Section 2.3 Secure Application development, deployment, and automation concepts

Question 1

What do you call the ability to add, remove, or reconfigure hardware and software resources to handle an increase in usage. Requires manual intervention

Answer 1

Scalability

Question 2

What do you call automatically scaling resources up or down to meet user demands. Completely automatic

Answer 2

Elasticity

Question 3

What SDLC method goes through each step one by one until they are completed?

Answer 3

Waterfall method

Question 4

Developers use ____________ to make sure an application does not contain security issues and is resistant to application errors and crashes.

Answer 4

Secure Coding Concepts

Question 5

What do you call a nonprofit foundation that works to improve the security of software?

Answer 5

OWASP

Question 6

What does OWASP stand for?

Answer 6

Open Web Application Security Project

Question 7

Who produces a top 10 vulnerabilities list that has the most common vulnerabilities, how they are exploited, and how to prevent them?

Answer 7

OWASP

Question 8

What brings together management, development, and operations groups to swiftly release software into production

Answer 8

DevOps

Question 9

What do you call infrastructure that can not be changed once it is placed?

Answer 9

Immutable Infrastructure

Question 10

What tools check the various courses of action within the code, validate inputs, and plays a role in integration, delivery, deployment, and monitoring while providing reporting and analytics?

Answer 10

Automation/Scripting Tools

Question 11

What do you call the surrounding infrastructure that supports software applications?

Answer 11

Data Center

Question 12

What manages and provisions data centers through machine readable files to support software and user requirements?

Answer 12

Infrastructure as Code

Question 13

What control keeps multiple developers from overwriting changes that were written by other developers?

Answer 13

Version Control

Question 14

What ensures everyone associated with a software change understands what changes will be made, when they will be made, and any 2nd or 3rd order effects?

Answer 14

Change Management

Question 15

What refers to the process of coding applications to accept only certain valid input for user-entered fields?

Answer 15

Input Validation

Question 16

What concept recognizes specific types of command characters and parses them as simple data rather than executing the text as a command?

Answer 16

Escaping

Question 17

What is the practice of using either predetermined processes or synthetic processes to create diversity within the software development process?

Answer 17

Software diversity

Question 18

What analysis is conducted by executing software on a real or virtual processer, with inputs to allow the tester to determine how the software will behave in a potentially negative environment?

Answer 18

Dynamic code analysis

Question 19

What dynamic technique enters random data into application fields to see how the software program reacts to test for input validation and exception handling?

Answer 19

Fuzzing

Question 20

What analysis is performed without executing the code, but uses either an automated tool or manual reviewing?

Answer 20

Static code analysis

Question 21

What checks the ability for a piece of software to undergo large amounts of stress or extremely heavy operating loads by pushing the software beyond its normal or best-scenario operating environments?

Answer 21

Stress testing

Question 22

What testing provides key performance indicators of software integrity to help measure how effectively software is developed and how efficiently it is tested prior to deployment?

Answer 22

Integrity Measurement

Question 23

What is largely determined by the OS and programming language environment in use because they can offer varying levels of tools?

Answer 23

Error and Exception Handling

Question 24

What uses up memory resources needed to execute actions associated with applications?

Answer 24

Resource Exhaustion

Question 25

What occurs when you have access permissions or systems of trust between different components of a software application that allow users to pass through unexpectedly and without proper authorization to access another software component?

Answer 25

Transitive Access

Question 26

Which type of validation responds to users quicker but the client must have compatible software with the server?

Answer 26

Client-side validation

Question 27

Which type of validation is more compatible but responds slower and is safer because the application code isn’t shared?

Answer 27

Server Side validation

Question 28

What is prevented by verifying a request came from an authorized user by requiring a second identifying value saved saved in a cookie to authenticate an authorized session?

Answer 28

CSRF

Question 29

What is CSRF

Answer 29

Client Side Request Forgery

Question 30

What do you call the use of existing source code for a new purpose?

