Download Secure Software Design C706 - Test Prep: Questions and Answers with Verified Solutions and more Exams Software Development in PDF only on Docsity!
Questions and Answers with Verified Solutions|
Secure Software Design C706 - Test Prep
Which statement is true of a software development life cycle? A Workload testing should be performed while designing the functional requirements. B Parallel testing verifies whether more than one system is available for redundancy. C A software programmer should be the only person to develop the software, test it, and submit it to production D Unit testing should be performed by the developer and the quality assurance team. - ✔✔Answer D is correct. Unit testing should be performed by the developer and by the quality assurance team. Unit testing refers to the debugging performed by the programmer while coding instructions. The unit testing should check the validity of the data format, length, and values. After writing the instructions, the developer might run tools to detect errors.
A software programmer should not be the only person to develop the software, test it, and submit it to production. Therefore, distinction of duties ensures checks by using formal procedures adopted by the quality assurance team. After the software program is submitted, it is again verified by the quality assurance team by using formal procedures and practices before sending it to the program library. Parallel testing is the process of feeding test data into two systems, which are the altered system and another alternative system, and comparing the results. The original system can serve as the alternative system. It is important to perform testing by using live workloads to observe the performance and the bottlenecks present in the actual production environment. Parallel testing ensures that the system fulfills the defined business requirements. It does not involve testing for redundancy. Designing the functional requirements is a part of the system design specifications stage and does not involve workload testing. The SDLC includes the following phases: Plan/Initiate Project Gather Requirements Design Develop Test/Validate Release/Maintain Certify/Accredit Change Management and Configuration Management/Replacement
Your organization has a fault-tolerant, clustered database that maintains sales records. Which transactional technique is used in this environment? A OLTP B OLE DB C ODBC D data warehousing - ✔✔Answer A is correct. Online transaction processing (OLTP) is used in this environment. OLTP is a transactional technique used when a fault-tolerant, clustered database exists. OLTP balances transactional requests and distributes them among the different servers based on transaction load. OLTP uses a two-phase commit to ensure that all the databases in the cluster contain the same data. Object Linking and Embedding Database (OLE DB) is a method of linking data from different databases together. Open Database Connectivity (ODBC) is an application programming interface (API) that can be configured to allow any application to query databases.
Data warehousing is a technique whereby data from several databases is combined into a large database for retrieval and analysis. Security requirements are considered a part of software risk analysis during the project initiation phase of the SDLC. The SDLC identifies the relevant threats and vulnerabilities based on the environment in which the product will perform data processing, the sensitivity of the data required, and the countermeasures that should be a part of the product. It is important that the SDLC methodology be adequate to meet the requirements of the business and the users. The SDLC includes the following phases: Plan/Initiate Project Gather Requirements Design Develop Test/Validate Release/Maintain Certify/Accredit Change Management and Configuration Management/Replacement What is the best description of CAPI? A an application programming interface that uses two-factor authentication
Identification of threats and vulnerabilities takes place during the project initiation phase of an application development life cycle. The project initiation phase involves obtaining management approval and the performing an initial risk analysis. Risk analysis identifies the potential threats and vulnerabilities based on the environment in which the product will perform data processing, the sensitivity of the data required, and the mechanisms that should be a part of the product as a countermeasure. Certification and accreditation are the processes implemented during the implementation of the product. Certification is the process of technically evaluating and reviewing a product to ensure that it meets the stated security requirements. Accreditation is a process that involves a formal acceptance of the product and its responsibility by management. Accreditation is the final step in authorizing a system for use in an environment. Defining formal functional baseline is included in the functional design analysis stage and not in the project initiation stage. A formal functional baseline can include security tasks and development, as well as testing plans to ensure that the security requirements are defined properly. Functionality and performance tests are conducted in an environment during software development to assess a product against a set of requirements. In a product development lifecycle, it is important that security be a part of the overall design and be integrated at each stage of product development. The security of an application is most effective and economical when the application is originally designed.
you need to view events on host name registrations. Which log in Event Viewer should you view? A Security B System C DNS D Application - ✔✔Answer C is correct. You should use the DNS log in Event Viewer to view events on host name registrations. You should log DNS entries so that you can watch for unauthorized DNS clients or servers. Without a DNS log, you would be unable to discover how long an entry was being used. None of the other logs will contain this type of information. The Application log contains events logged by applications. The Security log contains events based on the auditing configuration. Only administrators can configure and view auditing. The System log contains events logged by computer system components. Which extensions are used for naming batch files in a Microsoft environment? bat cmd
The .exe file extension indicates an executable file. Executable files are used to start programs and applications. Batch files are very similar to script files in the Unix environment. Scripts and batch files are created to decrease administrator workload. The files contain the commands to perform certain tasks. Common usage of these file types include file manipulation, text and report printing, and program execution. A batch file or script contains all the commands needed to execute and complete the tasks. It reduces administrative effort because the administrator simply starts the batch file, instead of having to execute each of the commands within the batch file separately. Batch files and scripts may contain login credentials. For this reason, they should be stored in a protected area. Lesson Your organization has several diskless computer kiosks that boot via optical media located in the office lobby. Recently, users reported that the diskless computers have been infected with a virus. What should you do to ensure the virus is removed? A Remotely launch an anti-virus program on the diskless computers. B Launch an anti-virus program on the diskless computers via a USB flash drive. C
Reboot the diskless computers. D Reboot the server to which the diskless computers connect. - ✔✔Answer C is correct. To ensure that a virus is removed from a diskless computer, you should simply reboot the computer. The virus will only exist in the computer's memory because the computer does not have a hard drive or full operating system. None of the other options is correct. The easiest way to remove a virus from a diskless computer is to reboot the computer. Recently, an attacker injected malicious code into a Web application on your organization's Web site. Which type of attack did your organization experience? A path traversal B cross-site scripting C buffer overflow D SQL injection - ✔✔Answer B is correct.
The system development phase of the SDLC includes coding and scripting of software applications. The system development stage ensures that the program instr Which type of virus is specifically designed to take advantage of the extension search order of an operating system? A nonresident B boot sector replication C companion D resident - ✔✔Answer C is correct. A companion virus is specifically designed to take advantage of the extension search order of an operating system. In Microsoft Windows, the extension search order is .com, .exe, then .bat. For example, when a user starts a program named calc on a Windows operating system, Windows first looks for a program named calc.com in the current folder. If a virus is named calc.com, and the actual program file is named calc.exe, then the virus will be started instead of the calc.exe program because Windows will stop searching after it finds calc.com. A resident virus is loaded into memory and infects other programs as they in turn are loaded into memory. A nonresident virus is part of an executable program file on a disk and infects other
programs when the infected program file is started. A boot sector replicating virus is written to the boot sector of a hard disk on a computer and is loaded into memory each time a computer is started.
