Term
|
Definition
|
|
Term
|
Definition
|
|
Term
| Which are the most common exploit used to hack into a system? |
|
Definition
|
|
Term
| The spiral model is characterized by iterative development, where requirements and solutions evolve through an ongoing collaboration between self-organizing, cross-functional teams. |
|
Definition
|
|
Term
| What is used to compare program responses to known inputs and comparison of the output to desired output? |
|
Definition
|
|
Term
| The Terms RC4 and 3DES refer to |
|
Definition
| Encryption algorithms used to encrypt data |
|
|
Term
| Inlining is using an embedded control from another site, with or without the other site's permission. |
|
Definition
|
|
Term
| In the secure development lifecycle, employing use cases to compare program responses to known inputs, and then comparing the outputs to the desired outputs should take place in which phase? |
|
Definition
|
|
Term
| Lease privilege refers to removing all controls from a system. |
|
Definition
|
|
Term
| Which of the following in a browser guarantees perfect security? |
|
Definition
| There is no guarantee of perfect security. |
|
|
Term
| Errors found after development is complete are expensive. |
|
Definition
|
|
Term
| Fuzzing is a powerful tool used in testing code. |
|
Definition
|
|
Term
| Unvalidated input that changes the code functioning in an unintended way is which type of coding error? |
|
Definition
|
|
Term
| With the RSA and Diffie-Hellman handshakes |
|
Definition
| Parameters are agreed upon and certificates and keys are exchanged. |
|
|
Term
| FTP encrypts traffic by default. |
|
Definition
|
|
Term
| Generating true random numbers is a fairly trivial task. |
|
Definition
|
|
Term
| What is the waterfall model characterized by? |
|
Definition
| c. A linear, multistep process |
|
|
Term
| Authenticode is used to encrypt program code so that it is more difficult for hackers to reverse engineer it. |
|
Definition
|
|
Term
| Which of the following do not enhance the security of the browser? |
|
Definition
|
|
Term
| Scoring the efforts to reduce the effects of threats occurs in which step of threat modeling? |
|
Definition
| Step 9-Determine and score mitigation |
|
|
Term
| Which is a 100% secure method to download applications from the Internet? |
|
Definition
|
|
Term
| CVE provides security personnel with a common language to use when discussing vulnerabilities. |
|
Definition
|
|
Term
| Using SSL protects your data from interception by devices such as key loggers. |
|
Definition
|
|
Term
|
Definition
|
|
Term
| When the function of code is changed in an unintended way, it is an example of code injection. |
|
Definition
|
|
Term
| Which is related to a code injection error? |
|
Definition
|
|
Term
| One way a user can feel confident that the code they are downloading is from a legitimate vendor and has not been modified is with the implementation of |
|
Definition
|
|
Term
|
Definition
| a. A collection of APIs, protocols, and programs developed by Microsoft to automatically download and execute code over the Internet |
|
|
Term
| The Open Vulnerability and Assessment Language (OVAL) ___________. |
|
Definition
| Is an XML framework for describing vulnerabilities |
|
|
Term
| Creating a graphical representation of the required elements for an attack vector occurs in which step of Threat Modeling? |
|
Definition
| Step 8-Create threat trees |
|
|
Term
| What is the one item that could labeled as the "most wanted" item in coding security? |
|
Definition
|
|
Term
| Common Gateway Interface (CGI) security issues include |
|
Definition
| a. Poorly configured CGIs can crash when users input unexpected data. |
|
|
Term
| In the secure development lifecycle, in which phase should minimizing the attack surface area take place? |
|
Definition
|
|
Term
| The specific security needs of a program being developed should be defined in the design phase of the secure development lifecycle. |
|
Definition
|
|
