Download QUESTION DRILL APPLICATIONS DEVELOPMENT 020504

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
Document related concepts

Unix security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Computer security wikipedia , lookup

Mobile security wikipedia , lookup

Transcript 
QUESTION DRILL APPLICATIONS DEVELOPMENT 020504 - Answers
1. When security is increased, what is typically decreased?
B: When security is increased, user functionality is usually decreased.
2. Which of the following occurrences does not demonstrate foresight and
planning on the part of a programmer when a software product encounters a
security error?
D: Rebooting into any available state could result in booting into a privileged
state which is not the proper outcome when software encounters a security
error.
3. Database access is usually indirect access that provides for all but which of the
following?
C: Availability is not ensured with indirect access.
4. Which of the following is required in every row of a table in order to maintain
uniqueness?
C: A primary key is required in every row of a table in order to maintain
uniqueness.
5. An attribute in one table that also serves as the primary key in another table is
known as?
D: A foreign key is an attribute in one table that also serves as the primary key
in another table.
6. What holds the data that defines or describes the database?
A: A schema holds the data that defines or describes the database.
7. Why does most software have security disabled by default?
A: Most software has security disabled by default for ease of installation.
8. What is a collection of related items of the same type?
A: A file is a collection of related items or records of the same type.
9. A tuple is what?
B: A tuple is a row stored in a database.
10. What is an attribute?
C: An attribute is a column in a database.
11. What database model provides for many-to-many relationships?
D: A distributed data model offers many-to-many relationships.
12. An indication that integrity of the database has been violated is when which
following includes a null value?
A: If the primary key contains a null value then integrity has been violated.
13. In a relational database, the number of rows is referred to as?
B: The number of rows in a relational database is known as the cardinality.
14. Failing to properly address which of the following in the design and
programming phases of software development can result in buffer overflows?
A: Failing to limit or restrict the data input block size can result in buffer
overflows.
15. When a program or operating system experiences a failure state, what should it
do?
B: After a failure state, the program or system should revert to a secure state.
16. Which of the following is not true about out of the box security?
A: Security and functionality are usually inversely proportional, the greater the
security the less functionality a system offers.
17. What element of new robust software is considered a security failure or
downfall?
B: A wide range of features or functionality is considered a security failure or
downfall. The more capabilities a system has, the greater the range of its
vulnerabilities and risks.
18. What is the primary reason why so much software is unable to handle failures
or errors in a secure fashion?
C: The primary reason software is unable to handle failures is a secure fashion
is that circumstances of use are difficult to predict and plan for.
19. Since all circumstances of use are difficult to predict and plan for,
programmers should?
D: Since all circumstances of use are difficult to predict and plan for,
programmers should design into their software a general method for handling
unexpected failures.
20. A reliable and controlled software development, design, and coding process is
necessary to ensure?
B: A reliable and controlled software development, design, and coding process
is necessary to ensure security.
21. Buffer overflows are caused by a programmer failing to compensate for all but
which of the following?
C: Buffer overflows are not caused by differences in languages.
22. Failing to compensate for invalid or extensive values of data types, formats, or
lengths in input to programs can cause?
D: Failing to compensate for invalid or extensive values of data types, formats,
or lengths in input to programs can cause a buffer overflow.
23. Environmental controls and hardware devices cannot prevent problems created
by?
A: Environmental controls and hardware devices cannot prevent problems
created by bad program coding.
24. Which of the following is not one of the standard phases in a the system life
cycle?
A: Penetration testing is not one of the phases in the system life cycle.
25. Which of the following is not one of the standard phases in a the system life
cycle?
B: Risk assessment is not one of the phases in the system life cycle.
26. Which of the following is a means by which to incorporate improvements in
the software/system development process?
C: The waterfall model is a means by which to incorporate improvements in
the software/system development process.
27. If a system encounters a failure and it is prevented from rebooting, this will
help avoid what?
B: If a system encounters a failure and it is prevented from rebooting, this will
help avoid IPL vulnerabilities.
28. _____________ is most effective if it is planned and managed throughout the
lifecycle of a system or application.
C: Security is most effective if it is planned and managed throughout the
lifecycle of a system or application.
29. _________________ keeps the development project on target and moving
toward the goal of a completed product.
D: Project management keeps the development project on target and moving
toward the goal of a completed product.
30. If a system should fail for any reason, it should always perform a
______________.
A: If a system should fail for any reason, it should always perform a fail safe
operation.
