Post-Class Quiz: Software Development Security Domain



Similar documents
CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Intruders and viruses. 8: Network Security 8-1

NERC CIP VERSION 5 COMPLIANCE

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

Network Incident Report

Patterns for Secure Boot and Secure Storage in Computer Systems

Digital Rights Management Demonstrator

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Network and Host-based Vulnerability Assessment

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper

Firewall and UTM Solutions Guide

IQware's Approach to Software and IT security Issues

BUY ONLINE FROM:

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Information Security Policies and Procedures Development Framework for Government Agencies. First Edition AH

Malicious Software. Ola Flygt Växjö University, Sweden Viruses and Related Threats

Confinement Problem. The confinement problem Isolating entities. Example Problem. Server balances bank accounts for clients Server security issues:

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Computer Security DD2395

Data Management Policies. Sage ERP Online

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

SOFTWARE MANAGEMENT PROGRAM. Software Testing Checklist

CEN 559 Selected Topics in Computer Engineering. Dr. Mostafa H. Dahshan KSU CCIS

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

GiftWrap 4.0 Security FAQ

Dr. David Turahi Director for IT&IMS - MOICT Uganda

Intro to Firewalls. Summary

DeltaV System Cyber-Security

CS 487. Week 8. Reference: 1. Software engineering, roger s. pressman. Reading: 1. Ian Sommerville, Chapter 3. Objective:

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Supplier Security Assessment Questionnaire

Chapter 14 Computer Threats

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Audit Report. Management of Naval Reactors' Cyber Security Program

Optimizing and Protecting Hard Drives Chapter # 9

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Reducing Application Vulnerabilities by Security Engineering

Hacking Database for Owning your Data

Security Technology for Smartphones

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Security aspects of e-tailing. Chapter 7

What Do You Mean My Cloud Data Isn t Secure?

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

DBMS Questions. 3.) For which two constraints are indexes created when the constraint is added?

Desktop and Laptop Security Policy

CS 356 Lecture 9 Malicious Code. Spring 2013

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

BlackBerry Device Software. Protecting BlackBerry Smartphones Against Malware. Security Note

Columbia University Web Security Standards and Practices. Objective and Scope

How To Integrate Software And Systems

Security Architecture and Design

That Point of Sale is a PoS

How To Protect A Network From Attack From A Hacker (Hbss)

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

Security Practices for Online Collaboration and Social Media

CS52600: Information Security

Payment Fraud and Risk Management

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

Decision on adequate information system management. (Official Gazette 37/2010)

Software and Cloud Security

Supply-Chain Risk Management Framework

An expert s tips for cracking tough CISSP exam

Security Considerations for DirectAccess Deployments. Whitepaper

Section 12 MUST BE COMPLETED BY: 4/22

SCADA Cyber Security

INFORMATION TECHNOLOGY

Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure

SENSE Security overview 2014

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Symantec Endpoint Protection Getting Started Guide

Review from last time. CS 537 Lecture 3 OS Structure. OS structure. What you should learn from this lecture

N-CAP Users Guide. Everything You Need to Know About Using the Internet! How Worms Spread via (and How to Avoid That)

Spyware Doctor Enterprise Technical Data Sheet

Ovation Security Center Data Sheet

Service Asset & Configuration Management PinkVERIFY

Lecture Objectives. Software Life Cycle. Software Engineering Layers. Software Process. Common Process Framework. Umbrella Activities

A Systems Engineering Approach to Developing Cyber Security Professionals

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Ovation Security Center Data Sheet

EPA Classification No.: CIO P-01.1 CIO Approval Date: 06/10/2013 CIO Transmittal No.: Review Date: 06/10/2016

Top Ten Cyber Threats

Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc.

Transcription:

1. A step-by-step implementation instruction is called A. Policy B. Standard C. Procedure D. Guideline 2. An approved configuration of software packages that describes how and what components are assembled and implemented is called A. Policy B. Standard C. Baseline D. Guideline 3. What is the framework that provides a common description that explains how the IT systems are aligned to the business strategy, what values are delivered, and defines measure of effectiveness. A. Governance framework B. System architecture C. Enterprise architecture D. Standard 4. The Software Engineering Institute (SEI) Software Capability Maturity Model (SW- CMM) is based on the premise that? A. Good software development is a function of the number of expert programmers in the organization. B. The maturity of an organization s software processes cannot be measured. C. The quality of a software product is a direct function of the quality of its associated software development and maintenance processes. D. Software development is an art that cannot be measured by conventional means. 5. In configuration management, a configuration item is? A. The version of the operating system, which is operating on the work station, that provides information security services. CISSP CBK Review Page 1

B. A component whose state is to be recorded and against which changes are to be progressed. C. The network architecture used by the organization. D. A series of files that contain sensitive information. 6. The Waterfall Model of software life cycle development assumes that? A. Iteration will be required among the steps in the process. B. Each step can be completed and finalized without any effect from the later stages that may require rework. C. Each phase is identical to a completed milestone. D. Software development requires reworking and repeating some of the phases. 7. What does the Spiral Model depict? A. A spiral that incorporates various phases of software development B. A spiral that models the behavior of biological neurons C. The operation of expert systems D. Information security checklists. 8. In the software life cycle, verification? A. Evaluates the product in development against real world requirements B. Evaluates the product in development against similar products C. Evaluates the product in development against general baselines D. Evaluates the product in development against the specification 9. In the software life cycle, validation? A. Refers to the work product satisfying the real-world requirements and concepts B. Refers to the work product satisfying derived specifications C. Refers to the work product satisfying software maturity levels D. Refers to the work product satisfying generally accepted principles 10. In IEEE 1220, what are the five stages within a typical system life cycle? A. Initial, Development, Production, Support, and Disposal CISSP CBK Review Page 2

