point of an object-relational database?

Answer 68

• An object-relational DB is a relational DB with a software front-end that is written in an object oriented programming language

Question 69

What are the key features of an Object Linking and Embedding DB (OLE DB)

Answer 69

• It separates data into components that run as middleware on a client or server.
• It provides a low-level interface to link information across different databases and provides access to data no matter where located or how formatted
• It’s a replacedment for ODBC
• It’s COM based and therefore limited to Microsfot based tools
• A dev accesses OLE DB services through ActiveX Data Objects (ADO)
• It allows different applications to access different types and sources of data

Question 70

What is ActiveX Data Objects (ADO)?

Answer 70

• It’s an API that allows applications to access back-end database systems
• It’s a high level data access programming interface to an underlying data access technology (such as OLE DB)
• It’s a set of COM objects for accessig data sources, not just databases
• it allows a dev to write programs that access data without knowing how the DB was implemented
• SQL commands are not required when using ADO

Question 71

What is the CISSP definition of a data dictionary?

Answer 71

A central collection of data element definitions, schema objects and reference keys.

Question 72

What are the 3 types of integrity services that DBMS’s provide and briefly describe each.

Answer 72

• Semantic integrity – enforcing things like data types, logical values, uniqueness constraints
• Referential integrity – All foreign keys must tie back to primary keys that exist
• Entity integrity – guarantees that records are uniquely identified by primary key values

Question 73

What’s the difference between a savepoint and a checkpont?

Answer 73

• Savepoint - used to make sure that if a system failure occurs, or an error is detected, the database can get back to a known point before the system crashed or hiccupped.
• Checkpoint – similar to savepoints. When a certain amount of memory is filled up a checkpoint is initiated, which saves data from the memory segment to a temp file. Used in case of a glitch

Question 74

Briefly describe the two main database security issues:

• Aggregation
• Inference

Answer 74

• Aggregation is when a user doesn’t have clearance or permission to access specific information, but they can piece together the information they are looking for from the clues in other data that they do have access to
• Inference is the intended result of aggregation. It’s the ability to derive information not explicitly available

Question 75

What’s the difference betwen

• content dependent access control and
• context dependent access control

Answer 75

• Content dependent access control is based on the sensitivity of the data
• Context dependent access control means that the software understands what should be allowed based on the state and sequence of the request
  • Used to protect against inference attacks

Question 76

Briefly describe these techniques that are used to protect against inference attacks:

• Cell suppression
• Partitioning
• Noise and perturbation

Answer 76

• Cell suppression -- hide specific cells that could be used in inference attacks
• Partitioning – by dividing the DB into different parts, it becomes harder for an unauthorized individual to connect the pieces together
• Noise and perturbation –inserting bogus information in the hopes of misdirecting an attacker

Question 77

Database views are a _________ type of access control.

Answer 77

logical

Question 78

What is polyinstantiation and how does it prevent against inference attacks?

Answer 78

• Polyinstantiation allows multiple rows with the same primary key, but distinguished by security level
• Higher security will know that the Oklahoma is shipping weapons from Delaware to Ukraine
• Lower security clearance will see that the Oklahome is shipping food to Africa

By not having access prevented, lower security clearance will not know that something classified is happening

Question 79

What is the CISSP definition of polyinstantiation?

Answer 79

Polyinstantiation is a process of interactively producing more detailed versions of objects by populating variables with different values or other variables. It is often used to prevent inference attacks

Question 80

What does ACID stand for with respect to transaction processing?

Answer 80

• Atomicity – all or nothing
• Consistency - must follow integrity policy
• Isolation - trans execute in isolation until complete and don’t interact with other trans. Results not available until tran is complete
• Durabilty – once tran is verified as accurate it is committed and can’t be rolled back

Question 81

What is the CISSP definition of data mining? How does it relate to metadata?

Answer 81

• Data mining is the process of massaging the data held in the data warehouse into more useful information.
• Metadata is the result of storing data within a data warehouse and mining the data with tools
• Data goes into the warehouse and metadata comes out of the data warehouse.

Question 82

Data mining is also known as ___________.

Answer 82

Knowledge Discovery in a database (KDD)

Question 83

What’s big data and is it the same as data warehousing?

Answer 83

Big data deals with very large data sets with characteristics that make them unsuitable for traditional analysis techniques.

• heterogeneity
• complexity
• variability lack of reliability
• sheer volume

Question 84

Describe the relationship between:

• Big data
• Data warehouses
• Data mining

Answer 84

Big data is stored in specialized systems like data warehouses and is exploited using approaches such as data mining.

The terms are related, but distinct

Question 85

How does a behavior blocker work?

Answer 85

A behavior blocker allows malware to execute, but in a safe environment and it blocks things like:

• scripting email messages to send executable code
• modifying executable logic
• Formatting a hard drive or writing to the boot sector

Question 86

How does heuristic detection work against malware?

Answer 86

Heuristic detection:

• analyzes the overall structure of the malicious code
• evaluates the coded instructions and logic functions
• assesses the likelihood of it being malicious
• Has a “suspiciousness counter”
• Once the threshold is met, the antimalware mechanisms jump into place
• The big value of it is that it can detect new malware. It doesn’t just rely on known signatures

Question 87

Name two anti-malware approaches that can detect new malware (zero day) in contrast to signature based approaches?

