In: Computer Science
Which of the following is an example of ways in which the word “assurance” is sometimes used?
A. Actions taken to provide a basis for justified confidence – these actions may constitute how something is done, or the evaluations of something or how it is/was done;
B. Arguments and evidence that reduce uncertainty or provide grounds to justify confidence
C. Degree an individual or organization has of justified confidence in something such as the justifiable confidence that a system exhibits all of its required properties and satisfies all of its other requirements
D. All of the above
In software design, separation can eliminate or reduce the possibilities of certain kinds of violations via implementing the following except___________
A. most common mechanisms
B. Separation of duties
C. Separation of privilege
D. Constrained dependency
After failure, software system should have a well-defined status. Which of the following is a valid status?
A. Rollback
B. Fail forward
C. Compensate
D. all of the above
The term “information assurance” (sometimes referred to as IA) is often used as
A. A catch-all term for all that is done to assure security of information
B. The levels of uncertainty or justifiable confidence one has in that security
C. both a & b
D. neither a nor b
Which of the following is a kind of activities related to tolerance of errors or violation of software system correctness?
A. forecasting violations
B. notification and warning
C. repair of fault or vulnerability
D. All of the above
Common content filtering mechanisms include all but one of the followings. Which one?
A. Recovering to a safe sate
B. Security wrappers
C. Application firewalls
D. eXtensible Markup Language (XML) gateways
The anti-tamper mechanisms most frequently used for protecting software are all but one of the following. Which one?
A. Virtual machines
B. Simulation techniques
C. Hardened operating systems
D. Trusted hardware modules
Deception techniques at the system level can be used to divert potential attackers away from targeting the system and towards targeting a purpose-built decoy. Which of the following is a deception technique?
A. Honeypot
B. Intrusion detection system
C. Firewall
D. Virtual Private Network (VPN)
Which of the followings is not a software testing technique
A. Attack oriented tested
B. User oriented testing
C. Brute force and random testing
D. Fault and vulnerability-oriented testing
Network scanners are examples of ___________
A. Dynamic analysis tools
B. Static analysis tools
C. Compilers
D. None of the above
_________is an example of lightweight secure software process
A. Oracle security process
B. Microsoft secure development life cycle
C. CMMI process
D. OSI Security standard
Which of the following statements is correct?
A. Risk assessment is the process of planning, managing risk, and mitigating risk.
B. Risk management is the process of planning, assessing risk, and mitigating risk,
C. Risk management applies to software development but risk assessment apply to overall organization.
D. None of the above
Question 1:
Which of the following is an example of ways in which the word “assurance” is sometimes used?
Answer:
C. Degree an individual or organization has of justified confidence in something such as the justifiable confidence that a system exhibits all of its required properties and satisfies all of its other requirements.
Question 2:
In software design, separation can eliminate or reduce the possibilities of certain kinds of violations via implementing the following except:
Answer: C. Separation of privilege
Question 3: After failure, software system should have a well-defined status. Which of the following is a valid status?
Answer: A. Rollback
Question 4: The term “information assurance” (sometimes referred to as IA) is often used as:
Answer: C. both a & b
Question 5: Which of the following is a kind of activities related to tolerance of errors or violation of software system correctness?
Answer: D. All of the above
Question 6: Common content filtering mechanisms include all but one of the followings. Which one?
Answer: A. Recovering to a safe sate
Question 7: The anti-tamper mechanisms most frequently used for protecting software are all but one of the following. Which one?
Answer: B. Simulation techniques
Question 8: Deception techniques at the system level can be used to divert potential attackers away from targeting the system and towards targeting a purpose-built decoy. Which of the following is a deception technique?
Answer: A. Honeypot
Question 9: Which of the followings is not a software testing technique:
Answer: C. Brute force and random testing
Question 10: Network scanners are examples of:
Answer: A. Dynamic analysis tools
Question 11: _________is an example of lightweight secure software process.
Answer: C. CMMI process
Question 12: Which of the following statements is correct?
Answer: B. Risk management is the process of planning, assessing risk, and mitigating risk