Software Development Security Domain

Question 1

ActiveX Data Objects (ADO)

Answer 1

A Microsoft high-level interface for all kinds of data.

Question 2

Capability Maturity Model for Software (CMM or SW-CMM)

Answer 2

Maturity model focused on quality management processes and has five maturity levels that contain several key practices within each maturity level.

Question 3

Common Object Request Broker Architecture (CORBA)

Answer 3

A set of standards that addresses the need for interoperability between hardware and software products.

Question 4

Computer Virus

Answer 4

A program written with functions and intent to copy and disperse itself without the knowledge and cooperation of the owner or user of the computer.

Question 5

Configuration Mangement (CM)

Answer 5

Monitoring and managing changes to a program or documentation.

Question 6

Covert Channel

Answer 6

An information flow that is not controlled by a security control.

Question 7

Encryption

Answer 7

The conversion of electronic data into another form; called ciphertext; which cannot be easily understood by anyone except authorized parties.

Question 8

Data Mining

Answer 8

The practice of examining large databases in order to generate new information.

Question 9

Database Management System (DBMS)

Answer 9

A suite of application programs that typically manages large; structured sets of persistent data.

Question 10

Database Model

Answer 10

Describes the relationship between the data elements and provides a framework for organizing the data.

Question 11

DevOps

Answer 11

An approach based on lean and agile principles in which business owners and the development; operations; and quality assurance departments collaborate.

Question 12

Log

Answer 12

A record of the events occurring within an organization’s systems and networks.

Question 13

Integrated Product and Process Development (IPPD)

Answer 13

A management technique that simultaneously integrates all essential acquisition activities through the use of multidisciplinary teams to optimize the design; manufacturing; and supportability processes.

Question 14

Iterative Models

Answer 14

Development models that allow for successive refinements of requirements; design; and coding.

Question 15

Knowledge Discovery in Databases (KDD)

Answer 15

A mathematical; statistical; and visualization method of identifying valid and useful patterns in data.

Question 16

Metadata

Answer 16

Information about the data.

Question 17

Rapid Application Development (RAD)

Answer 17

A form of rapid prototyping that requires strict time limits on each phase and relies on tools that enable quick development.

Question 18

Software Assurance (SwA)

Answer 18

The level of confidence that software is free from vulnerabilities; either intentionally designed into the software or accidentally inserted at any time during its life cycle; and that it functions in the intended manner.

Question 19

Time Multiplexing

Answer 19

Allows the operating system to provide well-defined and structured access to processes that need to use resources according to a controlled and tightly managed schedule.

Question 20

Time of Check/Time of Use (TOC/TOU) Attacks

Answer 20

Takes advantage of the dependency on the timing of events that takes place in a multitasking operating system.

Question 21

Trusted Computing Bases (TCB)

Answer 21

The collection of all of the hardware; software; and firmware within a computer system that contains all elements of the system responsible for supporting the security policy and the isolation of objects.

Question 22

Waterfall Development Model

Answer 22

A development model in which each phase contains a list of activities that must be performed and documented before the next phase begins.