Answer 87

• Behavior blocking
• Heuristic detection

Question 88

What is the proper sequence when assessing acquired software?

• Code review
• Assessment of the vendor
• vulnerability test
• penetration test

Question 89

A collection of data from different sources that is targeted at one group or for a specific objective is called a __________________

Answer 89

Datamart

Datamarts are closely tied to data warehouses, but there is a distinct difference. Datamarts are a collection of data from different databases or systems that fulfill a specific need. Data warehouses are a collection of data from different databases or systems that could cover a wide variety of objectives. It is common for datamarts to be subsets of data warehouses.

Question 90

What is a polymorphic virus

Answer 90

A virus that makes copies of itself and changes those copies

A polymorphic virus will reproduce like all viruses, but it will modify its children with the hopes that at least some of the children’s (or copies’) signatures will not be the same as the signature in the antivirus software product. The goal is self-preservation.

Question 91

What type of security mechanism is used in ActiveX?

Answer 91

Digital signature

ActiveX controls are software components and are digitally signed to prove where they came from and who developed them. ActiveX is platform dependent, meaning it runs only on Windows-based systems, and language independent, meaning the controls can be written in any programming language. Java uses bytecode and sandboxes; ActiveX does not.

Question 92

Sending malformed fragmented packets to a computer in order to make it freeze or reboot is what type of attack?

Answer 92

Teardrop

Teardrop attacks take advantage of weaknesses in some computer systems that are not able to handle packets not fragmented properly. Most of today’s systems are no longer vulnerable to this type of attack.

Question 93

How does a Smurf attack work?

Answer 93

A smurf attack involves spoofing the source IP address in a packet header, and then using it to bombard the victim’s network with ICMP ECHO REQUESTs. The victim’s network works as the amplifying network to increase the power of the attack.

Question 94

What is polyinstantiation and what is an example of why it would be used?

Answer 94

Polyinstantiation is when one object is copied and the attributes of the second object are modified. Many times the copy of the object is also assigned a different security classification. This is done so that someone with a top secret clearance, for example, can read the data held within the original object. A person who has a slecret clearance may then only have access to the second object, which has different information. This protects the confidentiality of information at higher levels of security.

As an example, it could be used to allow one object to have two security classifications

Question 95

What is data warehousing according to the CISSP exam?

Answer 95

The act of compiling data from several databases so that the information may be better analyzed is called data warehousing.

Data warehousing is a valuable tool that brings together several databases and compiles the different data into one data warehouse. The data can then be analyzed in different ways, which is called data mining.

Question 96

The formal authorization given by management to allow a system to operate in a specific environment is called __________________.

Answer 96

Accreditation

The accreditation process is the formal management approval of a system and the protection level it provides. Accreditation comes after the certification process.

Question 97

Human reasoning capabilities are built into which one of the following?

Answer 97

Expert systems

Expert systems use artificial intelligence and nonnumeric algorithms to solve complex problems that require human intelligence and intuition to solve. Expert systems can be used to provide intrusion detection capabilities by identifying patterns in network traffic and security logs.

Question 98

Code is released “in the wild” and its intent is to start deleting the data off of hard drives on 04-04-04 at 1:00 P.M. This code is best described as a __________________.

Answer 98

Logic bomb

A logic bomb contains code that performs an action triggered by a specific event or condition.

Question 99

What are aggregation and inference?

Answer 99

Gathering information and constructing private information from available resources

Aggregation is the act of gathering available information from different sources, and inference is putting that data together and figuring out information that is not explicitly available. For example, if a user has access to only four fields in a ten-field database, she might access the data elements in those four fields and infer from that information what is held in one or more of the other six fields.

Question 100

How does ODBC work?

Answer 100

Open Database Connectivity (ODBC) is a standard that allows different types of applications to communicate with different types of databases. The applications send requests to the ODBC and it finds the necessary driver and sends the request to the database.

Question 101

Bryce is working diligently on coding a software product. One day as he is nearing completion and ready for testing, the software development project manager brings over another programmer, Danielle, to his desk. The project manager asks Bryce to walk Danielle through the coding so that she will fully understand how it was designed and implemented. What software development principle has the project manager just enacted?

Answer 101

Split knowledge procedures

Split knowledge procedures ensure that no one person possesses all the necessary steps for carrying out important tasks. It is a way of spreading the knowledge. A company is at risk if it relies too heavily on one employee for critical functions.

Question 102

In the context of things an app developer might do?

How is a trap door?

What is an easter egg ?

Answer 102

This type of trapdoor is usually invoked by a series of keystrokes or commands that will allow the programmer easy access to the program at a later date.

Easter eggs are typically harmless code within programs that developers insert into the program for the sake of entertaining curious geeks. A trapdoor may also be called a maintenance hook.

Question 103

Which software development model is not just focused on developing (or even just using) open source software, but also focused on being part of the open-source software movement by developing it, using it and actively participating in the community?

Answer 103

OSMM

For organizations that embrace open source software, the Open Source Maturity Model (OMSM) allows them to measure and improve the effectiveness of their processes. The focus is on both developing open source software and being part of the open-source software movement by developing it, using it and actively participating in the community.

