Software Development

Question 1

Collection of all the hardware, software, & firmware within a computer system that contains all elements of the system responsible for supporting the security policy & the isolation of objects.

Answer 1

Trusted Computing Base

Question 2

A development model in which each phase contains a list of activities that must be performed & documented before the next phase begins.

Answer 2

Waterfall Development Model

Question 3

Takes advantage of the dependency on the timing of events that take place in a multitasking operating system.

Answer 3

Time of Check/Time of User (TOC/TOU) Attack

Question 4

Allows the operating system to provide well-defined & structured access to processes that need to user resources according to a controlled & tightly managed schedule.

Answer 4

Time Multiplexing

Question 5

Level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, & that it functions in the intended manner.

Answer 5

Software Assurance

Question 6

A Microsoft high-level interface for all kinds of data.

Answer 6

ActiveX Data Objects (ADO)

Question 7

Maturity model focused on quality management processes & has five maturity levels that contain several key practices within each maturity level.

Answer 7

Capability Maturity Model for Software (CMM or SW-CMM)

Question 8

Set of standards that addresses the need for interoperability between hardware & software products.

Answer 8

Common Object Request Broker Architecture (CORBA)

Question 9

A program written with functions & intent to copy & disperse itself without the knowledge & cooperation of the owner or user of the computer.

Answer 9

Virus

Question 10

Monitoring & managing changes to a program or documentation.

Answer 10

Configuration Management

Question 11

An information flow that is not controlled by a security control.

Answer 11

Covert Channel

Question 12

Conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties.

Answer 12

Encryption

Question 13

Practice of examining the large databases in order to generate new information.

Answer 13

Data Mining

Question 14

Suite of application programs that typically manages large, structured sets or persistent data.

Answer 14

Database Management Systems (DMS)

Question 15

Describes the relationship between the data elements & provides a framework for organizing the data.

Answer 15

Database Model

Question 16

An approach based on lean & agile principles in which business owners & the development, operations, & quality assurance departments collaborate.

Answer 16

DevOps

Question 17

A record of the events occurring within an organization’s systems & networks.

Answer 17

Log

Question 18

A management technique that simultaneously integrates all essential acquisition activities through the use of multidisciplinary teams to optimize the design, manufacturing, & supportability processes.

Answer 18

Integrated Product & Process Development (IPPD)

Question 19

Development models that allow for successive refinements or requirements, design, & coding.

Answer 19

Iterative Models

Question 20

A mathematical, statistical, & visualization method of identifying valid & useful patterns in data.

Answer 20

Knowledge Discovery in Databases

Question 21

Information about data.

Answer 21

Metadata

Question 22

Form of rapid prototyping that requires strict time limits on each phase & relies on tools that tenable quick development.

Answer 22

Rapid Application Development (RAD)