Question

Which of the following is an example of ways in which the word “assurance” is sometimes used?

A. Actions taken to provide a basis for justified confidence – these actions may constitute how something is done, or the evaluations of something or how it is/was done;

B. Arguments and evidence that reduce uncertainty or provide grounds to justify confidence

C. Degree an individual or organization has of justified confidence in something such as the justifiable confidence that a system exhibits all of its required properties and satisfies all of its other requirements

D. All of the above

In software design, separation can eliminate or reduce the possibilities of certain kinds of violations via implementing the following except___________

A. most common mechanisms

B. Separation of duties

C. Separation of privilege

D. Constrained dependency

After failure, software system should have a well-defined status. Which of the following is a valid status?

A. Rollback

B. Fail forward

C. Compensate

D. all of the above

The term “information assurance” (sometimes referred to as IA) is often used as

A. A catch-all term for all that is done to assure security of information

B. The levels of uncertainty or justifiable confidence one has in that security

C. both a & b

D. neither a nor b

Which of the following is a kind of activities related to tolerance of errors or violation of software system correctness?

A. forecasting violations

B. notification and warning

C. repair of fault or vulnerability

D. All of the above

Common content filtering mechanisms include all but one of the followings. Which one?

A. Recovering to a safe sate

B. Security wrappers

C. Application firewalls

D. eXtensible Markup Language (XML) gateways

The anti-tamper mechanisms most frequently used for protecting software are all but one of the following. Which one?

A. Virtual machines

B. Simulation techniques

C. Hardened operating systems

D. Trusted hardware modules

Deception techniques at the system level can be used to divert potential attackers away from targeting the system and towards targeting a purpose-built decoy. Which of the following is a deception technique?

A. Honeypot

B. Intrusion detection system

C. Firewall

D. Virtual Private Network (VPN)

Which of the followings is not a software testing technique

A. Attack oriented tested

B. User oriented testing

C. Brute force and random testing

D. Fault and vulnerability-oriented testing

Network scanners are examples of ___________

A. Dynamic analysis tools

B. Static analysis tools

C. Compilers

D. None of the above

_________is an example of lightweight secure software process

A. Oracle security process

B. Microsoft secure development life cycle

C. CMMI process

D. OSI Security standard

Which of the following statements is correct?

A. Risk assessment is the process of planning, managing risk, and mitigating risk.

B. Risk management is the process of planning, assessing risk, and mitigating risk,

C. Risk management applies to software development but risk assessment apply to overall organization.

D. None of the above

Answer 1

Question 1:

Which of the following is an example of ways in which the word “assurance” is sometimes used?

Answer:

C. Degree an individual or organization has of justified confidence in something such as the justifiable confidence that a system exhibits all of its required properties and satisfies all of its other requirements.

Question 2:

In software design, separation can eliminate or reduce the possibilities of certain kinds of violations via implementing the following except:

Answer: C. Separation of privilege

Question 3: After failure, software system should have a well-defined status. Which of the following is a valid status?

Answer: A. Rollback

Question 4: The term “information assurance” (sometimes referred to as IA) is often used as:

Answer: C. both a & b

Question 5: Which of the following is a kind of activities related to tolerance of errors or violation of software system correctness?

Answer: D. All of the above

Question 6: Common content filtering mechanisms include all but one of the followings. Which one?

Answer: A. Recovering to a safe sate

Question 7: The anti-tamper mechanisms most frequently used for protecting software are all but one of the following. Which one?

Answer: B. Simulation techniques

Question 8: Deception techniques at the system level can be used to divert potential attackers away from targeting the system and towards targeting a purpose-built decoy. Which of the following is a deception technique?

Answer: A. Honeypot

Question 9: Which of the followings is not a software testing technique:

Answer: C. Brute force and random testing

Question 10: Network scanners are examples of:

Answer: A. Dynamic analysis tools

Question 11: _________is an example of lightweight secure software process.

Answer: C. CMMI process

Question 12: Which of the following statements is correct?

Answer: B. Risk management is the process of planning, assessing risk, and mitigating risk