Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 7. Application Security > Assessment Questions

7.10. Assessment Questions

You can find the answers to the following questions in Appendix A.

  1. What is a data warehouse?

    1. A remote facility used for storing backup tapes

    2. A repository of information from heterogeneous databases

    3. A table in a relational database system

    4. A hot backup building

  2. What does normalizing data in a data warehouse mean?

    1. Redundant data is removed.

    2. Numerical data is divided by a common factor.

    3. Data is converted to a symbolic representation.

    4. Data is restricted to a range of values.

  3. What is a neural network?

    1. A hardware or software system that emulates the reasoning of a human expert

    2. A collection of computers that are focused on medical applications

    3. A series of networked PCs performing artificial intelligence tasks

    4. A hardware or software system that emulates the functioning of biological neurons

  4. A neural network learns by using various algorithms to:

    1. Adjust the weights applied to the data

    2. Fire the rules in the knowledge base

    3. Emulate an inference engine

    4. Emulate the thinking of an expert

  5. The SEI Software Capability Maturity Model is based on the premise that:

    1. Good software development is a function of the number of expert programmers in the organization.

    2. The maturity of an organization's software processes cannot be measured.

    3. The quality of a software product is a direct function of the quality of its associated software development and maintenance processes.

    4. Software development is an art that cannot be measured by conventional means.

  6. In configuration management, a configuration item is:

    1. The version of the operating system that is operating on the workstation that provides information security services

    2. A component whose state is to be recorded and against which changes are to be progressed

    3. The network architecture used by the organization

    4. A series of files that contain sensitive information

  7. In an object-oriented system, polymorphism denotes:

    1. Objects of many different classes that are related by some common superclass; thus, any object denoted by this name can respond to some common set of operations in a different way.

    2. Objects of many different classes that are related by some common superclass; thus, all objects denoted by this name can respond to some common set of operations in identical fashion.

    3. Objects of the same class; thus, any object denoted by this name can respond to some common set of operations in the same way.

    4. Objects of many different classes that are unrelated but respond to some common set of operations in the same way.

  8. The simplistic model of software life cycle development assumes that:

    1. Iteration will be required among the steps in the process.

    2. Each step can be completed and finalized without any effect from the later stages that may require rework.

    3. Each phase is identical to a completed milestone.

    4. Software development requires reworking and repeating some of the phases.

  9. What is a method in an object-oriented system?

    1. The means of communication among objects

    2. A guide to the programming of objects

    3. The code defining the actions that the object performs in response to a message

    4. The situation where a class inherits the behavioral characteristics of more than one parent class

  10. What does the Spiral model depict?

    1. A spiral that incorporates various phases of software development

    2. A spiral that models the behavior of biological neurons

    3. The operation of expert systems

    4. Information security checklists

  11. In the software life cycle, verification:

    1. Evaluates the product in development against real-world requirements

    2. Evaluates the product in development against similar products

    3. Evaluates the product in development against general baselines

    4. Evaluates the product in development against the specification

  12. In the software life cycle, validation:

    1. Refers to the work product satisfying the real-world requirements and concepts

    2. Refers to the work product satisfying derived specifications

    3. Refers to the work product satisfying software maturity levels

    4. Refers to the work product satisfying generally accepted principles

  13. In the modified Waterfall model:

    1. Unlimited backward iteration is permitted.

    2. The model was reinterpreted to have phases end at project milestones.

    3. The model was reinterpreted to have phases begin at project milestones.

    4. Product verification and validation are not included.

  14. Cyclic redundancy checks, structured walk-throughs, and hash totals are examples of what type of application controls?

    1. Preventive security controls

    2. Preventive consistency controls

    3. Detective accuracy controls

    4. Corrective consistency controls

  15. In a system life cycle, information security controls should be:

    1. Designed during the product implementation phase

    2. Implemented prior to validation

    3. Part of the feasibility phase

    4. Specified after the coding phase

  16. The software maintenance phase controls consist of:

    1. Request control, change control, and release control

    2. Request control, configuration control, and change control

    3. Change control, security control, and access control

    4. Request control, release control, and access control

  17. In configuration management, what is a software library?

    1. A set of versions of the component configuration items

    2. A controlled area accessible only to approved users who are restricted to the use of an approved procedure

    3. A repository of backup tapes

    4. A collection of software build lists

  18. What is configuration control?

    1. Identifying and documenting the functional and physical characteristics of each configuration item

    2. Controlling changes to the configuration items and issuing versions of configuration items from the software library

    3. Recording the processing of changes

    4. Controlling the quality of the configuration management procedures

  19. What is searching for data correlations in the data warehouse called?

    1. Data warehousing

    2. Data mining

    3. A data dictionary

    4. Configuration management

  20. The security term that is concerned with the same primary key existing at different classification levels in the same database is:

    1. Polymorphism

    2. Normalization

    3. Inheritance

    4. Polyinstantiation

  21. What is a data dictionary?

    1. A database for system developers

    2. A database of security terms

    3. A library of objects

    4. A validation reference source

  22. Which of the following is an example of mobile code?

    1. Embedded code in control systems

    2. Embedded code in PCs

    3. Java and ActiveX code downloaded into a Web browser from the World Wide Web (WWW)

    4. Code derived following the Spiral model

  23. Which of the following is not true regarding software unit testing?

    1. The test data is part of the specifications.

    2. Correct test output results should be developed and known beforehand.

    3. Live or actual field data is recommended for use in the testing procedures.

    4. Testing should check for out-of-range values and other bounds conditions.

  24. The definition "the science and art of specifying, designing, implementing, and evolving programs, documentation, and operating procedures whereby computers can be made useful to people" is that of:

    1. Structured analysis/structured design (SA/SD)

    2. Software engineering

    3. An object-oriented system

    4. Functional programming

  25. In software engineering, the term verification is defined as:

    1. Establishing the truth of correspondence between a software product and its specification

    2. A complete, validated specification of the required functions, interfaces, and performance for the software product

    3. Establishing the fitness or worth of a software product for its operational mission

    4. A complete, verified specification of the overall hardware-software architecture, control structure, and data structure for the product

  26. The discipline of identifying the components of a continually evolving system for the purposes of controlling changes to those components and maintaining integrity and traceability throughout the life cycle is called:

    1. Change control

    2. Request control

    3. Release control

    4. Configuration management

  27. The basic version of the Construction Cost Model (COCOMO), which proposes quantitative life cycle relationships, performs what function?

    1. It estimates software development effort based on user function categories.

    2. It estimates software development effort and cost as a function of the size of the software product in source instructions.

    3. It estimates software development effort and cost as a function of the size of the software product in source instructions modified by manpower buildup and productivity factors.

    4. It estimates software development effort and cost as a function of the size of the software product in source instructions modified by hardware and input functions.

  28. A refinement to the basic Waterfall model that states that software should be developed in increments of functional capability is called:

    1. Functional refinement

    2. Functional development

    3. Incremental refinement

    4. Incremental development

  29. The Spiral model of the software development process uses which of the following metrics relative to the spiral?

    1. The radial dimension represents the cost of each phase.

    2. The radial dimension represents progress made in completing each cycle.

    3. The angular dimension represents cumulative cost.

    4. The radial dimension represents cumulative cost.

  30. In the Capability Maturity Model (CMM) for software, the definition "describes the range of expected results that can be achieved by following a software process" is that of:

    1. Structured analysis/structured design (SA/SD)

    2. Software process capability

    3. Software process performance

    4. Software process maturity


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free 10-Day Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint