Question

Answer correctly the below 25 multiple questions on Software Development Security. Please I will appreciate the Correct Answer ONLY

1. Which of the following correctly best describes an object-oriented database?

1. When an application queries for data, it receives both the data and the procedure.
2. It is structured similarly to a mesh network for redundancy and fast data retrieval.
3. Subjects must have knowledge of the well-defined access path in order to access data.
4. The relationships between data entities provide the framework for organizing data.

2. Fred has been told he needs to test a component of the new content management application under development to validate its data structure, logic, and boundary conditions. What type of testing should he carry out?

1. Acceptance testing
2. Regression testing
3. Integration testing
4. Unit testing

3. Which of the following is the best description of a component-based system development method?

1. Components periodically revisit previous stages to update and verify design requirements
2. Minimizes the use of arbitrary transfer control statements between components
3. Uses independent and standardized modules that are assembled into serviceable programs
4. Implemented in module-based scenarios requiring rapid adaptations to changing client requirements

4. There are many types of viruses that hackers can use to damage systems. Which of the following is not a correct description of a polymorphic virus?

1. Intercepts antimalware's call to the operating system for file and system information
2. Varies the sequence of its instructions using noise, a mutation engine, or random-number generator
3. Can use different encryption schemes requiring different decryption routines
4. Produces multiple varied copies of itself

5. Which of the following best describes the role of the Java Virtual Machine in the execution of Java applets?

1. Converts the source code into bytecode and blocks the sandbox
2. Converts the bytecode into machine-level code
3. Operates only on specific processors within specific operating systems
4. Develops the applets, which run in a user's browser

6. What type of database software integrity service guarantees that tuples are uniquely identified by primary key values?

1. Concurrent integrity
2. Referential integrity
3. Entity integrity
4. Semantic integrity

7. In computer programming, cohesion and coupling are used to describe modules of code. Which of the following is a favorable combination of cohesion and coupling?

1. Low cohesion, low coupling
2. High cohesion, high coupling
3. Low cohesion, high coupling
4. High cohesion, low coupling

8. Which of the following statements does not correctly describe SOAP and Remote Procedure Calls?

1. SOAP was designed to overcome the compatibility and security issues associated with Remote Procedure Calls.
2. Both SOAP and Remote Procedure Calls were created to enable application-layer communication.
3. SOAP enables the use of Remote Procedure Calls for information exchange between applications over the Internet.
4. HTTP was not designed to work with Remote Procedure Calls, but SOAP was designed to work with HTTP.

9. Which of the following is a correct description of the pros and cons associated with third-generation programming languages?

1. The use of heuristics reduced programming effort, but the amount of manual coding for a specific task is usually more than the preceding generation.
2. The use of syntax similar to human language reduced development time, but the language is resource intensive.
3. The use of binary was extremely time consuming but resulted in fewer errors.
4. The use of symbols reduced programming time, but the language required knowledge of machine architecture.

10. It can be very challenging for programmers to know what types of security should be built into the software that they create. The amount of vulnerabilities, threats, and risks involved with software development can seem endless. Which of the following describes the best first step for developers to take to identify the security controls that should be coded into a software project?

1. Penetration testing
2. Regression testing
3. Threat modeling
4. Attack surface analysis

11. Mary is creating malicious code that will steal a user's cookies by modifying the original client-side Java script. What type of cross-site scripting vulnerability is she exploiting?

1. Second order
2. DOM-based
3. Persistent
4. Nonpersistent

12. Of the following steps that describe the development of a botnet, which best describes the step that comes first?

1. Infected server sends attack commands to the botnet.
2. Spammer pays a hacker for use of a botnet.
3. Controller server instructs infected systems to send spam to mail servers.
4. Malicious code is sent out that has bot software as its payload.

13. Which of the following antimalware detection methods is the most recent to the industry and monitors suspicious code as it executes within the operating system?

