Domain 8 - Software Development Security

Question 1

What do the following steps describe?

1. Requirements
2. Software design
3. Implementation
4. Testing
5. Integration (if there are multiple subsystems)
6. Deployment
7. Maintenance

Answer 1

Waterfall Methodology

Question 2

Requirements and solutions evolve via collaboration between self organizing cross functional teams, that use a process incorporating continuous feedback to successively refine and deliver a software system

Answer 2

Agile, Agile Scrum

Question 3

Takes key aspects of the waterfall model and rapid prototyping methodologies in an effort to combine advantages of top down and bottom up concepts

1. Determine Objectives
2. Identify & Resolve Risk
3. Develop & Test
4. Plan next iteration

Answer 3

Spiral

Question 4

Multi step, iterative process, structured in a methodical way. Used to model or provide a framework for technical and non technical activities to deliver a quality system which meets and/or exceeds expectations

Answer 4

SDLC - Software Development Life Cycle

Question 5

Describe how the system OR software works

Answer 5

NON FUNCTIONAL

Question 6

Describe what the system OR software should do

Answer 6

FUNCTIONAL

Question 7

Main focus of the project managers and stakeholders. Meetings with managers, stake holders and users are held in order to determine the requirements.

Answer 7

Requirements gathering and Analysis

Question 8

True / False

You should NOT test with live production data.

Answer 8

True

You can test with sanitized production data but never live production data

Question 9

True / False

Certification must come before Accreditation. However you can Certify without Accrediting.

Answer 9

True

In order to Accredit, you must certify!

Question 10

These five levels represent what, in regards to Maturity Models?

1. Initial - Process is not standardized
2. Managed - Process is characterized for projects but is often reactive
3. Defined - Process is characterized for the organization and is proactive
4. Quantitatively Managed - process is measured and controlled
5. Optimizing - Focus on process improvement

Answer 10

Five Stages of CMMI

Question 11

Aims at shorter development cycles, increased deployment frequency and more dependable releases, in close alignment with business objectives.

Answer 11

DevOps

Question 12

These five levels represent what, in regards to Maturity Models?

1. Initial - Chaos and Disorganization
2. Repeatable - Life cycle processes are introduced
3. Defined - Formal, documented processes
4. Managed - quantitative measurement and software quality
5. Optimizing - continuous improvement

Answer 12

Five Stages of SW-CMM

Question 13

These five levels represent what, in regards to Maturity Models?

1. Initiating - Requirements gathering and resources
2. Diagnosing - Current state definition and change recommendations
3. Establishing - Plan (s) to address change recommendations
4. Acting - develop, test, refine and implement
5. Learning - continuous improvement

Answer 13

Five Stages of IDEAL

Question 14

Used as a project scheduling tool to calculate standard deviation SD for Risk Assessment

Answer 14

PERT - Program Evaluation Review Technique

Question 15

Also known as “Data Hiding”

Answer 15

Encapsulation

Question 16

What does these steps refer to?

a. Categorize Information System
b. Select Security Controls
c. Implement Security controls
d. Assess Security Controls
e. Authorize Information System
f. Monitor Security Controls

Answer 16

RMF

NIST 800-37R2

Question 17

What do the following represent?

a. Error & Exception handling
b. Code Repos
c. Third party code
d. Code signing

Answer 17

Secure Coding Practices

Question 18

Attribute or set of attributes that uniquely identifies a specific instance of an entity.

Each table in a database must contain a _______ that is unique to that table

Answer 18

Primary Key

Question 19

an attribute that is a unique identifier within a given table.

Answer 19

Candidate Key