Domain 4 - Software Development Security Flashcards Preview

CISSP > Domain 4 - Software Development Security > Flashcards

Flashcards in Domain 4 - Software Development Security Deck (95)
Loading flashcards...
1
Q

An agile development method that uses pairs of programmers who work off a detailed specification

A

Extreme Programming (XP)

2
Q

In Software Development Security, a black box that combines code and data and sends and receives messages

A

Object

3
Q

Changes the older procedural programming methodology and treats a program as a series of connected objects that communicate via messages

A

Object-Oriented Programming

4
Q

Programming Languages that use subroutines, procedures, and functions

A

Procedural Languages (eg. Basic, C, Fortran, Pascal)

5
Q

A software development model designed to control risk.

A

Spiral Model

6
Q

A development model that focuses on security in every phase

A

Software Delevelopment Life Cycle

7
Q

An application development model that uses rigid phases; when one phase ends, the next begins

A

Waterfall Model

8
Q

Is a software that is executed directly by the CPU

A

Machine Code or Machine Language

9
Q

Is a comput prgramming language instructions that are written in text that must that must be translated to machine code before execution by the CPU

A

Source Code

10
Q

Is low level programming language

A

Assembly Language

11
Q

This converts assembly language into machine language

A

Assembler

12
Q

This attempts to convert machine language into assembly

A

Disassembler

13
Q

This take source code, such as C or Basic and compile it into machine code

A

Compilers

14
Q

A code that is compiled on the fly each time the program is run

A

Interpreted code. (eg. Perl, Object-Oriented Programming

Object-Oriented Programming

15
Q
A
16
Q

Is a platform independent code that is converted into machine code by the Java Virtual Machine (JVM)

A

Java Bytecode

17
Q

These are computr languages that are designed to increase a programmer’s efficiency by automating the creation of computer programming code.

A

Fourth Generation Language (4GL)

18
Q

This uses programs to assist in the creation and maintenance of other computer programs

A

Computer-Aided software engineering (CASE)

19
Q

Is programming method where it starts with the broadest and highest level requirements (the concept of the final program) and works down toward low-level technical implementation details

A

Top Down

20
Q

Reverse of Top Down approach in programming

A

Bottom-up

21
Q

Is a software that is typically released in excutable form while the source code is kept confidential.

A

Closed Software

22
Q

Is software where its source code is published publicly

A

Open Source

23
Q

Is a software that is subject to intellectual property protections such as patents and copyrights

A

Proprietary Software

24
Q

A software that is free of charge to use

A

Freeware

25
Q

A fully proprietary software that maybe initially use free for a period of time

A

shareware

26
Q

Is partially functioning proprietary software, often with key features disable. User typically make a payment to unlock those features

A

Crippleware

27
Q

Its a development model that has highly overlapping steps

A

Sashimi (like japanese overlapping of fish)

28
Q

What are the XP core practices?

A

Planning Paired Programming Forty hour workweek Total Customer Involvement Detailed Test Procedures

29
Q

A rapidly develops software via the use of prototypes, dummy GUI’s, back end databases and more. It’s aim is to quickly meeting business needs of the system; technical concerns are secondary.

A

Rapid Action Development

30
Q

is an iterative approach that breaks projects into smaller tasks, creating multiple mockups(prototypes) of system design features

A

Prototyping

31
Q

Steps of SDLC Process

A
  1. Inititation
  2. System Concept DEvelopment
  3. Planning

4, Requirements Analaysis

  1. Design
  2. Development
  3. Integration and Test
  4. Implmentation
  5. Operations and Maintenance
  6. Disposition
32
Q

This describes the process of having a third party store an archive of computer software

A

Software Escrow

33
Q

In OOP. this has the ability of performing different methods depending on the context of the input message

A

Polymorphism (many forms)

34
Q

In OOP, a method where two instances (specific objects) with the same names that contain different date

A

Polyinstantiation (many instances)

35
Q

A concept used to describe an object that reuires losts of otehr objects to perform basic jobs

A

Coupling

36
Q

A concept used to describe an object that can perform most functions independently

A

Cohesion

37
Q

A middleware that connect programs to programs. They can be udr to locate objects acting as object search engine.

A

Object Request Broker (ORB)

38
Q

Common Object brokers (ORB) includes

A

COM, DCOM, CORBA

39
Q

Two object broker technologies by Microsoft

A

COM - Component Object Model

DCOM - Distributed Component Object Model

40
Q

What is the difference betwween Microsoft COM and DCOM?

A

COM locates objects on a local system

DCOM can locate objects over a network

41
Q

Is an opem vendor neutral networked object broker framework by the Object Management Group (OMG). Its objects communicate via a message interface, described by the interface definition language (IDL)

A

CORBA - Common Object Request Broker Architecture

42
Q

Two software development methodologies that take the concept of of obects to a higher , more conceptual design than OOP.

A

Object Oriented Analysis (OOA)

Object Oriented Design (OOD)

43
Q

Vulnerabilities that allow an attacker with (typically limited) access to be able to access additional resources.

A

Privilege Escalation

44
Q

Is a software testing method that test code passively, that is the code is not running. This includes walkthroughs, syntax checking, and code reviews.

A

Static Testing

45
Q

is a softwaretsting method that test the code while executing it.

