Security Assessment and Testing Domain Flashcards

1
Q

A design that allows one to peek inside the “box” and focuses specifically on using internal knowledge of the software to guide the selection of test data.

A

White-box Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Intermediate hosts through which websites are accessed

A

Web Proxies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Log the patch installation history and vulnerability status of each host, which includes known vulnerabilities and missing software updates.

A

Vulnerability Management Software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The authentication process by which the biometric system matches a captured biometric against the person’s stored template

A

Verification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The determination of the correctness, with respect to the user needs and requirements, of the final program or software produced from a development project.

A

Validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Abstract episodes of interaction between a system and its environment

A

Use Cases

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A process by which developers can understand security threats to a system, determine risks from those threats and establish appropriate mitigations

A

Threat Modeling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Operational actions performed by OS components, such as shutting down the system or starting a service

A

System Events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Involves having external agents run scripted transactions against a web application

A

Synthetic Performance Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Analysis of the application source code for finding vulnerabilities without actually executing the application

A

Static Source Code Analysis (SAST)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The process for generating, transmitting, storing, analyzing, and disposing of computer security log data.

A

Security Log Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The determination of the impact of a change based on review of the relevant documentation

A

Regression Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An approach to web monitoring that aims to caputre and analyze every transactions of every user of a website or application

A

Real User Monitoring (RUM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Determines that your application works as expected

A

Positive Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Ensures the application can gracefully handle invalid input or unexpected user behavior

A

Negative Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Any hardware or software mechanism that has the ability to detect and stop attacks in progress

A

Intrusion Prevention Systems (IPS)

17
Q

Real-time monitoring of events as they happen in a computer system or network, using audit trail records and network traffic and anlyzing events to detect potential intrusion attempts

A

Intrusion Detection Systems (IDS)

18
Q

Maintain ongoing awareness of information security, vulnerabilities and threats to support organizational risk management decisions

A

Information Security Continuous Monitoring (ISCM)

19
Q

Tests an application for the use of system components or configurations that are known to be insecure

A

Automated Vulnerability Scanners

20
Q

A manual review of the product architecture to ensure that it fulfills the necessary security requirements

A

Architecture Security Reviews

21
Q

Contain security event information such as successful and failed authentication attempts, file accesses, security policy changes, account changes, and use of privileges

A

Audit Records

22
Q

A list of the most widespread and critical errors that can lead to serious vulnerabilities in software

A

2011 CWE/SANS Top 25 Most Dangerous Software Errors

23
Q

A Use Case from the point of view of an Actor hostile to the system under design

A

Misuse Case

24
Q

This criteria requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product’s behavior

A

Statement Coverage

25
Q

This criteria requires sufficient test cases for each feasible path, basis path, etc., from start to exit of a defined program segment, to be executed at least once

A

Path Coverage

26
Q

This criteria requires sufficient test cases to exercise all possible combinations of conditions in a program decision

A

Multi-Condition Coverage

27
Q

This criteria requires sufficient test cases for all program loops to be executed for zero, one, two, and many iterations covering intialization, typical running, and termination (boundary) conditions

A

Loop Coverage

28
Q

Considered to be a minimum level of coverage for most software products, but decision coverage alone is insufficient for high-integrity applications

A

Decision (Branch) Coverage

29
Q

This criteria requires sufficient test cases for each feasible data flow to be executed at least once

A

Data Flow Coverage

30
Q

This criteria requires sufficient test cases from each condition in a program decision to take on all possible outcomes at least once. It differs from branch coverage only when multiple conditions must be evaluated to reach a decision

A

Condition Coverage