10 - Software Development Security Flashcards
- When security is increased, what is typically decreased?a. Administrative responsibilitiesb. User functionalityc. Complexity of the systemd. Cost of sustaining the IT environment
B: When security is increased, user functionality is usually decreased.
- Which of the following occurrences does not demonstrate foresight and planning on the part of a programmer when a software product encounters a security error?a. Blue screenb. Switching into a non-privileged state upon failurec. Locking out all high-level privilegesd. Rebooting into any available state
D: Rebooting into any available state could result in booting into a privileged state which is not the proper outcome when software encounters a security error.
- Database access is usually indirect access that provides for all but which of the following?a. Confidentiality b. Integrityc. Availabilityd. Controlled interface
C: Availability is not ensured with indirect access.
- Which of the following is required in every row of a table in order to maintain uniqueness?a. Cellb. Filec. Primary keyd. Schema
C: A primary key is required in every row of a table in order to maintain uniqueness.
- An attribute in one table that also serves as the primary key in another table is known as?a. A cross-referenceb. A viewc. Tupled. A foreign key
D: A foreign key is an attribute in one table that also serves as the primary key in another table.
- What is the data that defines or describes the database?a. Schemab. Primary keyc. Data dictionaryd. Base relation
A: A schema holds the data that defines or describes the database.
- Why does most software have security disabled by default?a. Ease of installation b. Every environment has different security needsc. Most environments don’t require securityd. Security is dependant upon a security policy
A: Most software has security disabled by default for ease of installation.
- What is a collection of related items of the same type?a. Fileb. Record c. Databased. Base relation
A: A file is a collection of related items or records of the same type.
- A tuple is what?a. A table stored in a databaseb. A row stored in a databasec. A column stored in a databased. A column that makes each row of a table unique
B: A tuple is a row stored in a database.
- What is an attribute?a. A table stored in a databaseb. A column that has a unique value in each rowc. A column in a databased. The data that describes the database
C: An attribute is a column in a database.
- What database model provides for many-to-many relationships?a. Sequential data modelb. Hierarchical data modelc. Ordinal data modeld. Distributed data model
D: A distributed data model offers many-to-many relationships.
- An indication that integrity of the database has been violated is when which following includes a null value?a. primary keyb. cellc. tupled. relation
A: If the primary key contains a null value then integrity has been violated.
- In a relational database, the number of rows is referred to as?a. Degreeb. Cardinalityc. Prime factord. Tuple
B: The number of rows in a relational database is known as the cardinality.
- Which of the following in the design and programming phases of software development can not result in buffer overflows?a. data input block sizeb. ASCII vs. binary inputc. Alpha vs. numeric inputd. English vs. Spanish
D: Whether the input is in Spanish or English will not have a direct bearing on a buffer overflow.
- When a program or operating system experiences a failure state, what should it do?a. save a memory dumpb. revert to a secure statec. restart in privilege moded. automatically reboot
B: After a failure state, the program or system should revert to a secure state.
- Which of the following is not true about out of the box security?a. security and functionality are directly proportionalb. security is usually disabled for installationc. security must be configured for the environmentd. security is often a tradeoff for ease of use
A: Security and functionality are usually inversely proportional, the greater the security the less functionality a system offers.
- What element of new robust software is considered a security failure or downfall?a. platform dependenceb. a wide range of features or functionalityc. interpreted vs. compiled languaged. implementation within a distributed computing environment
B: A wide range of features or functionality is considered a security failure or downfall. The more capabilities a system has, the greater the range of its vulnerabilities and risks.
- What is the primary reason why so much software is unable to handle failures or errors in a secure fashion?a. use of interpreted languagesb. designed to be used in a distributed computing environmentc. circumstances of use are difficult to predict and plan ford. lack of software change management
C: The primary reason software is unable to handle failures is a secure fashion is that circumstances of use are difficult to predict and plan for.
- Since all circumstances of use are difficult to predict and plan for, programmers should?a. not produce softwareb. use only fifth generation programming languagesc. avoid CGI scriptsd. design a general method for handling unexpected failures
D: Since all circumstances of use are difficult to predict and plan for, programmers should design into their software a general method for handling unexpected failures.
- A reliable and controlled software development, design, and coding process is necessary to ensure?a. marketabilityb. securityc. interoperabilityd. compatibility
B: A reliable and controlled software development, design, and coding process is necessary to ensure security.
- Buffer overflows are caused by a programmer failing to compensate for all but which of the following?a. input data block sizeb. ASCII vs. Binary inputc. English vs. Spanishd. alpha vs. numeric
C: Buffer overflows are not caused by differences in languages.
- Failing to compensate for invalid or extensive values of data types, formats, or lengths in input to programs can cause?a. time of check/time of use attackb. aggregationc. unauthorized alterations of a configuration itemd. buffer overflows
D: Failing to compensate for invalid or extensive values of data types, formats, or lengths in input to programs can cause a buffer overflow.
- Environmental controls and hardware devices cannot prevent problems created by?a. bad program codingb. unrestricted physical accessc. lack of boundary controlsd. poor air quality
A: Environmental controls and hardware devices cannot prevent problems created by bad program coding.
- Which of the following is not one of the standard phases in a the system life cycle?a. penetration testingb. project initiationc. system design specificationsd. maintenance
A: Penetration testing is not one of the phases in the system life cycle.