Quiz: Module 06 Software and Hardware Assurance Best Practices
Which boot security mode provides the highest degree of security? a. Measured Boot b. Trusted Boot c. UEFI Native Boot d. ABAD Secure Boot
A
Which of the following is NOT correct about the agile model? a. It follows a rigid sequential design process. b. Work is done in "sprints." c. The project's priorities are continually evaluated as tests are run. d. It was designed to overcome the disadvantages of the waterfall model.
A
Which of the following permits a processor to read from a memory location or write to a location during the same data operation? a. Atomic execution b. Data protection c. RAM confinement d. RAIA
A
Which technology is REST replacing? a. SOAP b. XMLX c. SAM-X d. IPA-REST
A
Raul is removing HTML control characters from text that is to be displayed on the screen. What secure coding best practice is he following? a. Display sanitization b. Output encoding c. Screen scraping d. HTML cleaning
B
Simpson is using predefined variables as placeholders when querying a database. What secure best coding practice is he following? a. SQL injection b. Parameterized query c. SELECT Targeting d. Statement containerization
B
What is an XML standard that allows secure web domains to exchange user authentication and authorization data in an SOA? a. REST-X b. SAML c. Macroservices d. SDLC
B
Which of the following is NOT a secure SDLC source? a. OWASP b. Nessus c. SANS d. CIS
B
Which of the following is NOT correct about YARA? a. It is method of creating a malware signature. b. It is a proprietary tool. c. Signatures are encoded as text files. d. It provides a robust language.
B
Which of the following is NOT correct about the software development lifecycle (SDLC)? a. It is a methodology that can be used to build a program or application from its inception to decommission. b. There has been only one approved SDLC model. c. The SDLC includes the basic steps of software planning, designing, testing, coding, and maintenance. d. An advantage is that there is a higher awareness of security by stakeholders.
B
Which of these provides cryptographic services and is external to the device? a. Trusted Platform Module (TPM) b. Hardware security module (HSM) c. Self-encrypting hard disk drives (SED) d. Encrypted hardware-based USB devices
B
Where does a hardware root of trust security check begin? a. Software b. Firmware c. Hardware d. Appware
C
Which of the following is NOT an advantage of a software-oriented architecture (SOA)? a. Improves business agility b. Leverages legacy functionality c. Eliminates the need for business analysts d. Enhances collaboration
C
Which of the following is a secure area of the processor that guarantees that code and data are loaded inside a special secure area? a. Sandbox b. Container c. Trusted execution d. Restricted access processor (RAP)
C
Which stage conducts a test that will verify the code functions as intended? a. Production stage b. Testing stage c. Staging stage d. Development stage
C
Which type of code analysis is conducted prior to the source code being compiled? a. Dynamic code analysis b. Precompiled code analysis c. Static code analysis d. DLDS code analysis
C
Ryker has added a new module to an application and now needs to test it to be sure that the new module does not reintroduce any old vulnerabilities. What testing is Ryker performing? a. Software coding analysis (SCA) b. Application SDLC verification c. Code reuse testing d. Security regression testing
D
Which boot security mode sends information on the boot process to a remote server? a. UEFI Native Mode b. Secure Boot c. Trusted Boot d. Measured Boot
D
Which model uses a sequential design process? a. Secure model b. Agile model c. Rigid model d. Waterfall model
D
Which of the following types of NVM cannot be reset once code is written to it? a. EPROM b. EEPROM c. Flash d. eFuse
D