Question 104

Which of the following is the electronic model based on the neural structure of the brain?

Answer 104

ANN

Artificial neural network (ANN) is a computer network that mimics the functionality of the brain. It has units that mimic neurons and that attempt to simulate thought so that it can learn from different experiences. The more that the ANN can learn, the better results it can present to the users of the system.

Question 105

What are viruses in public networks referred to as?

Answer 105

In the wild

A slang term for viruses being sent to a public network is “in the wild.” Just as wild animals are more dangerous than animals confined to a zoo, viruses on public networks are more dangerous than viruses “in the zoo,” or in controlled environments.

Question 106

Which of the following is a systematic approach to deliberately regulating the changing nature of projects, including software development, that takes into account not just the technical issues, but also resources (like people and money), project lifecycle, and even organizational climate?

Answer 106

Change management

Change management is a systematic approach to deliberately regulating the changing nature of projects, including software development projects. It is a management process that takes into account technical issues, resources (like people and money), project lifecycle, and organizational climate.

Question 107

The act of two different objects responding to the same command in different ways is called __________________.

Answer 107

Polymorphism

Polymorphism exists within object-oriented programming applications. Objects are derived from different classes which make them respond differently to commands. So, when two objects, each in a different class, are presented with the same command, their class properties tell them how to respond. When they respond differently to the same command it is called polymorphism.

The objects could come from the same class but inherit behaviors for different sub-classes.

Question 108

Expert systems are built to provide human-type logic. One component of an expert system is its “if/then” logic. What is “if/then” logic called?

Answer 108

Rule-based programming

Rule-based programming is the basis for expert systems. A list of “if/then” statements is supplied to the system and it uses an inference engine to identify patterns and establish rules for the computer to follow.

Question 109

Your company has several applications that rely on each other for information and processes. Several of the systems use different programming languages, so each has adhered to a CORBA framework. When one system sends a request to an object on another system, what component does the request actually go to?

Answer 109

ORB

Platforms using the CORBA standards use object request brokers (ORBs) to allow two systems with different languages to communicate with one another. So, when one application sends a request to another application, the message first goes to the ORB. The ORB is responsible for knowing the location of the other application and sending the request to it.

Question 110

Which of the following describes a SYN attack?

Answer 110

Overwhelming a computer by sending multiple communication requests

SYN attacks use up system resources by sending multiple communication requests to a computer until it can no longer process future communication requests. This is one example of a denial-of-service attack.

Question 111

Which of the following is used in web sites as a way to respond dynamically to inputted data?

Answer 111

CGI

Common Gateway Interface (CGI) is used in web sites that require a user to input information. CGI scripts or executables are used to translate, respond to request, build a new web page, and then send it to the user. The user is then presented with data based on her request.

Question 112

CASE tool

Which of the following can provide rapid prototyping of programs, as well as debugging, code analyzing, and version controlling functions?

Answer 112

Computer-aided software engineering (CASE) tools are useful to software developers by providing automation and increased speed of development procedures. CASE tools usually aid individuals by performing the redundant tasks that programmers, project managers, or analysts have to perform for each project.

Question 113

Is penetration testing a method used to assess the security impact of acquired software?

Answer 113

No

While penetration testing is an effective means of determining if vulnerabilities can be exploited, it does not examine the overall security impact of acquired software in terms of risk to the organization.

Question 114

Which of the following is the best definition of a pseudo-flaw?

Answer 114

A pseudo-flaw is code inserted into an application or operating system with the sole purpose of trapping intruders who break into these systems.

Question 115

Malware that is embedded within a program and executes harmful actions behind the scenes while the victim believes the program is operating normally is called what?

Answer 115

Trojan horse

Trojan horses are common attack methods used to spread malware. Once planted on a user’s machine, they act in complete disguise. As a program is initiated, the Trojan horse begins to work, but the power in the malware is that it goes unsuspected by the user.

Question 116

A fraud analyst with a national insurance company uses database tools every day to help identify violations. These tools help identify relationships between a wide variety of information types. What kind of Knowledge Discovery in Database (KDD) is this considered?

Answer 116

Statistical

Data mining is also known as Knowledge Discovery in Database (KDD), which are techniques of identifying valid and useful patterns. Different types of data can have various interrelationships and the methods used depends on the type of data and patterns that are sought after. The following are three approaches used in KDD systems to uncover these patterns:

• Classification — Data is grouped together according to shared similarities.

• Probabilistic — Data interdependencies are identified and probabilities are applied to their relationships.

• Statistical — Identifies relationships between data elements and uses rule discovery.

Question 117

Which of the following is not an example of “mobile code?”

Answer 117

CGI

Mobile code is small programs that can be transmitted as an e-mail attachment or by downloading from different web sites. Java applets, ActiveX, and active scripts are all considered mobile code.

CGI is unrelated to mobile code, but instead is a web server interface technology.

Question 118

Which of the following maturity models is based on how effective an organization is in integrating its development and operations teams?

Answer 118

DevOps

Another way to think of an organization’s maturity (at least in terms of software development) is to consider how effective it is at integrating its development and operations teams (DevOps). This model is noteworthy in that it focuses on culture and people in addition to development and business issues.

Question 119

Give three examples of timing attacks.

