Domain 8: Software Development Security

Question 1

Message

Answer 1

communication to or input of an object

Question 2

Method

Answer 2

internal code that defines the actions an object performs in response to a message

Question 3

Behavior

Answer 3

results or output exhibited by an object

Question 4

Class

Answer 4

collection of the common methods from a set of objects that defines the behavior of those objects

Question 5

Instance

Answer 5

example

Question 6

Inheritance

Answer 6

methods from a class are inherited from a subclass

Question 7

Delegation

Answer 7

forwarding of a request by an object to another object

Question 8

Polymorphism

Answer 8

the characteristic of an object that allows it to respond with different behaviors to the same message or method because of changes in external conditions

Question 9

Cohesion

Answer 9

strength of the relationship between the purposes of the methods within the same class

Question 10

Coupling

Answer 10

level of interaction between objects

Question 11

Assurance procedures

Answer 11

formalized processes by which trust is built into the life cycle of a system

Question 12

Input Validation

Answer 12

verifies that the values provided by the user match the programmers expectation

Question 13

Should Input Validation occur on the Server or Client side?

Answer 13

Server

Question 14

Conceptual Defenition

Answer 14

create the basic concept statement for a system

Question 15

Functional Requirements Determination

Answer 15

specific system functionalities are listed

Question 16

Control Specification Development

Answer 16

analyze the system from a security perspective

Question 17

Code Review Walk Through

Answer 17

look for logical or security flaws

Question 18

Waterfall Model

Answer 18

step by step life cycle model, can only go back one phase

Question 19

Spiral Model

Answer 19

multiple iterations of a waterfall style process

Question 20

Agile Software Development

Answer 20

iterative software development process

Question 21

Highest Priority in the Agile Manifesto

Answer 21

Satisfy the customer through early and continuous delivery of valuable software

Question 22

SW-CMM

Answer 22

SW Capability Maturity Model - all orgs move through a variety of maturity phases in sequential fashion

Question 23

IDEAL Model

Answer 23

Initiating, Diagnosing, Establishing, Acting, Learning

Question 24

SW-CMM Levels

Answer 24

Initiating, repeatable, Defined, Managed, Optimized

Question 25

White-box Testing

Answer 25

examines the internal logical structures of a program and steps through the code line by line

Question 26

Black-box Testing

Answer 26

examines from a user perspective by providing different inputs

Question 27

Gray-Box Testing

Answer 27

most popular, combines both testing forms

Question 28

Code Repositories

Answer 28

a central storage point for developers to place their source code

Question 29

Hierarchical Database

Answer 29

one to many - think of an org chart

Question 30

Distributed Databased

Answer 30

data in more than one database but all logically connected

Question 31

Relational Databases

Answer 31

flat, two-dimensional tables

Question 32

Fields (Relational Databases)

Answer 32

attributes

Question 33

Tuple (Relational Databases)

Answer 33

record

Question 34

Cardinality (Relational Databases)

Answer 34

number of rows

Question 35

Degree (Relational Databases)

Answer 35

number of columns

Question 36

Domain (Relational Databases)

Answer 36

set of allowable values

Question 37

Candidate Keys

Answer 37

subset of attributes that can be used to uniquely identify any record in a table

Question 38

Primary Keys

Answer 38

selected from the set of candidate keys for a table to be used to uniquely identify the records in a table

Question 39

Foreign Key

Answer 39

enforce relationships between two tables

Question 40

What are the 4 required characteristics of all database transactions?

Answer 40

Atomicity, Consistency, Isolation, Durability

Question 41

Atomicity

Answer 41

all or nothing affair

Question 42

Consistency

Answer 42

transactions must operate in an environment that is consistent with all of the database's rules

Question 43

Isolation

Answer 43

transactions operate separately from each other

Question 44

Durability

Answer 44

transactions are preserved once they are committed to the database

Question 45

Concurrency

Answer 45

edit control - ensures that info in the database is always correct (I&A is protected)

Question 46

DSS

Answer 46

Decision Support System - help desk

Question 47

Virus

Answer 47

spreads from system to system, must have a host and does not self propogate

Question 48

Master Boot Record Viruses

Answer 48

virus that attacks the bootable media

Question 49

File Infector Viruses

Answer 49

.exe and .com extensions

Question 50

Macro Viruses

Answer 50

viruses in VBA

Question 51

Service Injection Viruses

Answer 51

inject themselves into trusted runtime processes of the OS

Question 52

Multiparite Viruses

Answer 52

use more than one propogation technique

Question 53

Stealth Viruses

Answer 53

hide themselves by tampering with the OS

Question 54

Polymorphic Viruses

Answer 54

modify their own code

Question 55

Encrypted Viruses

Answer 55

use cryptographic techniques to avoid detection

Question 56

Worms

Answer 56

propagate themselves without human intervention

Question 57

Lost Update

Answer 57

One transaction writes a value to the database that overwrites a value needed by transactions that have earlier precendence, causing those transactions to read an incorrect value

Question 58

Dirty Read

Answer 58

One transaction reads a value from a database that was written by another transaction that did not commit

Question 59

Incorrect Summaries

Answer 59

One transaction is using an aggregate function while a second is making modifications