Lecture 6 Flashcards

Data and Application Security

1
Q

______ allows a single user to harness the computing power of one or more remote systems to achieve a single goal.

A. distributed computing
B. centralized computing
C. administered computing

A

A. distributed computing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

This threat attached itself to a legitimate OS, file or application and performs unwanted actions. It spreads through infected media.

A. Trojan
B. Worm
C. Virus

A

C. Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Trojan Horse threat?

A

Malicious code that is disguised as a harmless program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A ____ is a threat that is dormat until a specific trigger

A

logic bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

This type of threat is self-propagating.

A. Trojan
B. Worm
C. Virus

A

B. Worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

______ code objects sent from a server to a client to perform some action. They are self-contained and operate independently of the server.

A

Applets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

_____ is intelligent code objects performing actions on behalf of a user.

A. applet
B. agent
C. COM

A

B. agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The object management group (OMG) created ______. In this model a broker invokes the object to keep details transparent to the client

A

Common Object Request Broker Architecture (CORBA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Microsoft created ____ which allows users to embed components from one app into another

A

Component Object Model (COM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

List the 4 characteristics of a relational database.

A

atomicity
consistency
isolation
durability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

____ is where all or none of the instructions in a transaction are executed.

A. atomicity
B. consistency
C. isolation
D. durability

A

A. atomicity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

_____ is where all transactions must follow the database rules.

A. atomicity
B. consistency
C. isolation
D. durability

A

B. consistency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

_____ means that all transactions must operate independently.

A. atomicity
B. consistency
C. isolation
D. durability

A

C. isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

_____ ensures that transactions committed to the database are preserved.

A. atomicity
B. consistency
C. isolation
D. durability

A

D. durability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In database a ____ is a SQL statement used to present data to a user as if it were a table. It can be used as a security tool.

A

View

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A ______ is an interface for applications to communicate with different databases.

A

Open Database Connectivity (ODBC)

17
Q

The collection of numerous non-sensitive items combined to derive more sensitive information.

A. Combination
B. Sniffing
C. Aggregation
D. Inference

A

C. Aggregation

18
Q

Combining several pieces of information to gain access to information that should be classified at a higher level.

A. Combination
B. Sniffing
C. Aggregation
D. Inference

A

A. Combination
B. Sniffing
C. Aggregation
D. Inference

19
Q

What is a data warehouse?

A

storage of large amounts of information from a variety of databases for use with specialized analysis techniques

20
Q

A ____ channel is the transmission of sensitive data that shouldn’t exist/not documented.

A

covert

21
Q

____ procedures ensure that security controls are properly implemented throughout the lifecycle of the system.

A

Assurance

22
Q

What is a limit check?

A

It limits the type, format, length, or range of input information.

23
Q

The ____ SDLC model is a series of iterative steps. Each phase is completed before the next begins.

A. Spiral
B. Waterfall
C. IDEAL
D. Agile

A

B. Waterfall

24
Q

The ____ SDLC model allows for multiple iterations of an iterative style process.

A. Spiral
B. Waterfall
C. IDEAL
D. Agile

A

A. Spiral

25
Q

The ____ SDLC model is a process of quickly developing software to make is available quicker.

A. Spiral
B. Waterfall
C. IDEAL
D. Agile

A

D. Agile

26
Q

The ____ SDLC mode has 5 phases: Initializing, Diagnosing, Establishing, Acting, Learning.

A. Spiral
B. Waterfall
C. IDEAL
D. Agile

A

C. IDEAL

27
Q

_____ is the process of controlling the versions of software used throughout the environment and tracks changes to software configurations.

A

configuration management

28
Q

This testing examines the internal logical structures of a program and steps through the code line by line, analyzing the program for potential errors.

A. Gray-box testing
B. Black-box testing
C. White-box testing

A

C. White-box testing

29
Q

This testing is where a tester has access to the source code but does not analyze the inner workings of the program.
A. Gray-box testing
B. Black-box testing
C. White-box testing

A

A. Gray-box testing

30
Q

In this testing there is no access to the internal code. The output is inspected.

A. Gray-box testing
B. Black-box testing
C. White-box testing

A

B. Black-box testing

31
Q

_____ mechanisms ensure that each process has its own isolated memory space for storage of data and execution of application code

A

process isolation

32
Q

______ is a technique that implements process isolation at the hardware level by enforcing memory access constraints

A

hardware segmentation

33
Q

_____ is where the details of performing activities is hidden from the user.

A

Abstraction

34
Q

Systems are authorized to process information at more than one security level even when not all users have clearance for all information processed by the system

A. Dedicated security mode
B. System-high security mode
C. Compartmented security mode
D. Multilevel security mode

A

D. Multilevel security mode

35
Q

System are authorized to process only information that all users are cleared for

A. Dedicated security mode
B. System-high security mode
C. Compartmented security mode
D. Multilevel security mode

A

B. System-high security mode