Answer 119

Line disconnect

Between the lines

NAK attack

Question 120

In relational databases there are several different terms used to describe the different components of the database. What is a tuple?

Answer 120

A tuple is a database term for a row. It is defined as a row in a relational database model representing a relationship among a set of values.

Question 121

Which of the following is the most critical component for systems that will provide integrity?

Answer 121

System design

Trusted paths, data classifications, and possible Trojan horse vulnerabilities are part of the actual design of a system. The design of a system determines the level of integrity, confidentiality, and overall protection that the system can actually provide.

Question 122

What’s a Smurf attack?

Answer 122

A smurf attack is when an attacker spoofs an ICMP broadcast packet and sends them to a network. This ICMP broadcast is sent to all systems on the network segment where the victim is located, and all nodes respond to the source address within the packet, which is the victim. This results in a DoS attack and can bring down the victim’s system. The amplifying network is all the systems on the victim’s local network segment.

Question 123

Which of the following best describes the differences between object-oriented databases and relational databases?

Answer 123

Object-oriented databases are more dynamic than relational databases and the objects contain the procedures within them.

An object-oriented database is more dynamic in nature when compared to a relational database because objects can be created when needed and the data and procedure go with the object when it is requested.

In a relational database an application uses its procedures to obtain data from the database; the database does not actually provide procedures as object-oriented databases do.

The object-oriented database has classes to define the attributes and procedures of its objects.

Question 124

Which of the following best describes the reason for an EICAR test?

Answer 124

To test antivirus software detection and alerting configurations

An EICAR test is used to test the configurations of an antivirus software package. Most antivirus products come with a benign file that the product will identify as a virus, the administrator can verify that the correct configurations have been made to treat the virus as needed, and the product will properly carry out some type of notification.

Question 125

What are the genrations of computer languages?

Answer 125

• One — Machine language
• Two — Assembly language
• Three — High-level language
• Four — Very high-level language
• Five — Artificial intelligence and natural language

Question 126

What’s the difference between a worm and a virus?

Answer 126

Worms are self-contained programs, meaning they can operate independently.

Viruses, on the other hand, require some type of application for reproduction.

Worms reproduce by themselves while residing on a victim’s computer.

Question 127

What is the goal of data or information hiding in object-oriented programming?

Answer 127

In object-oriented programming, objects have a clear set of interfaces that other objects interact with. The other objects only need to know how to communicate to these interfaces, which reduces the complexity. This means that objects do not need to know or understand how another object works internally to be able to communicate with it.

Question 128

What is put into place to ensure that a primary key does not contain a null value?

Answer 128

Entity integrity

Entity integrity is a rule in relational databases that dictates that each row must contain a unique primary key and that the primary key does not point to a null value.

Question 129

What’s the difference between a covert channel and an overt channel?

Answer 129

Covert channels are ways that attackers can allow processes to use items for communication. The items were not developed to be used for communication purposes in this way.

A covert channel is the act of using an unintended communication path to send and receive messages.

An overt channel is using a communication path that was intended for communication.

Question 130

Which of the following is used with HTTP connections to help identify and remember users?

Answer 130

Cookies

HTTP is not a stateful protocol, meaning that it cannot remember individual users or connections. Cookies can be used to keep state on connections and are often used on web sites and for electronic transactions. Cookies may be persistent, meaning they stay on the user’s hard drive, or may be dynamic and session-oriented, meaning they are destroyed when a session ends. If cookies store sensitive data, their contents should be encrypted.

Question 131

Which of the following is a type of artificial intelligence that has the ability to learn through different scenarios and uses decision-making procedures during its computation of inputted data?

Answer 131

Neural networks

Neural networks are created to mimic the way human brains think, learn, and deal with different situations and data. They are put through different scenarios and the data inputted into the systems are weighted depending upon importance.

Expert systems use knowledge bases with inference engines to identify patterns and relationships between different types of data, but they cannot learn through experience.

Question 132

What does Acid stand for with respect to transaction processing?

Answer 132

• Atomicity - Divides transactions into units of work and ensures that either all modifications take effect or none take effect. The changes are either committed or the database is rolled back.
• Consistency — A transaction must follow the integrity policy developed for that particular database and ensure that all data is consistent in the different databases.
• Isolation — Transactions execute in isolation until completed, without interacting with other transactions. The results of the modification are not available until the transaction is completed.
• Durability — Once the transaction is verified as accurate on all systems it is committed and the databases cannot be rolled back.

Question 133

What is the cleanroom development model

Answer 133

The cleanroom development model is used to create critical applications. Strict testing procedures are followed throughout this approach to ensure no mistakes are made. This model is used to provide a very high quality product.

Question 134

Which of the following best describes the Capability Maturity Model (CMM)?

Answer 134

It improves software quality, reduces the life cycle of development, and provides better project management capabilities.

Capability Maturity Model (CMM) describes procedures, principles, and practices that underline software process maturity. This model was developed to help software vendors improve their development processes by providing an evolutionary path from an ad hoc, “fly by the seat of your pants,” approach to a more disciplined and repeatable approach that improves software quality, reduces the life cycle of development, provides better project management capabilities, allows for milestones to be created and met in a timely manner, and takes a more proactive approach versus the less effective reactive approach.

