Term
| How is software security addressed effectively? |
|
Definition
|
|
Term
| What does secure software development require? |
|
Definition
| The applications themselves to be secure rather than relying on a secure transfer method |
|
|
Term
| What is often the largest factor negatively impacting security? |
|
Definition
|
|
Term
| What does the Physical portion of secure development state? |
|
Definition
| Access should be limited to project and development personnel only |
|
|
Term
| What is the first rule of testing? |
|
Definition
| Never test on a production system |
|
|
Term
| What is the difference between the SLC and the SDLC? |
|
Definition
| The Software Life Cycle includes post development operation and maintenance phases as well |
|
|
Term
| What is the Software Development Method that is characterized by each phase containing a list of activities that must be completed before the next phase begins? |
|
Definition
|
|
Term
| What type of Software Development Method is akin to a Project Plan? |
|
Definition
|
|
Term
| What is the Software Development Method that is characterized by each phase requiring a risk assessment review? |
|
Definition
|
|
Term
| What is the Software Development Method that is characterized by ensuring there are no defects and making sure code is written correctly the first time? |
|
Definition
|
|
Term
| What is the Software Development Method that is characterized by requiring that processes be defined, development to be modular, and each phase to be subject to reviews and approvals? |
|
Definition
| Structured Programming Development |
|
|
Term
| What is the Software Development Method that is characterized by successive refinements of requirements, designing, and coding |
|
Definition
|
|
Term
| What is the Software Development Method that is characterized by having the people who do the job heavily involved in the designing of the solution? |
|
Definition
| Joint Analysis Development |
|
|
Term
| What is the Software Development Method that is characterized by building a simplified version, gathering feedback, and then building a final product? |
|
Definition
|
|
Term
| What is the Software Development Method that is characterized by strict time limits on each phase? |
|
Definition
| Rapid Application Development |
|
|
Term
| What is the Software Development Method that is characterized by development with short development iterations to reduce risk? |
|
Definition
|
|
Term
| What is the Software Development Method that is characterized by large, complex projects that involve multiple software components and many people. |
|
Definition
| Computer Aided Software Engineering |
|
|
Term
| What is the Software Development Method that is characterized by using standardized, building-block components that can be used to assemble an application? |
|
Definition
|
|
Term
| What is the Software Development Method that is characterized by using existing components? |
|
Definition
|
|
Term
| A ____________ is a program that translates an assembly-language program into machine language. |
|
Definition
|
|
Term
| A __________ translates high level language into machine language |
|
Definition
|
|
Term
| A ____________ translates code statement by statement rather than all at once. |
|
Definition
|
|
Term
| _____________ are used to interface a program with the system. |
|
Definition
|
|
Term
| In Object Oriented Programming, a ________ is a template for object |
|
Definition
|
|
Term
| In Object Oriented Programming, a ________ is an instance of a class |
|
Definition
|
|
Term
| In Object Oriented Programming, a ________ is a request from an object |
|
Definition
|
|
Term
| In Object Oriented Programming, ________ refers to programs deriving its data and functionality from the calling object |
|
Definition
|
|
Term
| In Object Oriented Programming, ________ refers to different objects responding to the same command in different ways. |
|
Definition
|
|
Term
| In Object Oriented Programming, ________ refers to creating a new version of an object by changing its attributes. |
|
Definition
|
|
Term
| _________________ entails programs located on different computers cooperating in the same application. |
|
Definition
|
|
Term
| What does SOAP stand for? |
|
Definition
| Simple Object Access Protocol |
|
|
Term
| A ______________ is a weakness of both poor coding and programming language vulnerabilities |
|
Definition
|
|
Term
| A ___________ is inserting a series of statements into a "query" by manipulating data input into an application |
|
Definition
|
|
Term
| __________ flaws occur whenever an application takes user-supplied data and sends it to a web browser without first validating that content. |
|
Definition
|
|
Term
| A __________ is an error in software code that points to an object that has been deleted |
|
Definition
|
|
Term
| A _____________ is a contact between a caller and a call-ee. |
|
Definition
| Application Programming Interface (API) |