31. When testing a newly developed software, system, or solution, all but which of
the following should be true?
D: Testing should never use real or live data. Testing using real data can result
in disclosure or alteration of sensitive information.
32. Which of the following is not one of the elements of the software maintenance
phase and change control process?
A: Risk control is not one of the elements of the software maintenance phase
and change control process.
33. In what level of the software capability maturity model are security
requirements institutionalized?
B: Security requirements are institutionalized in the repeatable level of the
software capability maturity model.
34. The waterfall models allows for what?
D: The waterfall model of the life cycle development process allows for
modifications only to the immediately previous stage of the life cycle process.
35. Which of the following life cycle phase models allows for all phased of the life
cycle process to be repeated?
A: The spiral model allows the phases of the life cycle process to be repeated
as necessary.
36. Which life cycle model provides mechanisms for back verification and
validation against defined baselines?
B: The modified waterfall model provides mechanisms for back verification
and validation against defined baselines.
37. According to the Information security and life cycle model, security
implemented early in the life cycle process results in all but which of the
following?
C: The Information security life cycle model does not indicate whether
introducing security early in the life cycle process results in greater granularity.
38. The ability for one object to be removed from a system and replaced with
another object is known as?
C: The ability for one object to be removed from a system and replaced with
another object is known as the substitution property.
39. The communications sent to an object in order to instruct it to perform some
operation is known as?
D: The communications sent to an object in order to instruct it to perform some
operation is known as a message.
40. The code that defines the actions that an object performs in response to an
instruction is known as?
A: The code that defines the actions that an object performs in response to an
instruction is known as a method.
41. The forwarding of an instruction from one object to another is known as?
C: The forwarding of an instruction from one object to another is known as
delegation.
42. Objects in an object oriented programming environment that are created on the
fly by software as it executes are known as?
A: Objects in an object oriented programming environment that are created on
the fly by software as it executes are known as dynamic lifetime objects.
43. The characteristic of objects in an object oriented programming environment of
encapsulation means what?
B: Encapsulation means that objects are self-contained.
44. What programming language can be used directly by computers?
C: A computer can only use machine language directly.
45. Which of the following is most susceptible to insertion of malicious code?
D: CGI scripts, being interpreted, are most susceptible to insertion of malicious
code.
46. Which of the following is true regarding ActiveX?
C: ActiveX is platform dependent (Windows only) and language independent.
47. Which of the following is true regarding Java?
D: Java is platform independent and language dependent.
48. The primary security flaw of ActiveX is?
A: The primary security flaw of ActiveX is that it stores controls to the hard
drive.
49. Which of the following is not true about Java?
B: Java is not stored to the hard drive, ActiveX is stored to the hard drive.
50. What type of computer system exhibits the same reasoning capabilities as that
of a human?
A: An expert system is a computer system that exhibits the same reasoning
capabilities as that of a human.
51. What type of computer system mimics the functioning of biological neurons?
B: A neural network is a computer system that mimics the functioning of
biological neurons.
52. Expert systems function using all but which of the following?
C: Expert systems do not use the delta rule. Neural networks use the delta rule,
the learning rule.
53. Which of the following is not one of the steps used by expert systems when
performing fuzzy logic operations?
D: Normalization is not one of the steps used in fuzzy logic operations.
Normalization is the removal of errors from a database.
54. The most common example of a distributed computing environment (DCE) is
which of the following?
A: A client/server system is the most common example of a DCE.
55. Which of the following is not an example of a mobile code language used in a
distributed computing environment?
B: Fortran is a 3rd generation programming language, but it is not a mobile
code language used in DCE.
56. The communications sent to an object in order to instruct it to perform some
operation is known as?
B: The result exhibited by an object upon receipt of an instruction is known as
a behavior.
57. The ability for an object to produce different behaviors from the same message
is known as?
D: The ability for an object to produce different behaviors from the same
message is known as polymorphism.
58. The number of rows in a relational database is known as?
C: The cardinality is the number of rows in a relational database.
59. The number of columns in a relational database is known as?
D: The degree is the number of columns in a relational database.
60. The data that defines the structure of the database is known as?
A: The schema is the data that defines the structure of the database.
61. A relational database provides for what types of relationships?
A: A relational database provides for one-to-one relationships.
62. A hierarchical database provides for what types of relationships?
B: A hierarchical database provides for one-to-many relationships.
63. An intersection of a row and a column in a relational database is known as?
C: A cell is the intersection of a row and a column.