Question 135

Which of the following is true of data warehouses?

Answer 135

They combine data from several databases in a useful way to provide better analysis.

Data warehouses combine and process data from multiple databases and data sources and present the information in useful ways for analytical and reporting needs. Data is normalized, meaning redundancies are stripped out, and then the data is usually mined to uncover relationships and patterns.

Question 136

What is Fraggle?

Answer 136

Fraggle is an attack similar to smurf, but instead of using ICMP, it uses User Datagram Protocol (UDP) as its transport protocol. The attacker broadcasts a spoofed UDP packet to the amplifying network, which in turn replies to the victim’s system. The larger the amplifying network, the larger the amount of traffic that is pointed at the victim’s system.

Question 137

As part of a software development team, Darren and Denise are asked to identify the security objectives of the product and to perform an initial risk analysis. What phase of the software life cycle are they working on?

Answer 137

Project initiation

Question 138

What happens in project initiation?

Answer 138

The first phase of a project life cycle is the project initiation phase. The following steps are commonly executed in this phase:

• Decide on the definition or scope of the project. • Perform an initial risk analysis. • Assess threats and countermeasures. • Determine security objectives of the product that will be developed.

Question 139

What is air gapping and how is it used in the SW development process?

Answer 139

An air gap, air wall or air gapping is a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network. It means a computer or network has no network interfaces connected to other networks, with a physical or conceptual air gap, analogous to the air gap used in plumbing to maintain water quality.

Air gapping the development, test, and production environments ensures that code is protected and separated from the different stages of development.

Question 140

What are three main components of an expert system?

Answer 140

Expert systems use:

• Knowledge bases, which is a large amount of data extracted from experts within a specific field.
• Inference engines, which create metadata from the data held within the knowledge base.
• Rule-based programming, which is made up of “if/then” statements. A knowledge base engineer and subject matter expert work to fill the knowledge base with the necessary information that will be called upon by future users.

Question 141

Is the review of customer requirements normally done during project initiation?

Answer 141

No.

Reviewing customer requirements is a task completed in the second phase of software development—the functional design analysis and planning phase.

Project initiation is the formal introduction of the project to all participating parties. The entire scope of the effort is overviewed and an initial risk analysis is performed.

Customer’s requirements are more granular issues than what is required in the first phase.

Question 142

A computer being used in an attack such as distributed denial-of-service without the owner’s knowledge is called what?

Answer 142

Zombie

Question 143

A virus that affects both a boot record and files in a directory is called ___________.

Why is it so dangerous?

Answer 143

A multipartite virus

A multipartite virus can be very damaging to a network and users. Because it goes after boot records and system files, it can be more destructive, affecting more areas of a system.

Question 144

Distributed applications can be written in Java. Which of the following describes the Java structural design used for developing these types of applications?

Answer 144

EJB dictates the interfaces that have to be implemented to allow different applications to communicate in a distributed environment.

Enterprise JavaBeans (EJB) is a structural design for the development and implementation of distributed applications written in Java. EJB provides interfaces and methods to allow different applications to communicate across a networked environment.

Question 145

In which phase of software development are security requirements defined?

Answer 145

Security requirements should be defined during the functional design analysis and planning phase of software development. This phase should result in a formalized, functional baseline which includes security tasks, test plans, and checkpoints.

Question 146

A processor can work in different modes. If it is working in “supervisor” mode, what does that mean?

Answer 146

It has access to privileged and non-privileged instructions.

A processor can be executing applications in user mode, a lower privilege mode than supervisory mode (also called privileged mode). The processor will execute instructions in this mode to ensure that rogue code does not access sensitive and critical system resources.

A processor can execute in supervisory mode. This usually takes place when a process of high system privilege sends a request to the processor. If the processor is in supervisory mode it has access to user-level (non-privileged) and supervisor (privileged) code.

Question 147

What uses GUIDs to keep track of different objects?

Answer 147

DCOM

Distributed Component Object Model (DCOM) is an architecture that allows objects within the different systems to communicate. It uses globally unique identifiers (GUIDs) to keep track of objects.

Question 148

Each of the following is a major element in securing development platforms except:

Answer 148

Security of test environment

The three critical elements of securing the development process include securing development platforms, securing the code repositories, and ensuring solid software configurations. A test environment may not need to be as secure as other environments, such as development or production.

Question 149

A virus is planted within a drafting program on a user’s machine. When the user clicks “save,” the program instead deletes all the files on the hard drive. This is an example of what?

Answer 149

Logic bomb

Logic bombs are types of malware that rely on some action by the user. In this instance, the action is the user trying to save the file. The logic bomb overrides the command and institutes a new set of instructions, which in this case, is to delete all files on the hard drive.

Question 150

There are several different terms within object-oriented programming which describes the type of objects and their activities. What does polyinstantiation mean

Answer 150

A mechanism used to take a copy of an object and repopulate it with different data or modify its characteristics in some way

Polyinstantiation is an access control used mainly in databases to allow multiple rows to be tied to one primary key. Data can then be accessed in different ways and by different levels of users.

Question 151

The Capability Maturity Model (CMM) has five maturity levels that can be assigned to software development companies after a certification process. Which of the following lists the correct five levels?

