Requirements Pt.2 Flashcards
What is the core principle of the OpenSAMM approach?
- Complete testing of code in a minimal amount of time
- Deliver tangible gains in software assurance in iterative steps
- Ensure effective use of previously created modules
- Reduce errors in the requirements gathering process
Deliver tangible gains in software assurance in iterative steps
What is PCI-DSS an example of?
- A internal control matrix
- An external regulation
- An industry standard of good practice
- An international law
An industry standard of good practice
In additon to scope and budget, the term ‘iron triangle’ is often used to describe the problem of changing requirements in relation to which area?
- Technology
- Testing
- Staffing
- Schedule
Schedule
Which is the BEST technique to validate whether documented requirements are accurate?
- Analysis
- Surveys
- Management input
- Observation
Observation
What is the primary goal of SafeCODE?
- Rapid deployment
- Product marketing
- Vendor compliance
- Software assurance
Software assurance
What does the term “Secure State” refer to in regards to data protection?
- Protecting data whenever it is on public networks
- Providing access controls and logging to all data
- Defining appropriate security-related procedures for all data
- Maintaining compliance with policy at all times during the data lifecycle
Maintaining compliance with policy at all times during the data lifecycle
What is a requirement for software that is subject to external requirements or regulations?
- Protect all data from compromise
- Generate logs and accountability
- Mandate restricted access
- Demonstrate compliance
Demonstrate compliance
What is a risk associated with data privacy?
- Authorized access
- Obfuscation of data
- Aggregation of data
- Quantity of data
Aggregation of data
Which of the following standards lists a code of practice for information security management?
- ISO/IEC 27005
- ISO/IEC 27002
- ISO/IEC 27004
- ISO/IEC 27001
ISO/IEC 27002: Code of practice for information security management
What is a common problem with many current software development methodologies?
- Too structured and formal for practical use
- Inability to adapt to changing requirements
- Too much about process and not enough about resource utilization
- Too high level and not enough detail
Inability to adapt to changing requirements
What risk is associated with conducting an anonymous employee survey?
- The risk of incorrect or incomplete data
- The risk of disclosure when dealing with a small population
- The risk of misuse of data to determine employee productivity
- The risk of data loss or deletion
The risk of disclosure when dealing with a small population
Which of the following organizations assists the President in overseeing the preparation of the federal budget and to supervise its administration in Executive Branch agencies?
- OMB
- NIST
- NSA/CSS
- DCAA
NIST
Which of the following individuals inspects whether the security policies, standards, guidelines, and procedures are efficiently performed in accordance with the company’s stated security objectives?
- Information system security professional
- Data owner
- Senior management
- Information system auditor
Information system security professional
or
Senior management
Why would a developer need to know about OWASP?
- To avoid creating software with known vulnerabilities
- To use cryptographic algorithms effectively
- To speed up requirements development
- To ensure better architectural design
To avoid creating software with known vulnerabilities
Which document is used to track all requirements in one central place?
- Configuration Management Database (CMDB)
- Requirements Tracking System (RTS)
- Requirements Traceability Matrix (RTM)
- Change Control Board (CCB)
Requirements Traceability Matrix (RTM)