Software Development Security Domain

Question 1

The collection of all of the hardware, software and firmware within a computer system that contains all elements of the system responsible for supporting the security policy and the isolation of objects

Answer 1

Trusted Computing Bases (TCB)

Question 2

Takes advantage of the dependency on the timing of events that takes place in a multitasking operating system

Answer 2

Time of Check / Time of User (TOC/TOU) Attacks

Question 3

Allows the operating system to provide well-defined and structured access to processes that need to use resources according to a controlled and tightly managed schedule

Answer 3

Time Multiplexing

Question 4

The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that it functions in the intended manner

Answer 4

Software Assurance (SwA)

Question 5

A form of rapid prototyping that requires strict time limits on each phase and relies on tools that enable quick development

Answer 5

Rapid Application Development (RAD)

Question 6

Information about the data

Answer 6

Metadata

Question 7

A mathematical, statistical, and visualization method of identifying valid and useful patterns in data

Answer 7

Knowledge Discovery in Databases (KDD)

Question 8

Development models that allow for successive refinements of requirements, design and coding

Answer 8

Iterative Models

Question 9

A record of the events occuring within an organization’s systems and networks

Answer 9

Log

Question 10

Decribes the relationship between the data elements and provides a framework for organizing the data

Answer 10

Database Model

Question 11

A suite of application programs that typically manages large, structured sets of persistent data

Answer 11

Database Management Systems (DBMS)

Question 12

The practice of examining large databases in order to generate new information

Answer 12

Data Mining

Question 13

The conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties

Answer 13

Encryption

Question 14

An information flow that is not controlled by a security control

Answer 14

Covert Channel

Question 15

Monitoring and managing changes to a program or documentation

Answer 15

Configuration Manegement (CM)

Question 16

A program written with functions and intent to copy and disperse itself without the knowledge and cooperation of the owner or user of the computer

Answer 16

Computer Virus

Question 17

A set of standards that addresses the need for interoperability between hardware and software products

Answer 17

Common Object Request Broker Architecture (CORBA)

Question 18

A Microsoft high-level interface for all kinds of data

Answer 18

ActiveX Data Objects (ADO)

Question 19

A management technique that simultaneously integrate all essential acquisition activities through the use of multidisciplinary teams to optimize the design, manufacturing, and supportability processes

Answer 19

Integrated Product and Process Development (IPPD)

Question 20

An approach based on lean and agile principles in which business owners and the development, operations, and quality assurance departments collaborate

Answer 20

DevOPS

Question 21

A development model in which each phase contains a list of activities that must be performed and documented before the next phase begins

Answer 21

Waterfall Development Model

Question 22

Maturity model focused on quality management processes and has five maturity levels that contain several key practices within each maturity level

Answer 22

Capability Maturity Model for Software (CMM or SW-CMM)