A

Dynamic Testing

46
Q

is a software testing method that gives the tester access to program source code , data structures, variables etc.

A

White Box Software Testing

47
Q

Is software testing method where tester have no internal details; the software is treated as a blackbox that receives input.

A

Black Box Testing

48
Q

This can be use to map customer’s requirements to the software testing plan: It traces the requirements and ensures that they are being met.

A

Traceability Matrix

49
Q

What are the software testing levels?

A
  1. Unit Testing
  2. Installation Testing
  3. Integration Testing
  4. Regression Testing
  5. Acceptance Testing
50
Q

In software testing, it is a low level tests of software components, such as functions, procedures or objects

A

Unit Testing

51
Q

Testing software as it is installed and first operated

A

Installation Testing

52
Q

In software testing, testing multiple software components as they are combined into a working system; substes maybe tested, or Big Bang integration testing tests all integrated software components

A

Integration Testing

53
Q

Testing software after updates, modification or updates

A

Regression Testing

54
Q

Testing to ensure the software meets the customer’s operational requirements; when this testing is done directly by the customer, it is called “User Acceptance Testing”

A

Acceptance Testing

55
Q

Is a type of blackbox testing that enters random, malformed data as inputs into software programs to determine if they will crash

A

Fuzzing or Fuzz testing

56
Q

Is a black box testing method that seeks to identify and test all unique combinations of software inputs

A

Combinatorial Software Testing

A good example of this is the Pairwise Testing

57
Q

This describes the action taken by a security researcher after discovering a software vulnerability

A

Disclosure

58
Q

It is the controversial practice of releasing vulnerability details publicly.

A

Full Disclosure

59
Q

Is the practice of privately sharing vulnerability information with a vendor and withholding public release until a patch is available

A

Responsible Disclosure

60
Q

Is a maturity framework for evaluating and improving the software development process

A

Software Capability Maturity Model (CMM)

61
Q

What are the five levels of Software Capability Mature Model?

A
  1. Initial
  2. Repeatable
  3. Defined
  4. Managed
  5. Optimizing
62
Q

Is a structured collection of related data

A

Database

63
Q

Databases are managed by ______ which controls all access to the database and enforces the database security

A

Database Management System (DBMS)

64
Q

Is a mathematical attack where an attacker aggregates details at a lower classification to determine information at higher classification

A

Aggregation

65
Q

Is a simillar attack to aggragation but the attacker must logically deduced missing details

A

Inference

66
Q

What are the formal database types?

A

Relational (two dimensional)

Hierarchical

Object Oriented

67
Q

The simplest form of database, a text file that contains multiple lines of data , each in a standard format

A

Flat File

68
Q

A table in database is also called ____

A

Relation

69
Q

A row is a database record which is also called _____

A

Tuple

70
Q

A column in database table is called _____

A

Attribute

71
Q

A single cell (intersection of row and column) in a database is called ____

A

value

72
Q

Relational database requires a unique value called ____ in each tuple in a table

A

Primary Key

73
Q

Is a key in related database table that matches a primary key in the parent database

A

Foreign Key

74
Q
A
75
Q

Databases must ensure the integrity of of the data in the tables; this is called _____

A

Data Integrity

76
Q

____________ means that every foreign key in a secondary table matches a primary key in the parent table

A

Referential Integrity

77
Q

______ means that each attribute (column) value is consistent with the attribute data type

A

Semantic Integrity

78
Q

____ means each tuple has a unique primary key that is not a null

A

Entity Integrity

79
Q

This seek to make that data in a database table logically concise , organised, and consistent. It removes redundant data and improves the integrity and availability of database

A

Database Normalisation

80
Q

Normalisation has three rules called Forms. What are these?

A

First Normal Form(1NF)- Divide data into tables

Second Normal Form (2NF) - Move data that is partially dependent on the primary key to another table

Third Normal Form (3NF) - Remove data that is not dependent on the primary key

81
Q

The results of database query

A

Database View

82
Q

This contains a description of the database tables

A

Data Dictionary

83
Q

A data about data

A

Metadata

84
Q

A critical data dictionary component which describes the attributes and values of the database table

A

Database Schema

85
Q

______ is a log of all database transactions

A

Database Journal

86
Q

____ mirrors live database., allowing simulataneous reads and writes to multiple replicated databases by clients

A

Database Replication

87
Q

Its similar to a replicated database but all changes is made to a primary database, but clients do not access this. It serves as a live data backup of the primary

A

Shadow Database

88
Q

Is a large collection of data may store even petabytes (1000) terabytes of data

A

Data Warehouse

89
Q

This is use to search for patterns in a data warehouse. Commonly sought patterns includes signs of fraud

A

Data Mining

90
Q

The science of programming electronic computers to think more intelligently, sometimes mimicking the ability of mammal brains

A

Artificial Intelligence

91
Q

Simulate neural networks found in humans and animals

A

Artificial Neural Networks

92
Q

Creates Random Programs and assigns them a task of solving a problem

A

Genetic Programming

93
Q

Is a form of aritificial intelligence that uses knowledge base and inference engine

A

Expert System

94
Q

Is a form of artificial intelligence normally use to identify spam

A

Bayesan Filtering

95
Q
A