Chat with AI
Deck 18: Secure Software Development
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/40
Play
Full screen (f)
Deck 18: Secure Software Development
1
Creating a graphical representation of the required elements for an attack vector occurs in which step of Threat Modeling?
A)Step 1-Define scope
B)Step 4-Enumerate threats
C)Step 5-Classify threats
D)Step 8-Create threat trees
A)Step 1-Define scope
B)Step 4-Enumerate threats
C)Step 5-Classify threats
D)Step 8-Create threat trees
D
2
Lease privilege refers to removing all controls from a system.
False
3
Which type of attack is used especially against databases?
A)DB manipulation
B)DB injection
C)SQL injection
D)SQL rejection
A)DB manipulation
B)DB injection
C)SQL injection
D)SQL rejection
C
4
Canonicalization vulnerabilities are restricted to Windows systems.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
5
Scoring the efforts to reduce the effects of threats occurs in which step of threat modeling?
A)Step 2-Enumerate assets
B)Step 7-Score and rank threats
C)Step 8-Create threat trees
D)Step 9-Determine and score mitigation
A)Step 2-Enumerate assets
B)Step 7-Score and rank threats
C)Step 8-Create threat trees
D)Step 9-Determine and score mitigation
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
6
In the secure development lifecycle,employing use cases to compare program responses to known inputs,and then comparing the outputs to the desired outputs should take place in which phase?
A)Coding phase
B)Design phase
C)Requirements phase
D)Testing phase
A)Coding phase
B)Design phase
C)Requirements phase
D)Testing phase
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
7
What is the one item that could labeled as the "most wanted" item in coding security?
A)Run length overflow
B)Proper string handling
C)Herman the Fly
D)Buffer overflow
A)Run length overflow
B)Proper string handling
C)Herman the Fly
D)Buffer overflow
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
8
What does the term spiral method refer to?
A)SQL
B)The software engineering process model
C)Proper coding of SSL
D)Physical security of facilities
A)SQL
B)The software engineering process model
C)Proper coding of SSL
D)Physical security of facilities
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
9
Testing is not an essential part of the generation of secure code.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
10
Cryptography is the solution to all security problems.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
11
What is the waterfall model characterized by?
A)A generic,repeatable process for debugging software
B)A protocol limiting liquids in the workplace
C)A linear,multistep process
D)A process for ensuring that all inputs are tested
A)A generic,repeatable process for debugging software
B)A protocol limiting liquids in the workplace
C)A linear,multistep process
D)A process for ensuring that all inputs are tested
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
12
What is used to compare program responses to known inputs and comparison of the output to desired output?
A)Use cases
B)Waterfall models
C)Requirements testing
D)Good practices
A)Use cases
B)Waterfall models
C)Requirements testing
D)Good practices
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
13
What technique can be used to find potentially exploitable buffer overflows,without any specific knowledge of the coding?
A)Code injection
B)Use cases
C)Fuzzing
D)Backdoors
A)Code injection
B)Use cases
C)Fuzzing
D)Backdoors
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
14
Which is related to a code injection error?
A)VB.NET
B)SQL
C)JavaScript
D)C#
A)VB.NET
B)SQL
C)JavaScript
D)C#
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
15
Errors found after development is complete are expensive.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
16
Determining what needs to be accessed,and the appropriate level of permission for every item accessed is an example of what principle?
A)Least functionality
B)Least privilege
C)Least access
D)Least rights
A)Least functionality
B)Least privilege
C)Least access
D)Least rights
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
17
In the secure development lifecycle,in which phase should minimizing the attack surface area take place?
A)Coding phase
B)Design phase
C)Requirements phase
D)Testing phase
A)Coding phase
B)Design phase
C)Requirements phase
D)Testing phase
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
18
In the secure development lifecycle,how must the specific security needs of software being developed be defined?
A)Coding phase
B)Design phase
C)Requirements phase
D)Testing phase
A)Coding phase
B)Design phase
C)Requirements phase
D)Testing phase
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
19
Unvalidated input that changes the code functioning in an unintended way is which type of coding error?
A)Canonicalization error
B)Improper output handling
C)Injection
D)Buffer overflow
A)Canonicalization error
B)Improper output handling
C)Injection
D)Buffer overflow
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
20
Which type of error occurs when a program executes the error checking routine,prior to manipulating strings to a base form?
A)Canonicalization error
B)Improper output handling
C)Injection
D)Buffer overflow
A)Canonicalization error
B)Improper output handling
C)Injection
D)Buffer overflow
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
21
A(n)_______________ attack is a form of code injection aimed at any Structured Query Language (SQL)-based database,regardless of vendor.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
22
Generating true random numbers is a fairly trivial task.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
23
The _______________ model is characterized by iterative development,where requirements and solutions evolve through an ongoing collaboration of self-organizing cross-functioning teams.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
24
Proper use of _______________ can provide a wealth of programmatic functionality,such as authentication,confidentiality,integrity,and nonrepudiation.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
25
What are the major types of coding errors and their root cause?
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
26
_______________ is the systematic application of a series of malformed inputs to test how the program responds.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
27
_______________ is the conversion of a name to its simplest form.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
28
_______________,historically,has not been an integral part of the software development life cycle.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
29
How does implementing a good software development process enforce security inclusion in a project?
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
30
How can secure coding be incorporated into the software development process?
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
31
What are the phases of the software development lifecycle?
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
32
You are interviewing for a job as a software developer.The interviewer asks you to explain good software development practices.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
33
Employing _______________ to compare program responses to known inputs and then comparing the output to the desired output is a proven method of testing software.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
34
The spiral model is characterized by iterative development,where requirements and solutions evolve through an ongoing collaboration between self-organizing,cross-functional teams.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
35
When the function of code is changed in an unintended way,it is an example of code injection.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
36
The _______________ is the first step in a software development process model.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
37
The specific security needs of a program being developed should be defined in the design phase of the secure development lifecycle.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
38
If the requirement phase marks the beginning of the generation of security in code,then the _______________ marks the other boundary.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
39
The _______________ model is characterized by a multistep process in which the steps follow each other in a linear,one-way fashion,like water over a waterfall
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
40
Fuzzing is a powerful tool used in testing code.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
