Secure Programming Exam 3

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Use singleton objects when a common object or task will be used across multiple use cases for the same reason. (T/F)

true

Web 2.0 is a term used to describe the transitional status of today's Web applications. (T/F)

true

What you choose to tell the user in error messages is up to you, but it should specifically benefit them. (T/F)

true

What type of list defines only accepted input values?

whitelist

What type of report is reactive?

Application guide?

What is the best way to turn off DEBUG statements in the code?

Automate a script

Which program language is vulnerable to a buffer overflow attack?

C/C++

What type of errors does integration testing find?

Class/method errors

What is it called when existing bodies of logic are broken up and moved into many smaller bodies of code?

Code refactoring

What are people-intensive verification techniques that are conducted either formally or informally that allow peers to read code statements and look for common security vulnerabilities, such as hard-coded IDs or passwords,and general quality features?

Code reviews

What type of errors are found in syntax?

Compile-time errors

What is the grouping and storing of data inside a single object?

Encapsulation

When should an incident report be released?

Immediately

What test is when two or more modules or platforms are linked together and tested?

Integration testing

What type of errors does unit testing find?

Logic errors

What is the best way to be proactive in solving application errors?

Monitoring error logs

If someone were to ask you to prove that your application is secure, what would the Misuse cases prove?

Proves that threat analysis and investigation was done looking for ways to break the software

What is the Holodeck tool used for?

Reliability testing

How can an application alert stakeholders of invasion?

SMS

What design pattern forces the server to create only one object in its heap, thus making the server run very efficiently while using minimum RAM?

Singleton design pattern

What defines how effective security is tested and implemented within the software?

Software assurance

What type of errors does compilers find?

Syntax errors

What type of test involves a complete front-to-back execution of the entire application?

System test

Software assurance means?

That you have a process in place and a plan of action to ensure that the software that is written is secure

What do sensing activities include?

Tools to monitor, test, and review code

Why is it important to network with peers in this field?

You never know where your next project will come from

What type of list defines bad input values?

blacklist

A system test involves only a portion of the application. (T/F)

false

Ajax does not have any security vulnerabilities. (T/F)

false

Internal threats don't pose any real problems and do not need to be considered. (T/F)

false

Not every request that comes into the application should be treated as a potential attack. (T/F)

false

Once the project is in maintenance mode, the developer can relax a little with the details of the requirement process. (T/F)

false

Penetration testing is a very rare practice in the security field. (T/F)

false

Software assurance means that your code is secure. (T/F)

false

Spaghetti code is rather inexpensive to maintain. (T/F)

false

The more complexity that is added to the system, the more secure it becomes. (T/F)

false

There is only one type of error in application development: compile-time errors. (T/F)

false

What is tested when the application produces correct results despite being under attack?

idk

Where do most attacks to software come from?

idk

Manually going into the source code and forcing an error or attack is called?

source-based fault injections

A testing script needs to be created for every possible situation and attack that the program could encounter. (T/F)

true

After the debug methods are built into the program, they can be called anywhere at anytime within the program you need to test. (T/F)

true

Application errors expose a lot of information about the code and its environment. (T/F)

true

Code refactoring occurs when existing bodies of logic are broken up and moved into many smaller bodies of code. (T/F)

true

Code reviews, if conducted right can have a very positive effect on the team. (T/F)

true

Coding for resiliency means accepting the fact that something bad will happen and that when it does, you will be ready. (T/F)

true

Exception handling is the cornerstone for all secure code. (T/F)

true

Fuzz testing and reliability testing are conducted during system testing. (T/F)

true

It is best to wait to add debugging techniques to the code when the code is broken. (T/F)

true

Keeping a daily journal is a waste of time and has no place on your project. (T/F)

true

Learning new technologies and networking with your peers are two ways to show initiative. (T/F)

true

Logging user traffic, events and data flow is one of the best analysis techniques you can do for an application. (T/F)

true

Making something bad happen actually tests the dependencies and resiliency of the software. (T/F)

true

Monitoring error logs and responding to immediate issues is a great way to stay proactive in the secure software process. (T/F)

true

Parameter-driven software is software that looks up values stored in a database and determines what to display, allow, or execute based on those values. (T/F)

true

Reactive measures are plans and polices that outline the proper response to an incident. (T/F)

true

Security code scanners also report a number of false positives. (T/F)

true

Software assurance can be proven, validated, and substantiated only by the process in place and the artifacts produced from each process. (T/F)

true

Some popular programming languages that deal with security include the following: -Java -PHP -C/C++ (T/F)

true

Testing software consists of running a battery of test cases using multiple techniques against a specific use case and evaluating the results for pass or fail marks. (T/F)

true

The application will never be 100% secure. (T/F)

true

The benefits to a CCB are twofold: -Provide a known and methodical decision process -Sustain security and quality in the software artifacts (T/F)

true

The most notable security flaw with the C/C++ language is the buffer overflow attack. (T/F)

true

Unit testing catches errors that compilers won't find. (T/F)

true

Unit testing is the lowest level of testing a developer can conduct. (T/F)

true

Use cases are a great starting point for functional test scripts. (T/F)

true


Kaugnay na mga set ng pag-aaral

American Public School Law - Landmark Cases (Alexander Text)

View Set

Conceptual Physics study guide modules 5,6,7,1

View Set

Lektion 13 - wann, wenn oder als? (Grammatik)

View Set