64. Which of the following is not a means to aid in mitigating the threat of
malicious code in a distributed computing environment?
C: Avoiding the use of FTP is the least effective means to mitigate the threat of
malicious code in a DCE.
65. Which of the following is not one of the three primary models of databases?
D: There is no such database model as the dynamic model.
66. A row in a relational database table is known as?
B: A tuple is a row of a relational database table.
67. The attribute that makes each tuple unique in relational database?
C: The primary key is the attribute that makes each tuple unique in relational
database.
68. A unique attribute from another relational database table is known as?
D: A foreign key is a unique attribute from another relational database table.
69. The range of allowable or valid values for attributes is known as?
A: The domain is the range of allowable or valid values for attributes.
70. Any attribute in a relational database that provides a unique identifier for tuples
is known as?
B: A candidate key is any attribute in a relational database that provides a
unique identifier for tuples.
71. A column in a relational database table is known as?
D: An attribute is a column in a relational database table.
72. A collection of records of the same type is known as?
A: A file is a collection of records of the same type.
73. Hiding specific cells in a database to prevent against inference attacks is
known as?
C: Cell suppression is the technique of hiding specific cells in a database to
prevent against inference attacks.
74. A centralized repository of normalized information from various databases that
is made available to users to perform queries against is known as?
D: A data warehouse is a centralized repository of normalized information
from various databases that is made available to users to perform queries
against.
75. What type of virus requires just a host program to replicate and distribute
itself?
A: A common virus, also known as a file virus, needs only a host program to
replicate and distribute itself.
76. The mechanism that ensures that every tuple has a primary key and that that
primary key is related to an existing record is known as?
A: The mechanism that ensures that every tuple has a primary key and that that
primary key is related to an existing record is the referential integrity
mechanism.
77. Which of the following are not elements of transaction management for
databases?
B: Normalization is a process used on databases to ensure that the attributes of
a table depend upon the primary key. However, normalization is not part of
transaction management.
78. At what layer of the OSI model does SQL, as a service protocol, operate?
C: SQL operates at layer 5 the Session layer.
79. The central repository for the data elements and their relationships is known
as?
B: The data dictionary is the central repository for the data elements and their
relationships.
80. Which of the following is not one of the steps or elements in data
normalization?
C: Locking cells is an aspect of concurrency protection, not normalization.
81. Semantic integrity rules ensure that all structural and semantic rules of the
database are not violated. Which of the following is not something that these
rules would examine?
D: The semantic integrity rules would not address or examine the relevance of
the data.
82. What is concurrency?
A: Concurrency is a mechanism used to ensure that database information is
always correct.
83. The act of deducing information from higher sensitivity levels from data at
their own lower sensitivity level is known as?
B: Inference is the act of deducing information from higher sensitivity levels
from data at their own lower sensitivity level
84. Which of the following is not considered a valid safeguard against viruses?
B: Biometric authentication has no bearing on virus protection.
85. What model of database is useful for mapping or creating many to many
relationships?
C: A distributed data model uses many to many relationships.
86. Which of the following conditions indicate that the integrity of an entity has
been violated?
D: This indicates that the integrity of an entity has been violated.
87. SQL server is not vulnerable to which of the following types of attacks?
D: SQL is not vulnerable to dead locks since it supports concurrent transaction
through transaction management.
88. When a database system supports transaction management, which of the
following is it still vulnerable to, because users have access to data cells?
A: Databases may be still vulnerable to inferencing even with transaction
management.
89. The user interface for a database enforces indirect access. This type of
restricted interface or controlled view provides all but which of the following?
B: Database views and client interfaces do not provide availability.
90. What level of the Carnegie Mellon University Software Engineering Institute
(SEI)'s Software Capability Maturity Model (CMM) represents the project
management processes and ensures that practices are institutionalized?
D: Level 2 - Repeatable is focused on the project management processes and
ensures that practices are institutionalized.
91. Objects are ___________ of classes that contain their methods.
A: Objects are instances of classes that contain their methods.
92. The forwarding of a request by an object to another object is known as?
B: Delegation is the forwarding of a request by an object to another object.
93. Within configuration management, what is a component whose state is
recorded and changes are measured against that saved state?
B: Configuration item is a component whose state is recorded and changes are
measured against that saved state.
94. Which procedure of configuration management is responsible for recording the
processing of changes?
C: Configuration Status Accounting is the procedure that records the
processing of changes.
95. In a relational database, mandatory access controls are imposed by using which
of the following mechanisms?
