Domain 8 Test Notes

Question 1

Scripted Transactions with known expected results. May be a part of DAST(Dynamic Application Security Testing)

Answer 1

Synthetic Transactions

Question 2

Improving computer algorithms (rules and guidelines) by experience.

Answer 2

Machine Learning

Question 3

Gives machines the ability to do things that a human can do better or allow a machine to perform tasks we previously thought required human intelligence

Answer 3

Artificial Intelligence

Question 4

A collection or ledger of records, transactions, operations, or other events that are verified using hashing, timestamps, and transaction data

Answer 4

Blockchain

Question 5

Is when every foreign key in a secondary table matches a primary key in the parent table. It is broken if not all foreign keys match the primary key

Answer 5

Referential Integrity

Question 6

Each attribute value is consistent with the attribute data type

Answer 6

Semantic Integrity

Question 7

Each row (tuple) has a unique primary value that is not null

Answer 7

Entity Integrity

Question 8

is a relational database model that refers to four key properties that ensure reliable processing of database transactions. These properties together ensure data integrity and reliability in database systems.

Answer 8

ACID Model

Question 9

All or nothing, if any part of the transaction fails, the entire transaction fails

Answer 9

Atomicity

Question 10

The database must be consistent with the rules before and after the transaction

Answer 10

Consistency

Question 11

A transaction must be completed before another transaction can modify the same data

Answer 11

Isolation

Question 12

Once transactions are committed to the database, they must be preserved

Answer 12

Durability

Question 13

A framework designed to scale agile practices across an entire enterprise efficiently and effectively. Adds the necessary layers to make Agile work in a large enterprise level context

Answer 13

Scaled Agile Framework (SAFe)

Question 14

Emphasis on delivering value through respect for people, culture, flow optimization, innovation, and relentless improvement.

Answer 14

Lean Agile Principle (SAFe Principle)

Question 15

Customer centric approach, releasing a continuous flow of valuable products and services

Answer 15

Agile Product Delivery (SAFe Principle)

Question 16

Focus on building and sustaining large applications, networks, and systems needed for a large enterprise to function

Answer 16

Enterprise Solution Delivery (SAFe Principle)

Question 17

Leaders’ understand and commitment to implementing Lean and Agile principles

Answer 17

Lean Leadership (SAFe Principle)

Question 18

A prepared SQL statement that allows user input to be passed into the statement as carefully defined variables that do not allow the insertion of code. Can protect applications against injection attacks.

Answer 18

Parameterized Queries

Question 19

A software solution that uses AI to automatically respond to some security incidents.

Answer 19

Security Orchestration, Automation, Response (SOAR)

Question 20

Documents and checklist that define the process for verifying and responding to a specific type of security incident

Answer 20

Playbook

Question 21

the implementation of a playbook’s data and processes into an automated tool within the SOAR platform.

Answer 21

Runbook

Question 22

Sophisticated attacks are likely affiliated with government agencies. Often have access to zero day exploits that are not known to software vendors.

Answer 22

Advanced Persistent Threat (APT)

Question 23

Provides a framework of process descriptions for describing the life cycle of systems created by humans. It defines a set of processes and associated terminology from an engineering viewpoint.

Answer 23

ISO/IEC/IEEE 15288

Question 24

provides a catalogue of architectural and design principles that can be used in the development of secure products, systems and applications together with guidance on how to use those principles effectively.

Answer 24

ISO/IEC 19249

Question 25

Framework for managing software development. Designed for teams with approximately 10 individuals. Generally relies on 2 week development cycle (sprints) and short daily meetings

Answer 25

Scrum

Question 26

Representing the product's stakeholders, the voice of the customer, and is accountable for ensuring that the team delivers value to the business.

Answer 26

Product Owner (Scrum Role)

Question 27

Responsible for delivering the product at the end of each sprint.

Answer 27

Development Team (Scrum Role)

Question 28

Facilitates and accountable for removing impediments to the ability of the team to deliver the product goals and deliverables. Ensure the scrum framework is followed

Answer 28

Scrum Master (Scrum Role)

Question 29

a technique that is used to increase the difficulty of performing a buffer overflow attack that requires the attacker to know the location of an executable in memory.

Answer 29

Address space layout randomization (ASLR)

Question 30

cooperation between development, operations, and Quality Assurance. Aligned with Agile, code is deployed rapidly, multiple times a day.

Answer 30

DevOps

Question 31

Code is publicly released. Can be tested, improved and corrected. Allows attackers to find flaws.

Answer 31

Open Source

Question 32

Software is released, but source code is kept a secret.

Answer 32

Closed Source

Question 33

Software is protected by intellectual property and/or patents.

Answer 33

Proprietary Software

Question 34

A security approach where only a specifically allowed items are permitted and everything else is blocked.

Answer 34

Positive Listing Strategy aka Whitelisting

Question 35

Evaluates source code or compiled code for security vulnerabilities. It doesn't run the application. Usually involves the use of automate tools design to detect common software flaws such as buffer overflow

Answer 35

Static Application Security Testing (SAST)

Question 36

Evaluates the security of software by running it in a runtime environment. Source code is not required.

Answer 36

Dynamic Application Security Testing (DAST)

Question 37

Performs real time analysis of runtime behavior, application performance, HTTP/HTTPS traffic, frameworks, components, and backend connections.

Answer 37

Interactive Application Security Testing (IAST)

Question 38

A tool that runs on a server and intercepts calls to and from an application and validates data requests.

Answer 38

Runtime Application Self Protection (RASP)

Question 39

Dynamic testing technique that provides many different types of input to test the limits by providing invalid input to the software.

Answer 39

Fuzzing

Question 40

takes previous input values and alters the characters of content, append strings, or performs other data manipulation techniques.

Answer 40

Mutation (Dumb) Fuzzing

Question 41

develops data models and creates input from scratch based on known structures and formats.

Answer 41

Generational (Intelligent) Fuzzing

Question 42

Assesses the performance of modules against the interface specifications to ensure that they will work together properly. Includes APIs, UI, and physical.

Answer 42

Interface Testing

Question 43

Identifies and analyzes the open source and 3rd party components used in a software application for known vulnerabilities and licensing issues.

Answer 43

Sofware Composition Analysis (SCA)

Question 44

Estimate the degree of testing conducted against the new software. Formula: Number of use cases tested/total number of use cases

Answer 44

Test Coverage Analysis

Question 45

Branch: if statements Condition: logical test Function: Function test Loop: loop test Statement: Every line in code

Answer 45

Common Test Criteria

Question 46

placeholders in SQL statements that allow you to substitute values at runtime. Used to pass data into or retrieve data from a database enhancing security performance and portability

Answer 46

Bind Variables

Question 47

Used to clean up the data in a database table to make it logically concise, organized, and consistent. Removes redundant data and improves the integrity and availability of the database.

Answer 47

Data Normalization