Answer 151

1. Initial — Development process is ad hoc or even chaotic. The company does not use effective management procedures and plans. No assurance of consistency and quality is unpredictable.
2. Repeatable — A formal management structure, change control, and quality assurance is in place. The company can properly repeat processes throughout each project. The company does not have a formal process model defined.
3. Defined — Formal procedures are in place that outline and define the processes carried out in each project. The organization has a way to allow for quantitative process improvement.
4. Managed — The company has formal processes in place to collect and analyze qualitative data and metrics are defined and fed into the process improvement program.
5. Optimizing — The company has budgeted and integrated plans for continuous process improvement.

Question 152

System functionality is broken down into a more detailed level at what phase of software development?

Answer 152

Design specifications

The system design specifications phase involves mapping components and procedures at a more granular level. The design phase provides a higher-level look and analysis of the project and product.

Question 153

Computer programs that are based on human logic by using “if/then” statements and inference engines are called __________________.

Answer 153

Expert systems are built on the foundation of human logic. The programs use a knowledge base that is filled with information from subject matter experts. The decision-making process involves “if/then” statements and an inference engine.

Question 154

During which phase of the software development life cycle should attack surface analysis and threat modeling be performed?

Answer 154

Design

During the design phase, both attack surface analysis and threat modeling are used to further assess the security impact of developed software

Question 155

What is the product of data mining?

Answer 155

Data mining helps to identify unusual or hidden patterns and relationships within databases. The results are represented to the user in a form called metadata. Metadata is data about data.

Question 156

Before George rolls out the new antivirus software product to all 30,000 systems, he needs to test its configurations and reactions to identified viruses. What type of test will George carry out?

Answer 156

EICAR test

An EICAR test is done with antivirus software by introducing a benign virus to test detection and reaction activities of the software.

Question 157

Which software development model focuses on the business issues surrounding the development of software products, such as market conditions, product lines and portfolios, and partnering agreements?

Answer 157

SPMMM

The Software Product Management Maturity Mod (SPMMM) focuses on the business issues surrounding the development of software products. For example, it considers issues like market conditions, product lines and portfolios, and partnering agreements.

Question 158

Which of the following tasks does not happen during the acceptance testing/implementation phase of the software development life cycle?

Answer 158

Product is used within the intended environment.

The product is not actually used in a production environment until the life cycle reaches the operations/maintenance phase. The acceptance testing/implementation phase leads to this next level, but certain tasks must be completed before the product can be used. Testing, certifying, and integration tasks must all be completed first to ensure the product functions properly and coexists with other network devices and software successfully.

Question 159

Polyinstantiation is a technique used in databases to thwart what type of threat?

Answer 159

Inference

Polyinstantiation means that a copy of an object is made and the characteristics of the second object are modified in some way. Within databases this technique can be used to allow more than one row to contain the same primary key.

The different rows contain data that resides at different security levels, thus the different rows have different classifications. This way when a subject accesses the database, only the row that matches his security clearance will be available. If this technique was not used when a subject attempted to access a row above his clearance, he would be told that the data is unavailable or that the he did not have the security rights to view it. This would allow low-level users to infer the existence of highly classified information.

Question 160

The artificial neural network (ANN) both attempts to mimic and is based on which of the following?

Answer 160

The human brain

Artificial neural networks (ANN) are built on the functionality of the human brain. The objective of the model is to allow systems to recognize patterns and learn from different situations. ANN uses small units that mimic human neurons. These are used to communicate with transmitters, which is how the learning process is carried out.

Question 161

What portion of the change management process allows developers to prioritize tasks?

Answer 161

Request control

The request control provides users with a framework to request changes and developers with the opportunity to prioritize those requests.

Question 162

What software development model uses a seven-stage approach with a feedback loop that allows progress one step backward?

Answer 162

Waterfall

The waterfall model uses a seven-stage approach to software development and includes a feedback loop that allows development to return to the previous phase to correct defects discovered during the subsequent phase.

Question 163

What form of access control is concerned primarily with the data stored by a field?

Answer 163

Content-dependent

Question 164

Which one of the following key types is used to enforce referential integrity between database tables?

Answer 164

Foreign keys are used to enforce referential integrity constraints between tables that participate in a relationship.

Question 165

What type of information is used to form the basis of an expert system’s decision-making process?

Answer 165

Expert systems use a knowledge base consisting of a series of “if/then” statements to form decisions based on the previous experience of human experts.

Question 166

Which of the following acts as a proxy between an application and a database to support interaction and simplify the work of programmers?

Answer 166

ODBC acts as a proxy between applications and the backend DBMS.

Question 167

Which database security risk occurs when data from a higher classification level is mixed with data from a lower classification level?

Answer 167

Contamination

Contamination is the mixing of data from a higher classification level and/or need-to-know requirement with data from a lower classification level and/or need-to-know requirement.

Question 168

Q. 18 Which one of the following is not part of the change management process?

Answer 168

Configuration audit

Configuration audit is part of the configuration management process rather than the change control process.

Question 169

What is the difference between cardinality and degree with respect to a DB table?

Answer 169

The cardinality of a table refers to the number of rows in the table

while the degree of a table is the number of columns.

Question 170

What does APT stand for?