Answer 30

Code Reuse

Question 31

What is a SDK?

Answer 31

Software Development Kit

Question 32

What entails using a certificate to digitally sign executables and scripts to confirm that the software was developed by the appropriate author?

Answer 32

Code Signing

Question 33

What hard codes and shares data?

Answer 33

Data exposure

Question 34

What do you call code that is never used or executed and its removal can cause exceptions or a change in output?

Answer 34

Dead Code

Question 35

What is the design of a database to remove redundancies and improve integrity through simplifying the design?

Answer 35

Normalization

Question 36

What are saved subroutines that can be used within applications accessing databases?

Answer 36

Stored Procedures

Question 37

In what environment is software developed? Often done in a sandbox.

Answer 37

Development (DEV)

Question 38

In what environment is software tested, either in a static or dynamic manner?

Answer 38

Testing (TEST)

Question 39

What environment is built for iterative testing to assure new code does not have negative impacts on the funtionality?

Answer 39

Quality Control/Assurance (QC/QA)

Question 40

What environment allows the code to be subjected to final testing before being moved to production?

Answer 40

Staging(STAGING)

Question 41

What is the final, live environment that users get to interact and work with?

Answer 41

Production (PROD)

Question 42

In what environment is the application initially coded, often through multiple iterations?

Answer 42

Development

Question 43

In what environment do the developers integrate all of their work into a single application?

Answer 43

Testing

Question 44

In what environment do we ensure quality assurance before we roll it out to production?

Answer 44

Staging

Question 45

In what environment does the application go live and end users have the support of the IT team?

Answer 45

Production

Question 46

What do you call the process of making an application or service available? May also refer to the lifecycle of designing, preparing, creating, and managing the applications?

Answer 46

Provisioning

Question 47

What process occurs when the application meets its end of life?

Answer 47

Deprovisioning

Question 48

What is the measuring and identification of changes to a system, away from its expected or baseline value?

Answer 48

Integrity Measurement

Question 49

What process ensures that the application performs as it should do and conforms to data industry standards and regulations?

Answer 49

Integrity Measurement

Question 50

Code updates should be _______________ to ensure functionality is intact and no security vulnerabilities exist.

Answer 50

regression tested

Question 51

What is the result of integrity measurement?

Answer 51

A secure baseline configuration

Question 52

The goal of ________ is to reduce and eliminate redundancy to make fewer indexes per table and make searching faster.

Answer 52

Normalization

Question 53

A ___________ is reusable, prepared SQL code.

Answer 53

Stored procedure

Question 54

When apps use ______________, it will provide the required information while ensuring an attack will not be able to modify the code it contains.

Answer 54

Stored procedures

Question 55

What is the process of obscuring source code so that if it was stolen, it could not be interpreted or reverse engineered by the attacker?

Answer 55

Obfuscation/Camouflage

Question 56

What are server-side programming languages?

Answer 56

C# and .NET

Question 57

__________ execution and validation includes databases, application servers, and domain controllers

Answer 57

Server-side/backend

Question 58

What kind of execution and validation happen on the client in the browser?

Answer 58

Client-Side

Question 59

What are the client-side languages?

Answer 59

JavaScript and HTML 5

Question 60

Failure to manage memory in code may result in?

Answer 60

Memory Leaks

Question 61

What is a set of software development tools that a vendor creates to make application development easier?

Answer 61

SDK

Question 62

Sensitive data should be ________to prevent it from being stolen by attackers, and sometimes masked even to the user.

Answer 62

encrypted

Question 63

What do you call creation of software that is different on each user endpoint/device?

Answer 63

Software diversity

Question 64

What do you call the process of testing to make sure that an application is fit for its purpose and fulfills the user’s requirements, and ensures security requirements are met?

Answer 64

Continuous validation

Question 65

What do you call the ability of a system to automatically grow and shrink based on app demand?

Answer 65

Elasticity

Question 66

What do you call the ability of a system to handle growth of users or work?

Answer 66

Scalability