A: Mandatory access control is based on classification levels.
96. What is normalization?
A: Normalization is the process of removing duplicate or redundant data from
a database.
97. Which of the following is not true?
C: This is not true. It is not possible to alter or duplicate the signature on an
applet.
98. Inference engines are able to manage uncertainty using all but which of the
following means?
B: Direct reasoning is not a feature or capability of inference engines.
99. The fineness of access control specification within a database is known as?
B: Granularity is the fineness of access control specification within a database.
100.What is polyinstantiation?
C: Polyinstantiation is a mechanism that allows a duplicate primary key to be
created at a lower sensitivity level when the same key exists at a higher
sensitivity level. This prevents inference.
101.Which software life cycle models allows for modifications to the project to
travel only to the previous development stage?
D: The waterfall model allows for modifications to the project to travel only to
the previous development stage.
102.Which of the following is not true when performing testing during product
development?
A: Testing should never use real or live data.
103.What is polymorphism?
C: Polymorphism is the ability of different objects to respond differently to the
same message.
104.Formerly known as OLE, what object oriented system standard defines the
exchange of objects between programs executing on the same system?
D: COM or Common Object Model is the standard that defines the exchange
of objects between programs executing on the same system.
105.What type of system demonstrates reasoning abilities similar to humans?
A: Expert systems demonstrate reasoning abilities similar to humans.
106.Which of the following is the collection of correlations between data or data
about data?
B: Metadata is the collection of correlations between data or data about data.
107.What type of virus attaches itself to a program so it is activated whenever the
software is executed?
C: A file virus attaches itself to a program so it is activated whenever the
software is executed.
108.Which of the following is true for centralized systems?
C: This is a benefit of centralized systems.
109.Java and ActiveX are both examples of?
D: ActiveX and Java are examples of mobile code.
110.Which of the following is not a countermeasure against malicious code?
B: This is not a countermeasure against malicious code.
111.Which of the following is a mandatory access control model for objectoriented systems?
C: SORION is a mandatory access control model for object-oriented systems.
112.An unapproved method of gaining access to a system is known as?
D: An unapproved method of gaining access to a system is known as a
backdoor.
113.The biggest issue related to database security is?
B: Human errors are the biggest issue related to database security. All other
problems or issues are related to human errors, mistakes, or omissions.
114.Which of the following is not an example of a programming or data attack?
A: Brute force is a password attack, not a programming or data attack.
115.What is the most significant disadvantage of using compiled mobile code?
A: Compiled code can contain hidden malicious code.
116.A __________ is a form of malicious code that is triggered to perform an
activity once a specific event occurs, such as a time period, accessing a online
resource, or launching a program.
A: A logic bomb is a form of malicious code that is triggered to perform an
activity once a specific event occurs, such as a time period, accessing a online
resource, or launching a program.
117.Accreditation is what?
C: Accreditation is a formal acceptance of a security certification.
118.The primary difference between a virus and a worm is?
D: The primary difference between a virus and a worm is that a worm
primarily seeks to spread itself to other systems while a virus seeks to replicate
itself within a system.
119.Which of the following is not considered a denial of service attack?
B: While spam is unwanted and a large amount can result in a DoS attack, a
limited amount of spam is little more than annoying.
120.Countermeasures to the Smurf Denial of Service attack include all but which
of the following?
C: A network-based IDS may have some affect as a countermeasure against
Smurf, but a host-based IDS is ineffective against any DoS.
121.At what point in a product's development cycle should infosec be introduced?
B: InfoSec should be introduced into a product's development cycle from
inception.
Related documents
MODULE NAME: MODELS OF DATABASE AND DATABASE DESIGN
MODULE NAME: MODELS OF DATABASE AND DATABASE DESIGN
Database Design - Seattle Central College
Database Design - Seattle Central College
CSC 3110 Database Management Systems II
CSC 3110 Database Management Systems II
BSE 2101 Introduction to Database Systems
BSE 2101 Introduction to Database Systems
syllabus - Florida International University
syllabus - Florida International University
Kroenke-DBP-e10-PPT-Chapter01
Kroenke-DBP-e10-PPT-Chapter01
Conceptual and Logical Database Design
Conceptual and Logical Database Design
A2 ICT THEORY MODULES SUBJECT CONTENT
A2 ICT THEORY MODULES SUBJECT CONTENT
Assignment 1 - Al Akhawayn University
Assignment 1 - Al Akhawayn University
You have already learned three of most important terms in data
You have already learned three of most important terms in data