Chat with AI
Deck 5: Software Requirements: Hear What They Say, Know What They Mean, Protect What They Own
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/43
Play
Full screen (f)
Deck 5: Software Requirements: Hear What They Say, Know What They Mean, Protect What They Own
1
Good communication is not a necessary skill to have in order to be a good developer.
False
2
The best place to identify assets is in the use case documentation.
True
3
Asset classification can be carried out in many ways, but the easiest method is to label assets with basic high/low terms.
True
4
C.I.A. stands for confidentiality, integrity, and accountability.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
5
Misuse cases are similar to use cases only they are the opposite.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
6
Only the project manager has the responsibility of identifying assets.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
7
Detailed use case requirements can come in multiple forms: UML, MS Word documents, and even emails.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
8
Software requirements describe the how in software applications.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
9
When listing attack types, don't let everyone on the team contribute options.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
10
The honest, open-ended approach is too vague of an approach to begin the communication process.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
11
The first step in devising a misuse case is putting a face to your enemy.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
12
Businesses are seeing security requirements gathering becoming just as important as functionality requirements gathering.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
13
Visualization is very powerful and it will certainly help your overall understanding of the requirements.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
14
Catching software requirements errors at the beginning of the development process is very costly.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
15
There should be a dependent relationship between the developer and analyst that ensures that both individuals have done their jobs.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
16
When requirements begin to creep in from all angles without any further analysis, this is called scope creep.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
17
The needs statement provides the main mission or purpose of the application.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
18
Translating informational data into real dollars is the easiest part of asset valuation.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
19
To determine what relevant attacks are, you must define the preconditions needed and the availability of the attacker's tools.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
20
The software requirements come in three levels: high, vague, and low.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
21
Why are developers concerned with application assets?
A) They like to know what is important
B) Play a key role in keeping the application running safe
C) They are in charge of protecting
D) They are accountable in anything were to happen
A) They like to know what is important
B) Play a key role in keeping the application running safe
C) They are in charge of protecting
D) They are accountable in anything were to happen
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
22
What is a software asset?
A) Anything of value to the users
B) Anything of value to the developers
C) Anything of value to the stakeholders
D) Anything of value to the project managers
A) Anything of value to the users
B) Anything of value to the developers
C) Anything of value to the stakeholders
D) Anything of value to the project managers
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
23
JAD session are:
A) Joint Application Details
B) Joint Agreement Development
C) Joint Application Design
D) Joint Application Development
A) Joint Application Details
B) Joint Agreement Development
C) Joint Application Design
D) Joint Application Development
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
24
The easiest part of tool selection is knowing what the options are.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
25
Descriptive words make the misuse more complicated and chaotic.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
26
What is analysis paralysis?
A) Analyst is forever writing and rewriting specifications
B) Analyst cannot document requirements
C) Analyst does not create software requirement artifacts
D) Analyst helps the developers write software requirements
A) Analyst is forever writing and rewriting specifications
B) Analyst cannot document requirements
C) Analyst does not create software requirement artifacts
D) Analyst helps the developers write software requirements
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
27
Every countermeasure created is a new software requirement for the functionality use case.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
28
What is the formula to value an asset?
A) development costs + incremental risk = bottom line
B) development costs + benefits + incremental risk = bottom line
C) development costs + benefits = bottom line
D) benefits + incremental risk = bottom lime
A) development costs + incremental risk = bottom line
B) development costs + benefits + incremental risk = bottom line
C) development costs + benefits = bottom line
D) benefits + incremental risk = bottom lime
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
29
What is the difference between high and low assets?
A) Very secure (high) and important but not critical (low)
B) Needed (high) and not needed (low)
C) Secure (high) and not secure (low)
D) Secure (high) and functional (low)
A) Very secure (high) and important but not critical (low)
B) Needed (high) and not needed (low)
C) Secure (high) and not secure (low)
D) Secure (high) and functional (low)
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
30
What artifact is the opposite of a use case?
A) Functional spec
B) Misuse case
C) Design case
D) Software attack
A) Functional spec
B) Misuse case
C) Design case
D) Software attack
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
31
What should the developer do if there is a lot of unanswered questions during your analysis?
A) Code the application with what is known and work out the kinks later
B) Push the requirements back to the BAs
C) Code what you can and fill in the blanks later
D) Code now and weed out issues in testing
A) Code the application with what is known and work out the kinks later
B) Push the requirements back to the BAs
C) Code what you can and fill in the blanks later
D) Code now and weed out issues in testing
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
32
What is scope creep?
A) New requirements creep in the development process with no analysis
B) New requirements that are not clarified
C) When developers code software not needed
D) When requirements need to be redone
A) New requirements creep in the development process with no analysis
B) New requirements that are not clarified
C) When developers code software not needed
D) When requirements need to be redone
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
33
What are the three types of software requirements?
A) High; medium; and low
B) High; medium; and detailed
C) High; detailed; and low
D) Overview; medium; and low
A) High; medium; and low
B) High; medium; and detailed
C) High; detailed; and low
D) Overview; medium; and low
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
34
Who is responsible for helping in the identification of assets?
A) Project Manager
B) Stakeholders
C) Developers
D) Whole team
A) Project Manager
B) Stakeholders
C) Developers
D) Whole team
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
35
The relationship between use case documentation and its counterpart misuse case are independent of each other.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
36
Knowing the enemy preconditions will help the management team determine if the cost of developing countermeasures overrides the risk of taking a chance.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
37
Why are fail safe requirements?
A) What should the application do when it starts up
B) What the user does when the application crashes
C) What should the application do when a failed attempt to call a program or service occurs
D) What should the application do if it senses threats
A) What should the application do when it starts up
B) What the user does when the application crashes
C) What should the application do when a failed attempt to call a program or service occurs
D) What should the application do if it senses threats
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
38
What does 'meaningful requirements' mean?
A) Identify what is needed and by whom
B) They mean something to the analysts
C) They are important requirements to the managers
D) They are critical requirements
A) Identify what is needed and by whom
B) They mean something to the analysts
C) They are important requirements to the managers
D) They are critical requirements
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
39
What do interaction diagrams do for requirements?
A) introduce security designs
B) introduce code
C) introduce concepts
D) introduce logical data flow patterns
A) introduce security designs
B) introduce code
C) introduce concepts
D) introduce logical data flow patterns
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
40
What do preconditions define in a misuse case?
A) Where the developer are before an attack
B) What the attacker must do before attacking the application
C) What must the conditions be like for a successful attack
D) What program language the code was written in
A) Where the developer are before an attack
B) What the attacker must do before attacking the application
C) What must the conditions be like for a successful attack
D) What program language the code was written in
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
41
How can a de-compiler be used in a software attack?
A) Corrupt binary data
B) Launch a DOS
C) Turn binary code into ASCII
D) Recompile the code again
A) Corrupt binary data
B) Launch a DOS
C) Turn binary code into ASCII
D) Recompile the code again
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
42
Why is it hard to know the tool selection of attackers?
A) Smart hackers out there that have their own homegrown tool or automated robots
B) Vendors make them by the dozen
C) APIs and white papers take a long time to read
D) One person cannot know all tools
A) Smart hackers out there that have their own homegrown tool or automated robots
B) Vendors make them by the dozen
C) APIs and white papers take a long time to read
D) One person cannot know all tools
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
43
Why is it important to know your enemies in an attack?
A) Who or what would like to attack your application and why
B) Who you need to avoid
C) Who should not know about the application
D) Who needs to stay our to the development room
A) Who or what would like to attack your application and why
B) Who you need to avoid
C) Who should not know about the application
D) Who needs to stay our to the development room
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