Which technique is most closely associated with APT attacks?

Answer 170

APT - Advanced Persistant Threat

Advanced persistent threats(APT) are most closely associated with zero-day attacks.

Question 171

What does LastPass do?

Answer 171

LastPass is a tool that allows users to create unique, strong passwords for each service they use without the burden of memorizing them all.

Question 172

What character should always be treated carefully when encountered as user input on a web form?

Answer 172

The single quote character (‘) is used in SQL queries and must be handled carefully on web forms to protect against SQL injection attacks.

Question 173

What database technology, if implemented for web forms, can limit the potential for SQL injection attacks?

Answer 173

Stored procedures

Developers of web applications should leverage database stored procedures to limit the application’s ability to execute arbitrary code. With stored procedures, the SQL statement resides on the database server and may only be modified by database administrators.

Question 174

What condition is necessary on a web page for it to be used in a cross-site scripting attack?

Answer 174

Reflected Input

Cross-site scripting attacks are successful only against web applications that include reflected input.

Reflected Input Example - a simple web application that contains a single text box asking a user to enter their name. When the user clicks Submit, the web application loads a new page that says, “Hello, name.”

Question 175

What is the most effective defense against cross-site scripting attacks?

Answer 175

Input validation

nput validation prevents cross-site scripting attacks by limiting user input to a predefined range. This prevents the attacker from including the HTML

 tag in the input.</p>

Question 176

Ben’s system was infected by malicious code that modified the operating system to allow the malicious code author to gain access to his files. What type of exploit did this attacker engage in?

Answer 176

Back door

Back doors are undocumented command sequences that allow individuals with knowledge of the back door to bypass normal access restrictions.

Question 177

What HTML tag is often used as part of a cross-site scripting (XSS) attack?

Answer 177

The

 tag is used to indicate the beginning of an executable client-side script and is used in reflected input to create a cross-site scripting attack.</p>

Question 178

What are the definitions of

• Request Control
• Change Control
• Release Control
• Configuration Control

Question 179

What’s the difference between Cross Site Scripting and Cross Site Forgery?

Answer 179

• Cross-site scripting uses reflected input to trick a user’s browser into executing untrusted code from a trusted site.
• Cross-site request forgery (XSRF or CSRF) attacks exploit the trust that sites have in a user’s browser by attempting to force the submission of authenticated requests to third-party sites.

Question 180

Is reducing the number of threat vectors a goal of threat modeling?

Answer 180

No.

Software threat modeling is designed to reduce the number of security-related design and coding flaws as well as the severity of other flaws. The developer or evaluator of software has no control over the threat environment, because it is external to the organization.

Question 181

What would a log of Windows Firewall look like in the case of a port scan?

Answer 181

The log entries would show the characteristic pattern of a port scan. The attacking system sends connection attempts to the target system against a series of commonly used ports.

Question 182

What type of database security issue exists when a collection of facts has a higher classification than the classification of any of those facts standing alone?

Answer 182

Aggregation

Aggregation is a security issue that arises when a collection of facts has a higher classification than the classification of any of those facts standing alone.

An inference problem occurs when an attacker can pull together pieces of less sensitive information and use them to derive information of greater sensitivity.

Question 183

What are the two types of covert channels that are commonly exploited by attackers seeking to surreptitiously exfiltrate information?

Answer 183

Timing and storage

The two major classifications of covert channels are timing and storage. A covert timing channel conveys information by altering the performance of a system component or modifying a resource’s timing in a predictable manner. A covert storage channel conveys information by writing data to a common storage area where another process can read it.

Question 184

Will a database Update command succeed if it does not match any rows?

Answer 184

It will not fail.

Keep this in mind for transactions. There won’t be an update, but the transaction will go on to a subsequent steps and it could complete successfully.

Question 185

Kim is troubleshooting an application firewall that serves as a supplement to the organization’s network and host firewalls and intrusion prevention system, providing added protection against web-based attacks. The issue the organization is experiencing is that the firewall technology suffers somewhat frequent restarts that render it unavailable for 10 minutes at a time. What configuration might Kim consider to maintain availability during that period at the lowest cost to the company?

Answer 185

Fail open

A fail open configuration may be appropriate in this case. In this configuration, the firewall would continue to pass traffic without inspection while it is restarting. This would minimize downtime, and the traffic would still be protected by the other security controls described in the scenario. Failover devices and high availability clusters would indeed increase availability, but at potentially significant expense. Redundant disks would not help in this scenario because no disk failure is described.

Question 186

Do Web Application Firewalls watch for and shut down cross site scripting attacks?

Answer 186

Yes

Question 187

What is a pass around software review?

Answer 187

Pass around reviews are often done via email or using a central code review system, allowing developers to review code asynchronously.

Question 188

What type of requirement specifies what software must do by describing the inputs, behavior, and outputs of software?

Answer 188

Functional requirements

Question 189

What type of attack is demonstrated in the following C programming language example?
int myarray[10];
myarray[10] = 8;

Answer 189

This is an example of a specific type of buffer overflow known as an off-by-one error. The first line of the code defines an array of 10 elements, which would be numbered 0 through 9. The second line of code tries to place a value in the 11th element of the array (remember, array counting begins at 0!), which would cause an overflow.

