Exam 3 Leftovers Flashcards Preview

Cyber > Exam 3 Leftovers > Flashcards

Flashcards in Exam 3 Leftovers Deck (15)
Loading flashcards...
1

5 steps in SDLC?

Initiate
Acquire/ Develop
Implement
Operate/ Maintain
Dispose

2

In which development stage is code actually written?
Initiate
Acquire/ Develop
Implement
Operate/ Maintain
Dispose

Development

3

Which initiative was developed by Homeland Security?
WASC
BSI
OWASP
ISO

BSI(Build Security In)

4

Which of the following development models includes no formal control mechanisms to provide feedback?
Waterfall
V-Shaped
Build and Fix
Spiral

Build and Fix

5

Which language type delivers instructions directly to the processor?
Assembly languages
High-level languages
Machine languages
Natural languages

Machine languages

6

Which term describes how many different tasks a module can carry out?
Polymorphism
Cohesion
Coupling
Data structures

Cohesion

7

Which term describes a standard for communication between processes on the same computer?
COBRA
DCOM
COM
SOA

COM(component Object Model)

8

Which of the following is a Microsoft technology?
ActiveX
Java
SOA
COBRA

ActiveX

9

Which of the following is the dividing line between the trusted parts of the system and those that are untrusted?
Security perimeter
Reference monitor
Trusted Computer Base
Security Kernel

Security Perimeter

10

Which of the following is a system component that enforces access controls on an object?
Security perimeter
Reference monitor
Trusted Computer Base
Security Kernel

Reference monitor

11

Which of the following ensures that the customer(internal or external) is satisfied with the functionality of the software?
Integration testing
Acceptance testing
Regression testing
Accreditation

Acceptance testing

12

In which of the following models is less time spent on the upfront analysis and more emphasis placed on learning from the process feedback and incorporating lessons learned in real time?
Agile
Rapid Application Development
Cleanroom
Modified Waterfall

Agile

13

Which of the following software development risk analysis and mitigation strategy guidelines should security professionals follow?(Choose all that apply)
Integrate risk and mitigation in the SDLC
Use qualitative, quantitative, and hybrid risk analysis approaches based on standardized risk analysis methods
Track and manage weaknesses that are discovered throughout risk assessment, change management, and continuous monitoring
Encapsulate data to make it easier to apply the appropriate policies to objects

A,B,C

14

Which of the following are valid guidelines for providing API security?
Use the same security controls for APIs as any web application on the enterprise
Use hash-based message authentication Code
Use encryption when passing static keys
Implement password encryption instead of single key-based authentication

All of em

15

Which of the following is NOT one of the four phases of acquiring software?
Planning
Contracting
Development
Monitoring an accepting

Development