|
|
Term
| A _________ is when two or more processes using the same resource falsely depend on the state of that resource remaining constant. |
|
Definition
|
|
Term
| _____________ is a means of surreptitiously transferring information from a higher classification to a lower classification. |
|
Definition
|
|
Term
| ____________ communicate by modifying a stored object. |
|
Definition
|
|
Term
| ________________ transmit information by affecting the relative timing of events. |
|
Definition
|
|
Term
| A _______ is a mechanism embedded into a program that allows the normal security access procedures to be bypassed |
|
Definition
|
|
Term
| A ___________ is a hidden software or hardware mechanism intentionally placed in a system by a vendor that can be triggered to circumvent system protection mechanisms. |
|
Definition
|
|
Term
| ______________ occurs when system resources are consumed by illegitimate processes so that legitimate processes cannot run. |
|
Definition
|
|
Term
| ____________ are large groups of computers that can be activated to do the bidding of the person controlling them. |
|
Definition
|
|
Term
| ___________ allow an attacker to gain administrator access to a compromised machine |
|
Definition
|
|
Term
| A ___________ is defined by its ability to reproduce and spread, but generally requires actions by users. |
|
Definition
|
|
Term
| A __________ is similar to a virus, but does not generally require user action to spread. |
|
Definition
|
|
Term
| A _____________ infects the master boot record, system boot record, or other boot record. |
|
Definition
|
|
Term
| A ___________ is a virus that can infect multiple types of objects. |
|
Definition
|
|
Term
| ___________ are usually stand alone files that can be executed by an interpreter. |
|
Definition
|
|
Term
| A ____________ is a malicious piece of code that poses as a positive/desirable utility |
|
Definition
|
|
Term
| A ___________ waits for a condition or time to release its negative payload. |
|
Definition
|
|
Term
| A _____________ intentionally corrupts data, generally by small increments over time. |
|
Definition
|
|
Term
| What is the best defense against malware of all kinds? |
|
Definition
| Effective and workable policies |
|
|
Term
| ____________ store records in a single table, have parent/child relationships, are limited to a single tree, and make it difficult to link branches. |
|
Definition
| Hierarchical Database Management Systems |
|
|
Term
| What is the most frequently used DBMS? |
|
Definition
|
|
Term
| Where is data stored in a relational databse? |
|
Definition
|
|
Term
| In a Relational Database, a ___________ uniquely identifies each row and assists with indexing the table. |
|
Definition
|
|
Term
| In a Relational Database, a ___________ is a primary key value in a table in which it is not the primary key. |
|
Definition
|
|
Term
| ___________ is the searching of the data in a data warehouse to extract valuable information from the data in the warehouse. |
|
Definition
|
|
Term
| In relation to the ACID test, what does Atomicity mean? |
|
Definition
| All changes take effect or none do |
|
|
Term
| In relation to the ACID test, what does Consistency mean? |
|
Definition
| When the database is translated from one valid state to another, it remains compliant with the rules of the database |
|
|
Term
| In relation to the ACID test, what is isolation? |
|
Definition
| The reults of the transaction are invisible to other transactions until the transaction is complete. |
|
|
Term
| In relation to the ACID test, what is durability? |
|
Definition
| Ensures completed transactions can survive future systems and media failures. |
|
|
Term
| What does ACID in an ACID test stand for? |
|
Definition
| Atomicity, Consistency, Isolation, and Durabilty |
|
|
Term
| Which database language is the ANSI standard? |
|
Definition
|
|
Term
|
Definition
| Structured Query Language |
|
|
Term
| In separation of duties, sensitive transactions must be designed to require a minimum of _____________. |
|
Definition
|
|
Term
| What is the easiest effective control against a SQL injection? |
|
Definition
|
|
Term
| Why is it important to build security into an application rather than adding it later? |
|
Definition
| To provide more layers of security and make it harder to circumvent |
|
|
Term
| What three things must cryptographic data protection controls include? |
|
Definition
| Key creation, storage, and management |
|
|
Term
| A ___________ lists agreed-upon objectives and deliverables, which helps prevent scope creep. |
|
Definition
|
|
Term
| A database that uses pre-defined groupings of data that can only be accessed based upon a user's authorization level, uses which which database access control? |
|
Definition
|
|
Term
| A ____________ describes an attack where the perpetrator uses information gained through authorized activity to reach conclusions about restricted data. |
|
Definition
|
|