Question 190

Which one of the following database issues occurs when one transaction writes a value to the database that overwrites a value that was needed by transactions with earlier precedence?

Answer 190

Lost update

Lost updates occur when one transaction writes a value to the database that overwrites a value needed by transactions that have earlier precedence, causing those transactions to read an incorrect value.

Question 191

Which one of the following is the most effective control against session hijacking attacks?

Answer 191

• Transport Layer Security (TLS) provides the most effective defense against session hijacking because it encrypts all traffic between the client and server, preventing the attacker from stealing session credentials.
• Secure Sockets Layer (SSL) also encrypts traffic, but it is vulnerable to attacks against its encryption technology.
• Complex and expiring cookies are a good idea, but they are not sufficient protection against session hijacking.

Question 192

Faith is looking at the /etc/passwd file on a system configured to use shadowed passwords. When she examines a line in the file for a user with interactive login permissions, what should she expect to see in the password field?

Answer 192

x

When a system uses shadowed passwords, the hashed password value is stored in /etc/shadow instead of /etc/passwd. The /etc/passwd file would not contain the password in plaintext or hashed form. Instead, it would contain an x to indicate that the password hash is in the shadow file. The * character is normally used to disable interactive logins to an account.

Question 193

While evaluating a potential security incident, Harry comes across a log entry from a web server request showing that a user entered the following input into a form field:
CARROT’&1=1;–
What type of attack was attempted?

Answer 193

SQL injection

The single quotation mark in the input field is a telltale sign that this is a SQL injection attack. The quotation mark is used to escape outside of the SQL code’s input field, and the text following is used to directly manipulate the SQL command sent from the web application to the database.

Question 194

Is Client-side input validationan an effective control against SQL injection attacks?

Answer 194

No.

Client-side input validation is not an effective control against any type of attack because the attacker can easily bypass the validation by altering the code on the client.

What is effective?

• Escaping restricted characters prevents them from being passed to the database
• Parameterization.
• Limiting database permissions prevents dangerous code from executing.

Question 195

What is an example of a Stealth technique?

Answer 195

Intercepting read requests from the antivirus software and returning a correct-looking version of the infected file.

Question 196

Tomas discovers a line in his application log that appears to correspond with an attempt to conduct a directory traversal attack. He believes the attack was conducted using URL encoding. The line reads:
%252E%252E%252F%252E%252E%252Fetc/passwd

What character is represented by the %252E value?

Answer 196

In URL encoding, the . character is replaced by %252E and the / character is replaced by %252F. You can see this in the log entry, where the expected pattern of ../../ is replaced by %252E%252E%252F%252E%252E%252F.

Question 197

An attacker posted a message to a public discussion forum that contains an embedded malicious script that is not displayed to the user but executes on the user’s system when read. What type of attack is this?

Answer 197

Persistent XSS

Attacks where the malicious user tricks the victim’s web browser into executing a script through the use of a third-party site are known as cross-site scripting (XSS) attacks. This particular attack is a persistent XSS attack because it remains on the discussion forum until an administrator discovers and deletes it, giving it the ability to affect many users.

Question 198

What are the two components of an expert system?

Answer 198

Knowledge bank and inference engine

Question 199

What is a gray box test?

Answer 199

In a gray box test, the tester evaluates the software from a user perspective but has access to the source code as the test is conducted.

Question 200

What are things that comprise the attack surface of an application?

Answer 200

• Input Parameters
• Code
• Supporting infrastructure

Question 201

What are the three major steps of threat modeling?

Answer 201

1. Decomposing the application
2. Determining and ranking threats
3. Determining countermeasures and mitigation

Question 202

What are the phases of the IDEAL model for implementing change?

Answer 202

A. Initiating

B. Diagnosing

C. Establishing

D. Acting

Question 203

Charles is developing a mission-critical application that has a direct impact on human safety. Time and cost are less important than correctly functioning software. Which of the following software development methodologies should he choose given these requirements?

Answer 203

Waterfall

Despite many organizations moving to Agile, DevOps, or other more responsive development methodologies, Waterfall remains a strong contender when clear objectives and stable requirements are combined with a need to prevent flaws and to have a high level of control over the development process and output.

Question 204

At which level of the Software Capability Maturity Model (SW-CMM) does an organization introduce basic life-cycle management processes?

Answer 204

Repeatable

Question 205

What’s the difference between the three main DB concurrency issues:

• Dirty Read
• Lost Update
• Incorrect Summary

Answer 205

• Dirty reads occur when one transaction reads a value from a database that was written by another transaction that did not commit.
• Lost updates occur when one transaction writes a value to the database that overwrites a value needed by transactions that have earlier precedence, causing those transactions to read an incorrect value.
• Incorrect summaries occur when one transaction is using an aggregate function to summarize data stored in a database while a second transaction is making modifications to the database, causing the summary to include incorrect information.

Question 206

What type of virus works by altering the system boot process to redirect the BIOS or UEFI firmware to load malware before the operating system loads?

Answer 206

MBR

A master boot record (MBR) virus redirects the boot process to load malware during the operating system loading process.

Question 207

What attack does code parameterization help with?

Answer 207

Parameterization can help avoid SQL injection.

Note that each parameter has a placeholder, which is then passed to the query.