B. Concept, Design, Develop, Deploy, and Operate C. Initiation, Acquisition/Development, Implementation, Operations/Maintenance, and Disposition D. None of the above 11. The software maintenance phase controls consist of: A. Request control, change control, and release control B. Request control, configuration control, and change control C. Change control, security control, and access control D. Request control, release control, and access control 12. In a system life cycle, information security controls should be? A. Designed during the product implementation phase B. Implemented prior to validation C. Part of the feasibility phase D. Specified after the coding phase 13. In configuration management, what is a software library? A. A set of versions of the component configuration items B. A controlled area accessible to only approved users who are restricted to the use of an approved procedure C. A repository of backup tapes D. A collection of software build lists 14. What is configuration control? A. Identifying and documenting the functional and physical characteristics of each configuration item B. Controlling changes to the configuration items and issuing versions of configuration items from the software library. C. Recording the processing of changes D. Controlling the quality of the configuration management procedures. 15. What type of security requirement is designed to measure the effectiveness of security controls? CISSP CBK Review Page 3

A. Security requirement B. Functional security requirement C. Assurance requirement D. Security posture 16. Which of the following statements pertaining to the security kernel is incorrect? A. The security kernel is made up of mechanisms that fall under the TCB and implements and enforces the reference monitor concept. B. The security kernel must provide isolation for the processes carrying out the reference monitor concept and they must be tamperproof. C. The security kernel must be small enough to be able to be tested and verified in a complete and comprehensive manner. D. The security kernel is an access control concept, not an actual physical component. 17. What can best be described as an abstract machine which must mediate all access to subjects to objects? A. The reference monitor B. A security domain C. The security kernel D. The security perimeter 18. What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept? A. Protection rings B. A security kernel C. A protection domain D. The reference monitor 19. What can be described as an imaginary line that separates the trusted components of the TCB from those elements that are not trusted? A. The reference perimeter B. The security perimeter C. The reference monitor D. The security kernel CISSP CBK Review Page 4

20. What are the three conditions that must be met by the reference monitor? A. Policy, mechanism and assurance B. Isolation, layering and abstraction C. Isolation, completeness and verifiability D. Confidentiality, availability and integrity 21. What are the types of un-controlled communication paths for covert chanenel? A. Timing and storage channels B. Encrypted message channels C. Timing channels D. Storage channels 22. Which of the following is a communication mechanism that enables direct conversation between two applications? A. ODBC B. DCOM C. DDE D. OLE 23. Which of the following is NOT a common database structure? A. Hierarchical B. Relational C. Sequential D. Network 24. In Software Capability Maturity Model (SW-CMM), at what CMM Level where an organization has documented software engineering and development processes and are used across the organization? A. CMM Level 1: Initial B. CMM Level 2: Repeatable C. CMM Level 3: Defined D. CMM Level 4: Managed CISSP CBK Review Page 5

25. Why do buffer overflows happen? A. Because they are an easy weakness to exploit B. Because buffers can only hold so much data C. Because input data is not checked for appropriate length at time of input D. Because of insufficient system memory 26. Which of the following is used in database information security to hide information? A. Inheritance B. Delegation C. Polymorphism D. Polyinstantiation 27. What is called the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity? A. Aggregation B. Data mining C. Inference D. Polyinstantiation 28. Which of the following virus types changes some of its characteristics as it spreads? A. boot sector B. parasitic C. stealth D. polymorphic 29. Referential Integrity requires that for any foreign key attribute, the referenced relation must have a tuple with the same value for which of the following? A. candidate key B. foreign key C. secondary key D. primary key CISSP CBK Review Page 6

30. The description of the database is called a schema, and the schema is defined by which of the following? A. Data Encapsulation Language (DEL). B. Data Connection Language (DCL). C. Data Definition Language (DDL). D. Data Identification Language (DIL). 31. What is used to hide data from unauthorized users by allowing a relation in a database to contain multiple tuples with the same primary keys with each instance distinguished by a security level? A. Noise and perturbation B. Cell suppression C. Polyinstantiation D. Data mining 32. A computer program in which malicious or harmful code is contained inside apparently harmless programming or data in such as way that it can get control and do damage is a: A. Trojan horse B. trap door C. virus D. worm 33. What is one disadvantage of content-dependent protection of information? A. It requires additional password entry. B. It increases processing overhead. C. It exposes the system to data locking. D. It limits the user's individual address space. 34. What type of malware is self-contained and does not need to be part of another computer program to propagate itself? A. Computer virus B. Trojan house C. Computer worm CISSP CBK Review Page 7

D. Polymorphic virus 35. What type of malware that is capable of infect a file with an encrypted copy of itself, then modify itself when decoded to make almost impossible to detect by signaturebased virus scanner? A. Computer virus B. Trojan house C. Computer worm D. Polymorphic virus CISSP CBK Review Page 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information