Skip to content

Page396

Summary of Exam Objectives

We live in an increasingly computerized world, and software is everywhere. The confidentiality, integrity, and availability of data processed by software are critical, as is the normal functionality (availability) of the software itself. This domain has shown how software works, and the challenges programmers face while trying to write error-free code that is able to protect data (and itself) in the face of attacks.

Following a formal methodology for developing software, followed by a rigorous testing regimen, are best practices. We have seen that following a software development maturity model such as the Capability Maturity Model Integration (CMMI) can dramatically lower the number of errors programmers make. The five steps of CMMI follow the process most programming organizations follow, from an informal process to a mature process which always seeks improvement: initial, repeatable, defined, managed, and optimizing.

Self-Test

Note
Please see the Self-Test Appendix for explanations of all correct and incorrect answers.

  1. Which software design methodology uses paired programmers?
    A. Agile
    B. Extreme Programming (XP)
    C. Sashimi
    D. Scrum

  2. Which form of Artificial Intelligence uses a knowledge base and an inference engine?
    A. Artificial Neural Network (ANN)
    B. Bayesian Filtering
    C. Expert System
    D. Genetic Algorithm

  3. What is an agile methodology that focuses on rapidly deploying code updates via pipelines?
    A. Security Orchestration, Automation, and Response (SOAR)
    B. DevSecOps
    C. Integrated Development Environment (IDE)
    D. Continuous Integration and Continuous Delivery (CI/CD)

  4. What describes a more agile development and support model, where developers directly support operations?
    A. DevOps
    B. Sashimi
    C. Spiral
    D. Waterfall

  5. At what phase of the (Systems Development Life Cycle) SDLC should security become part of the process?
    A. Before initiation
    B. During development/acquisition
    C. When the system is implemented
    D. SDLC does not include a security process

  6. An object acts differently, depending on the context of the input message. Which Object-Oriented Programming concept does this illustrate?
    A. Delegation
    B. Inheritance
    C. Polyinstantiation
    D. Polymorphism

  7. Two objects with the same name have different data. Which Object-Oriented Programming concept does this illustrate?
    A. Delegation
    B. Inheritance
    C. Polyinstantiation
    D. Polymorphism

  8. What is an agile method that automates system administration tasks, including server deployment and configuration management?
    A. Software Configuration Management (SCM)
    B. Security Orchestration, Automation, and Response (SOAR)
    C. Continuous Integration and Continuous Delivery (CI/CD)
    D. Integrated Development Environment (IDE)

  9. A programmer allocates 20 bytes for a username variable, and an attacker enters a username that is 1000 bytes long. All 1000 bytes are copied to the stack. What type of attack did the attacker perform?
    A. Buffer Overflow
    B. Cross-Site Scripting (XSS)
    C. Fuzzing
    D. Time of Check/Time of Use (TOC/TOU)

  10. What type of database language is used to create, modify, and delete tables?
    A. Data Definition Language (DDL)
    B. Data Manipulation Language (DML)
    C. Database Management System (DBMS)
    D. Structured Query Language (SQL)