Flashcards in Ch 20 Deck (20)
1. Which one of the following is not a component of the DevOps model?
A. Information security
B. Software development
C. Quality assurance
D. IT operations
The three elements of the DevOps model are software development, quality assurance, and IT operations
2. Bob is developing a software application and has a field where users may enter a date. He wants to ensure that the values provided by the users are accurate dates to prevent security issues. What technique should Bob use?
B. Input validation
Input validation ensures that the input provided by users matches the design parameters.
3. What portion of the change management process allows developers to prioritize tasks?
A. Release control
B. Configuration control
C. Request control
D. Change audit
The request control provides users with a framework to request changes and developers with the opportunity to prioritize those requests.
4. What approach to failure management places the system in a high level of security?
A. Fail open
B. Fail mitigation
C. Fail secure
D. Fail clear
In a fail-secure state, the system remains in a high level of security until an administrator intervenes.
5. What software development model uses a seven-stage approach with a feedback loop that allows progress one step backward?
The waterfall model uses a seven-stage approach to software development and includes a feedback loop that allows development to return to the previous phase to correct defects discovered during the subsequent phase
6. What form of access control is concerned primarily with the data stored by a field?
C. Semantic integrity mechanisms
Content-dependent access control is focused on the internal data of each field.
7. Which one of the following key types is used to enforce referential integrity between database tables?
A. Candidate key
B. Primary key
C. Foreign key
D. Super key
Foreign keys are used to enforce referential integrity constraints between tables that participate in a relationship.
8. Richard believes that a database user is misusing his privileges to gain information about the company's overall business trends by issuing queries that combine data from a large number of records. What process is the database user taking advantage of?
In this case, the process the database user is taking advantage of is aggregation. Aggregation attacks involve the use of specialized database functions to combine information from a large number of database records to reveal information that may be more sensitive than the information in individual records would reveal.
9. What database technique can be used to prevent unauthorized users from determining classified information by noticing the absence of information normally available to them?
Polyinstantiation allows the insertion of multiple records that appear to have the same primary key values into a database at different classification levels.
10. Which one of the following is not a principle of Agile development?
A. Satisfy the customer through early and continuous delivery.
B. Businesspeople and developers work together.
C. Pay continuous attention to technical excellence.
D. Prioritize security over other requirements.
In Agile, the highest priority is to satisfy the customer through early and continuous delivery of valuable software.
11. What type of information is used to form the basis of an expert system's decision-making process?
A. A series of weighted layered computations
B. Combined input from a number of human experts, weighted according to past performance
C. A series of "if/then" rules codified in a knowledge base
D. A biological decision-making process that simulates the reasoning process used by the human mind
Expert systems use a knowledge base consisting of a series of "if/then" statements to form decisions based on the previous experience of human experts.
12. In which phase of the SW-CMM does an organization use quantitative measures to gain a detailed understanding of the development process?
In the Managed phase, level 4 of the SW-CMM, the organization uses quantitative measures to gain a detailed understanding of the development process.
13. Which of the following acts as a proxy between an application and a database to support interaction and simplify the work of programmers?
ODBC acts as a proxy between applications and the backend DBMS.
14. In what type of software testing does the tester have access to the underlying source code?
A. Static testing
B. Dynamic testing
C. Cross-site scripting testing
D. Black box testing
In order to conduct a static test, the tester must have access to the underlying source code.
15. What type of chart provides a graphical illustration of a schedule that helps to plan, coordinate, and track project tasks?
A Gantt chart is a type of bar chart that shows the interrelationships over time between projects and schedules. It provides a graphical illustration of a schedule that helps to plan, coordinate, and track specific tasks in a project.
16. Which database security risk occurs when data from a higher classification level is mixed with data from a lower classification level?
Contamination is the mixing of data from a higher classification level and/or need-to-know requirement with data from a lower classification level and/or need-to-know requirement.
17. What database security technology involves creating two or more rows with seemingly identical primary keys that contain different data for users with different security clearances?
B. Cell suppression
Database developers use polyinstantiation, the creation of multiple records that seem to have the same primary key, to protect against inference attacks.
18. Which one of the following is not part of the change management process?
A. Request control
B. Release control
C. Configuration audit
D. Change control
Configuration audit is part of the configuration management process rather than the change control process.
19. What transaction management principle ensures that two transactions do not interfere with each other as they operate on the same data?
The isolation principle states that two transactions operating on the same data must be temporarily separated from each other such that one does not interfere with the other.