Sample Test Questions Domain 8 Flashcards
___ is used when databases are clustered to provide high fault tolerance and performance
Online transaction processing (OLTP)
in database design, the ACID test stands for:
Atomicity, Consistency, Isolation, Durability
___ in database design refers to dividing transactions into units of work ensuring that all modifications take effect or none take effect
Atomicity
___ in database design means that a transaction must follow the integrity policy developed for that particular database and ensure all data is consistent in the different databases
Consistency
___ in database design means that transactions execute in isolation until completed, without interacting with other transactions. The results of the modification are not available until the transaction is completed
Isolation
___ in database design means that once the transaction is verified as accurate on all systems, it is committed, and the databases cannot be rolled back
Durability
In the ___ database model, records and fields are related in a logical tree structure. Parents can have one child, many children, or no children
hierarchical
In an ___ database, when an application queries for data, it receives both the data and the procedure
object-oriented
___ testing involves testing an individual component in a controlled environment to validate data structure, logic, and boundary conditions
Unit
___ development involves the use of independent and standardized modules
Component-based
The Java ___ converts the bytecode into machine-level code that the processor on the particular system can understand
Virtual Machine (JVM)
___ integrity guarantees that the tuples are uniquely identified by primary key values
Entity
The ___ is an XML-based protocol that was created to replace Remote Procedure Calls (RPCs) and allow applications running on different operating systems to exchange information over the Internet
Simple Object Access Protocol (SOAP)
HTTP was not designed to work with ___, but SOAP was designed to work with HTTP
Remote Procedure Calls (RPCs)
___ is the best first step for developers to take to identify the security controls that should be coded into a software project
Threat modeling
___, or persistent XSS vulnerability, is targeted at websites that allow users to input data that is stored in a database or other location, such as a forum or message board. These types of platforms are among the most commonly plagued by XSS vulnerabilities.
second-order vulnerability
nonpersistent XSS vulnerabilities, also referred to as ___, occur when an attacker tricks the victim into opening a URL programmed with a rogue script to steal the victim’s sensitive information (such as a cookie)
reflected vulnerabilities
in ___ cross-site scripting (XSS) attacks, which are also referred to as local cross-site scripting, document components of websites such as form fields and cookies can be referenced through JavaScript and modified
document object model (DOM)–based
___ is the most recent evolution in antimalware detection, it allows suspicious code to execute within the operating system and watches its interactions looking for suspicious activities
Behavior blocking
In object-oriented programming objects need to be able to communicate with each other, and this happens by using ___ that are sent to the receiving object’s application program interface (API)
messages
in a covert storage channel, processes are able to ___ through some type of storage space on the system
communicate
A ___ is used to recover data if there is a system failure or problem during a transaction
checkpoint
___ is the international standard that provides guidance to organizations in integrating security to the processes used for managing their applications
ISO/IEC 27034
The ___ is a nonprofit organization made up of an international group of experts, industry practitioners, and organizational representatives who produce open-source and widely agreed-upon best-practice security standards for the World Wide Web
Web Application Security Consortium (WASC)
___ provides a machine-readable description of the specific operations provided by a specific web service
Web Services Description Language (WSDL)
___ provides a method for web services to be registered by service providers and located by service consumers
Universal Description, Discovery and Integration (UDDI)
When changes take place to a software product during its development life cycle, a ___ system can be put into place that allows for change control processes to take place through automation.
software configuration management (SCM)
a ___ can help ensure that corporate change control policies and procedures are adhered to and should log all code accesses as a detective control as well. But foremost, it can help ensure that code is only ever accessed by an authorized developer
code versioning system (CVS)
the best way to ensure that newly acquired software is secure and functional is by ___
black-box testing it in a lab
a ___ can manifest as sporadic ICMP traffic both incoming and outgoing
rootkit
___ is a systematic approach to deliberately regulating the changing nature of projects.
change management
___ is the process of controlling the specific changes that take place during the life cycle of a system.
change control
The security posture of ___, ___, and ___ are the three overarching concerns for any software development environment
development platforms;
code repositories;
software configurations
