Software Dev

Question 1

Which software development life cycle model allows for multiple iterations of the development process, resulting in multiple prototypes, each produced according to a complete design and testing process?

A. Software Capability Maturity model
B. Waterfall model
C. Development cycle
D. Spiral model

Answer 1

The spiral model allows developers to repeat iterations of another life cycle model (such as the waterfall model) to produce a number of fully tested prototypes.

Question 2

SW-CMM

IRDMO

Answer 2

Software Capability Maturity Model

1. Initial
2. Repeatable
3. Defined
4. managed
5. Optimizing

IRDMO

Question 3

IDEAL

based on CW-CMM

Answer 3

1. Initiating
2. Diagnosing
3. Establishing
4. Acting
5. Learning

Question 4

What is system accreditation?

A. Formal acceptance of a stated system configuration
B. A functional evaluation of the manufacturer’s goals for each hardware and software component to meet integration standards
C. Acceptance of test results that prove the computer system enforces the security policy
D. The process to specify secure communication between machines

Answer 4

Accreditation is the formal acceptance process. Option B is not an appropriate answer because it addresses manufacturer standards. Options C and D are incorrect because there is no way to prove that a configuration enforces a security policy and accreditation does not entail secure communication specification.

Question 5

Which one of the following is not part of the change management process?

A. Request control
B. Release control
C. Configuration audit
D. Change control

Answer 5

Configuration audit is part of the configuration management process rather than the change control process.

Question 6

What is system certification?

A. Formal acceptance of a stated system configuration
B. A technical evaluation of each part of a computer system to assess its compliance with security standards
C. A functional evaluation of the manufacturer’s goals for each hardware and software component to meet integration standards
D. A manufacturer’s certificate stating that all components were installed and configured correctly

Answer 6

A system certification is a technical evaluation. Option A describes system accreditation. Options C and D refer to manufacturer standards, not implementation standards.

Question 7

Which one of the following is not a component of the DevOps model?

A. Information security
B. Software development
C. Quality assurance
D. IT operations

Answer 7

The three elements of the DevOps model are software development, quality assurance, and IT operations.

Question 8

Richard believes that a database user is misusing his privileges to gain information about the company’s overall business trends by issuing queries that combine data from a large number of records. What process is the database user taking advantage of?

A. Inference
B. Contamination
C. Polyinstantiation
D. Aggregation

Answer 8

In this case, the process the database user is taking advantage of is aggregation. Aggregation attacks involve the use of specialized database functions to combine information from a large number of database records to reveal information that may be more sensitive than the information in individual records would reveal.

Question 9

Which Bell-LaPadula property keeps lower-level subjects from accessing objects with a higher security level?

A. (star) Security Property
B. No write up property
C. No read up property
D. No read down property

Answer 9

The no read up property, also called the Simple Security Policy, prohibits subjects from reading a higher security level object.

Question 10

Which security model addresses data confidentiality?

A. Bell-LaPadula
B. Biba
C. Clark-Wilson
D. Brewer and Nash

Answer 10

Only the Bell-LaPadula model addresses data confidentiality.

The Biba and Clark-Wilson models address data integrity.

The Brewer and Nash model prevents conflicts of interest.

Question 11

In a relational database, what type of key is used to uniquely identify a record in a table and can have multiple instances per table?

A. Candidate key
B. Primary key
C. Unique key
D. Foreign key

Answer 11

A

A candidate key is a subset of attributes that can be used to uniquely identify any record in a table. No two records in the same table will ever contain the same values for all attributes composing a candidate key. Each table may have one or more candidate keys, which are chosen from column headings.

Question 12

During what phase of incident response do you collect evidence such as firewall logs?

A. Detection
B. Response
C. Compliance
D. Remediation

Answer 12

B

Evidence collection takes place during the response phase of the incident. Incidents are identified and verified during the detection phase. Compliance with laws might occur during the reporting phase, depending on the incident. Personnel typically perform a root-cause analysis during the remediation phase.

Question 13

When establishing who someone is before you grant them access to resources, what is the first step?

A. Verify credentials
B. Claim an identity
C. Grant authority
D. Monitor activity

Answer 13

B
The first step toward granting a user access is for them to claim an identity (identification). That is followed by verifying credentials (authentication), then by granting authority (authorization), and finally by monitoring activity (auditing).

Question 14

What rule of evidence states that a written agreement is assumed to contain all terms of the agreement?

A. Real evidence
B. Best evidence
C. Parol evidence
D. Chain of evidence

Answer 14

c
The parol evidence rule states that when an agreement between parties is put into written form, the written document is assumed to contain all the terms of the agreement, and no verbal agreements may modify the written agreement.