Software Development Security

Question 2

What is the value of the logical operation shown here?
X: 0 1 1 0 1 0Y: 0 0 1 1 0 1___________________________X ? Y: ?
A) 0 1 1 1 1 1
B) 0 1 1 0 1 0
C) 0 0 1 0 0 0
D) 0 0 1 1 0 1

Answer 2

0 1 1 1 1 1

The ? OR symbol represents the OR function, which is true when one or both of the input bits are true.

Question 3

In systems utilizing a ring protection scheme, at what level does the security kernel reside?
A) Level 0
B) Level 1
C) Level 2
D) Level 3

Answer 3

Level 0

The security kernel and reference monitor reside at Level 0 in the ring protection scheme, where they have unrestricted access to all system resources.

Question 4

Which one of the following terms cannot be used to describe the main RAM of a typical computer system?
A) Volatile
B) Sequential access
C) Real memory
D) Primary memory

Answer 4

Sequential access

Random access memory (RAM) allows for the direct addressing of any point within the resource. A sequential access storage medium, such as a magnetic tape, requires scanning through the entire media from the beginning to reach a specific address.

Question 5

What condition is necessary on a web page for it to be used in a cross-site scripting attack?
A) Reflected input
B) Database-driven content
C) .NET technology
D) CGI scripts

Answer 5

Reflected input

Cross-site scripting attacks are successful only against web applications that include reflected input.

Question 6

What form of access control is concerned primarily with the data stored by a field?
A) Content-dependent
B) Context-dependent
C) Semantic integrity mechanisms
D) Perturbation

Answer 6

Content-dependent

Content-dependent access control is focused on the internal data of each field.

Question 7

What HTML tag is often used as part of a cross-site scripting (XSS) attack?
A) 
B) 
C) 
D)

Question 8

What character should always be treated carefully when encountered as user input on a web form?
A) !
B) &
C) *
D) '

Answer 8

’

The single quote character (‘) is used in SQL queries and must be handled carefully on web forms to protect against SQL injection attacks.

Question 9

What type of reconnaissance attack provides attackers with useful information about the services running on a system?
A) Session hijacking
B) Port scan
C) Dumpster diving
D) IP sweep

Answer 9

Port scan

Port scans reveal the ports associated with services running on a machine and available to the public.

Question 10

What technology does the Java language use to minimize the threat posed by applets?
A) Confidentiality
B) Encryption
C) Stealth
D) Sandbox

Answer 10

Sandbox

The Java sandbox isolates applets and allows them to run within a protected environment, limiting the effect they may have on the rest of the system.

Question 11

What is the most effective defense against cross-site scripting attacks?
A) Limiting account privileges
B) Input validation
C) User authentication
D) Encryption

Answer 11

Input validation

Input validation prevents cross-site scripting attacks by limiting user input to a predefined range. This prevents the attacker from including the HTML

Question 12

What type of virus utilizes more than one propagation technique to maximize the number of penetrated systems?
A) Stealth virus
B) Companion virus
C) Polymorphic virus
D) Multipartite virus

Answer 12

Multipartite virus

Multipartite viruses use two or more propagation techniques (for example, file infection and boot sector infection) to maximize their reach.

Question 13

What programming language(s) can be used to develop ActiveX controls for use on an Internet site?
A) Visual Basic
B) C
C) Java
D) All of these are correct.

Answer 13

All of these are correct

Microsoft’s ActiveX technology supports a number of programming languages, including Visual Basic, C, C++, and Java. On the other hand, only the Java language can be used to write Java applets.

Question 14

What transaction management principle ensures that two transactions do not interfere with each other as they operate on the same data?
A) Atomicity
B) Consistency
C) Isolation
D) Durability

Answer 14

Isolation

The isolation principle states that two transactions operating on the same data must be temporarily separated from each other such that one does not interfere with the other.

Question 15

In what type of software testing does the tester have access to the underlying source code?
A) Static testing
B) Dynamic testing
C) Cross-site scripting testing
D) Black box testing

Answer 15

Static testing

In order to conduct a static test, the tester must have access to the underlying source code.

Question 16

What portion of the change management process allows developers to prioritize tasks?
A) Release control
B) Configuration control
C) Request control
D) Change audit

Answer 16

Request control

The request control provides users with a framework to request changes and developers with the opportunity to prioritize those requests.

