Sample Test Questions Domain 8

Question 1

___ is used when databases are clustered to provide high fault tolerance and performance

Answer 1

Online transaction processing (OLTP)

Question 2

in database design, the ACID test stands for:

Answer 2

Atomicity, Consistency, Isolation, Durability

Question 3

___ in database design refers to dividing transactions into units of work ensuring that all modifications take effect or none take effect

Answer 3

Atomicity

Question 4

___ in database design means that a transaction must follow the integrity policy developed for that particular database and ensure all data is consistent in the different databases

Answer 4

Consistency

Question 5

___ in database design means that transactions execute in isolation until completed, without interacting with other transactions. The results of the modification are not available until the transaction is completed

Answer 5

Isolation

Question 6

___ in database design means that once the transaction is verified as accurate on all systems, it is committed, and the databases cannot be rolled back

Answer 6

Durability

Question 7

In the ___ database model, records and fields are related in a logical tree structure. Parents can have one child, many children, or no children

Answer 7

hierarchical

Question 8

In an ___ database, when an application queries for data, it receives both the data and the procedure

Answer 8

object-oriented

Question 9

___ testing involves testing an individual component in a controlled environment to validate data structure, logic, and boundary conditions

Answer 9

Unit

Question 10

___ development involves the use of independent and standardized modules

Answer 10

Component-based

Question 11

The Java ___ converts the bytecode into machine-level code that the processor on the particular system can understand

Answer 11

Virtual Machine (JVM)

Question 12

___ integrity guarantees that the tuples are uniquely identified by primary key values

Answer 12

Entity

Question 13

The ___ is an XML-based protocol that was created to replace Remote Procedure Calls (RPCs) and allow applications running on different operating systems to exchange information over the Internet

Answer 13

Simple Object Access Protocol (SOAP)

Question 14

HTTP was not designed to work with ___, but SOAP was designed to work with HTTP

Answer 14

Remote Procedure Calls (RPCs)

Question 15

___ is the best first step for developers to take to identify the security controls that should be coded into a software project

Answer 15

Threat modeling

Question 16

___, or persistent XSS vulnerability, is targeted at websites that allow users to input data that is stored in a database or other location, such as a forum or message board. These types of platforms are among the most commonly plagued by XSS vulnerabilities.

Answer 16

second-order vulnerability

Question 17

nonpersistent XSS vulnerabilities, also referred to as ___, occur when an attacker tricks the victim into opening a URL programmed with a rogue script to steal the victim’s sensitive information (such as a cookie)

Answer 17

reflected vulnerabilities

Question 18

in ___ cross-site scripting (XSS) attacks, which are also referred to as local cross-site scripting, document components of websites such as form fields and cookies can be referenced through JavaScript and modified

Answer 18

document object model (DOM)–based

Question 19

___ is the most recent evolution in antimalware detection, it allows suspicious code to execute within the operating system and watches its interactions looking for suspicious activities

Answer 19

Behavior blocking

Question 20

In object-oriented programming objects need to be able to communicate with each other, and this happens by using ___ that are sent to the receiving object’s application program interface (API)

Answer 20

messages

Question 21

in a covert storage channel, processes are able to ___ through some type of storage space on the system

Answer 21

communicate

Question 22

A ___ is used to recover data if there is a system failure or problem during a transaction

Answer 22

checkpoint

Question 23

___ is the international standard that provides guidance to organizations in integrating security to the processes used for managing their applications

Answer 23

ISO/IEC 27034

Question 24

The ___ is a nonprofit organization made up of an international group of experts, industry practitioners, and organizational representatives who produce open-source and widely agreed-upon best-practice security standards for the World Wide Web

Answer 24

Web Application Security Consortium (WASC)

Question 25

___ provides a machine-readable description of the specific operations provided by a specific web service

Answer 25

Web Services Description Language (WSDL)

Question 26

___ provides a method for web services to be registered by service providers and located by service consumers

Answer 26

Universal Description, Discovery and Integration (UDDI)

Question 27

When changes take place to a software product during its development life cycle, a ___ system can be put into place that allows for change control processes to take place through automation.

Answer 27

software configuration management (SCM)

Question 28

a ___ can help ensure that corporate change control policies and procedures are adhered to and should log all code accesses as a detective control as well. But foremost, it can help ensure that code is only ever accessed by an authorized developer

Answer 28

code versioning system (CVS)

Question 29

the best way to ensure that newly acquired software is secure and functional is by ___

Answer 29

black-box testing it in a lab

Question 30

a ___ can manifest as sporadic ICMP traffic both incoming and outgoing

Answer 30

rootkit

Question 31

___ is a systematic approach to deliberately regulating the changing nature of projects.

Answer 31

change management

Question 32

___ is the process of controlling the specific changes that take place during the life cycle of a system.

Answer 32

change control

Question 33

The security posture of ___, ___, and ___ are the three overarching concerns for any software development environment

Answer 33

development platforms;
code repositories;
software configurations