Exam 3 Leftovers

Question 1

5 steps in SDLC?

Answer 1

Initiate 
Acquire/ Develop
Implement 
Operate/ Maintain 
Dispose

Question 2

In which development stage is code actually written?
Initiate 
Acquire/ Develop
Implement 
Operate/ Maintain 
Dispose

Answer 2

Development

Question 3

Which initiative was developed by Homeland Security?
WASC
BSI
OWASP
ISO

Answer 3

BSI(Build Security In)

Question 4

Which of the following development models includes no formal control mechanisms to provide feedback?
Waterfall
V-Shaped
Build and Fix
Spiral

Answer 4

Build and Fix

Question 5

Which language type delivers instructions directly to the processor?
Assembly languages
High-level languages
Machine languages 
Natural languages

Answer 5

Machine languages

Question 6

Which term describes how many different tasks a module can carry out?
Polymorphism 
Cohesion 
Coupling
Data structures

Answer 6

Cohesion

Question 7

Which term describes a standard for communication between processes on the same computer?
COBRA
DCOM
COM
SOA

Answer 7

COM(component Object Model)

Question 8

Which of the following is a Microsoft technology?
ActiveX
Java
SOA
COBRA

Answer 8

ActiveX

Question 9

Which of the following is the dividing line between the trusted parts of the system and those that are untrusted?
Security perimeter 
Reference monitor 
Trusted Computer Base
Security Kernel

Answer 9

Security Perimeter

Question 10

Which of the following is a system component that enforces access controls on an object?
Security perimeter 
Reference monitor 
Trusted Computer Base
Security Kernel

Answer 10

Reference monitor

Question 11

Which of the following ensures that the customer(internal or external) is satisfied with the functionality of the software?
Integration testing 
Acceptance testing
Regression testing
Accreditation

Answer 11

Acceptance testing

Question 12

In which of the following models is less time spent on the upfront analysis and more emphasis placed on learning from the process feedback and incorporating lessons learned in real time?
Agile
Rapid Application Development 
Cleanroom 
Modified Waterfall

Answer 12

Agile

Question 13

Which of the following software development risk analysis and mitigation strategy guidelines should security professionals follow?(Choose all that apply)
Integrate risk and mitigation in the SDLC
Use qualitative, quantitative, and hybrid risk analysis approaches based on standardized risk analysis methods
Track and manage weaknesses that are discovered throughout risk assessment, change management, and continuous monitoring
Encapsulate data to make it easier to apply the appropriate policies to objects

Answer 13

A,B,C

Question 14

Which of the following are valid guidelines for providing API security?
Use the same security controls for APIs as any web application on the enterprise
Use hash-based message authentication Code
Use encryption when passing static keys
Implement password encryption instead of single key-based authentication

Answer 14

All of em

Question 15

Which of the following is NOT one of the four phases of acquiring software?
Planning
Contracting
Development
Monitoring an accepting

Answer 15

Development