Question 17

Which one of the following key types is used to enforce referential integrity between database tables?
A) Candidate key
B) Primary key
C) Foreign key
D) Super key

Answer 17

Foreign key

Foreign keys are used to enforce referential integrity constraints between tables that participate in a relationship.

Question 18

Which one of the following is not part of the change management process?
A) Request control
B) Release control
C) Configuration audit
D) Change control

Answer 18

Configuration audit

Configuration audit is part of the configuration management process rather than the change control process.

Question 19

Which one of the following intrusion detection systems makes use of an expert system to detect anomalous user activity?
A) PIX
B) ID10T
C) AAFID
D) NIDES

Answer 19

NIDES

The Next-Generation Intrusion Detection Expert System (NIDES) is an expertsystem-based intrusion detection system. PIX is a firewall, and ID10T and AAFID are intrusion detection systems that do not utilize expert systems.

Question 20

Richard believes that a database user is misusing his privileges to gain information about the company's overall business trends by issuing queries that combine data from a large number of records. What process is the database user taking advantage of?
A) Inference
B) Contamination
C) Polyinstantiation
D) Aggregation

Answer 20

Aggregation

In this case, the process the database user is taking advantage of is aggregation. Aggregation attacks involve the use of specialized database functions to combine information from a large number of database records to reveal information that may be more sensitive than the information in individual records would reveal.

Question 21

What type of information is used to form the basis of an expert system’s decision-making process?
A) A series of weighted layered computations
B) Combined input from a number of human experts, weighted according to past performance
C) A series of “if/then” rules codified in a knowledge base
D) A biological decision-making process that simulates the reasoning process used by the human mind

Answer 21

A series of “if/then” rules codified in a knowledge base

Expert systems utilize a knowledge base consisting of a series of “if/then” statements to form decisions based upon the previous experience of human experts.

Question 22

Which of the following acts as a proxy between two different systems to support interaction and simplify the work of programmers?
A) SDLC
B) ODBC
C) DSS
D) Abstraction

Answer 22

ODBC

ODBC acts as a proxy between applications and the backend DBMS.

Question 23

Ben's system was infected by malicious code that modified the operating system to allow the malicious code author to gain access to his files. What type of exploit did this attacker engage in?
A) Escalation of privilege
B) Back door
C) Rootkit
D) Buffer overflow

Answer 23

Back door

Back doors are undocumented command sequences that allow individuals with knowledge of the back door to bypass normal access restrictions.

Question 24

In what phase of the Capability Maturity Model for Software (SW-CMM) are quantitative measures utilized to gain a detailed understanding of the software development process?
A) Repeatable
B) Defined
C) Managed
D) Optimizing

Answer 24

Managed

The Managed phase of the SW-CMM involves the use of quantitative development metrics. The Software Engineering Institute (SEI) defines the key process areas for this level as Quantitative Process Management and Software Quality Management.

Question 25

Which one of the following vulnerabilities would best be countered by adequate parameter checking?
A) Time-of-check-to-time-of-use
B) Buffer overflow
C) SYN flood
D) Distributed denial of service

Answer 25

Buffer overflow

Parameter checking is used to prevent the possibility of buffer overflow attacks.

Question 26

Which one of the following malicious code objects might be inserted in an application by a disgruntled software developer with the purpose of destroying system data after the developer's account has been deleted (presumably following their termination)?
A) Virus
B) Worm
C) Trojan horse
D) Logic bomb

Answer 26

Logic bomb

Logic bombs are malicious code objects programmed to lie dormant until certain logical conditions, such as a certain date, time, system event, or other criteria, are met. At that time, they spring into action, triggering their payload.

Question 27

What term is used to describe code objects that act on behalf of a user and operate in an unattended manner?
A) Agent
B) Worm
C) Applet
D) Browser

Answer 27

Agent

Intelligent agents, also called bots, are code objects programmed to perform certain operations on behalf of a user in their absence.

Question 28

What type of application vulnerability most directly allows an attacker to modify the contents of a system's memory?
A) Rootkit
B) Back door
C) TOC/TOU
D) Buffer overflow

Answer 28

Buffer overflow

Buffer overflow attacks allow an attacker to modify the contents of a system’s memory by writing beyond the space allocated for a variable.