1. Behavior blocking
2. Fingerprint detection
3. Signature-based detection
4. Heuristic detection

14. Which of the following describes object-oriented programming deferred commitment?

1. Autonomous objects, which cooperate through exchanges of messages
2. The internal components of an object can be refined without changing other parts of the system
3. Object-oriented analysis, design, and modeling maps to business needs and solutions
4. Other programs using same objects

15. __________________ provides a machine-readable description of the specific operations provided by a specific web service. ________________ provides a method for web services to be registered by service providers and located by service consumers.

1. Web Services Description Language; Universal Description, Discovery and Integration
2. Universal Description, Discovery and Integration; Web Services Description Language
3. Web Services Description Language; Simple Object Access Protocol
4. Simple Object Access Protocol; Universal Description, Discovery and Integration

16. Sally has found out that software programmers in her company are making changes to software components and uploading them to the main software repository without following version control or documenting their changes. This is causing a lot of confusion and has caused several teams to use the older versions. Which of the following would be the best solution for this situation?

1. Software change control management
2. Software escrow
3. Software configuration management
4. Software configuration management escrow

17. The approach of employing an integrated product team (IPT) for software development is designed to achieve which of the following objectives?

1. Developing and testing software with fewer security flaws
2. Developing and testing software with fewer defective features
3. Developing and testing software that will be most profitable
4. Developing and testing software best suited to the deployment environment

18. Which are the best reasons why a code versioning system (CVS) is an important part of a development infrastructure?

1. It can ensure that code modifications are made according to corporate policies.
2. It will document who made which changes to ensure accountability.
3. It will reduce the cost of the development infrastructure.
4. It can provide control over unauthorized access to proprietary code.

1. i, ii, iv
2. iii
3. iii, iv
4. All of the above

19. What is generally the safest, most secure way to acquire software?

1. From a reputable vendor of proprietary software, once tested in the deployment environment
2. Downloading very popular open-source software that has been inspected for bugs by a large and active community
3. Downloading either proprietary or open-source software, but fuzzing it in a lab environment prior to deployment
4. Downloading open-source software and deploying it only after the code base has been verified by cryptographic checksum

20. Cross-site scripting (XSS) is an application security vulnerability usually found in web applications. What type of XSS vulnerability occurs when a victim is tricked into opening a URL programmed with a rogue script to steal sensitive information?

1. Persistent XSS vulnerability
2. Nonpersistent XSS vulnerability
3. Second-order vulnerability
4. DOM-based vulnerability

21. Widgets, Inc.'s software development processes are documented, and the organization is capable of producing its own standard of software processes. Which of the following Capability Maturity Model Integration levels best describes Widgets, Inc.?

1. Initial
2. Repeatable
3. Defined
4. Managed

Answer 1

1. The answer is: When an application queries for data, it receives both the data and the procedure

2. The answer is: Integration testing

3. The answer is: Uses independent and standardized modules that are assembled into serviceable programs

4. The answer is: Intercepts anti-malware's call to the operating system for file and system information

5. The answer is: Converts the byte code into machine-level code

6. The answer is: Entity integrity

7. The answer is: High cohesion, high coupling

8. The answer is: SOAP enables the use of Remote Procedure Calls for information exchange between applications over the Internet

9. The answer is: The use of syntax similar to human language reduced development time, but the language is resource intensive

10. The answer is: Threat modeling

11. The answer is: DOM-based

12. The answer is: Malicious code is sent out that has bot software as its payload

13. The answer is: Behavior blocking

14. The answer is: The internal components of an object can be refined without changing other parts of the system

15. The answer is: Web Services Description Language; Universal Description, Discovery and Integration

16. The answer is: Software configuration management

17. The answer is: Developing and testing software best suited to the deployment environment

18. The answers are:

• It can ensure that code modifications are made according to corporate policies.
• It will document who made which changes to ensure accountability.
• It can provide control over unauthorized access to proprietary code.

19. The answer is: Downloading either proprietary or open-source software, but fuzzing it in a lab environment prior to deployment

20. The answer is: Non-persistent XSS vulnerability

21. The answer is: Defined