Skip to content

Page429

Chapter 9: Domain 8: Software Development Security

  1. Which software design methodology uses paired programmers?
    A. Agile
    B. Extreme Programming (XP)
    C. Sashimi
    D. Scrum

Correct Answer and Explanation: B. Answer B is correct; Extreme Programming (XP) is an Agile development method that uses pairs of programmers who work off a detailed specification. There is a high level of customer involvement.

Incorrect Answers and Explanations: A, C, and D. Answers A, C, and D are incorrect. Agile describes numerous development methodologies, including XP. XP is a better answer because it is more specific. Sashimi is a Waterfall Model variant. Scrum is a different Agile methodology that uses small teams.

  1. Which form of Artificial Intelligence uses a knowledge base and an inference engine?
    A. Artificial Neural Network (ANN)
    B. Bayesian Filtering
    C. Expert System
    D. Genetic Algorithm

Correct Answer and Explanation: C. Answer C is correct; an expert system is comprised of two components: a knowledge base that consists of “if/then” statements. These statements contain rules that the expert system uses to make decisions. The second component is an inference engine.

Incorrect Answers and Explanations: A, B, and D. Answers A, B, and D are incorrect. Artificial Neural Networks (ANNs) simulate neural networks found in humans and animals. Bayesian filtering uses mathematical formulas to assign probabilities to make decisions such as identifying spam. Genetic Algorithms and Programming fundamentally change the way software is developed: instead of being coded by a programmer, they evolve to solve a problem.

  1. What is an agile methodology that focuses on rapidly deploying code updates via pipelines?
    A. Security Orchestration, Automation, and Response (SOAR)
    B. DevSecOps
    C. Integrated Development Environment (IDE)
    D. Continuous Integration and Continuous Delivery (CI/CD)

Correct Answer and Explanation: D. Answer D is correct; Continuous Integration and Continuous Delivery (CI/CD) focuses on rapidly deploying code updates via pipelines.

Incorrect Answers and Explanations: A, B, and C. Answers A, B, and C are incorrect. Security Orchestration, Automation, and Response (SOAR) is an agile methodology used to centralize the management security operations. DevSecOps (Development, Security, and Operations) integrates security into the DevOps process, continuing the focus on agile methodology. Integrated Development Environments (IDEs) improve productivity by providing a programmer with a single interface that can perform numerous functions.

  1. What describes a more agile development and support model, where developers directly support operations?
    A. DevOps
    B. Sashimi
    C. Spiral
    D. Waterfall

Correct Answer and Explanation: A. Answer A is correct; DevOps is a more agile development and support model, where developers directly support operations.

Incorrect Answers and Explanations: B, C, and D. Answers B, C, and D are incorrect. Sashimi, Spiral, and Waterfall are software development methodologies that do not describe a model for developers directly supporting operations.

  1. At what phase of the Systems Development Life Cycle (SDLC) should security become part of the process?
    A. Before initiation
    B. During development/acquisition
    C. When the system is implemented
    D. SDLC does not include a security process

Correct Answer and Explanation: A. Answer A is correct; security is a critical component of the entire SDLC process, typically beginning with a security plan before initiation.

Incorrect Answers and Explanations: B, C, and D. Answers B, C, and D are incorrect. Security is the first step of the SDLC, and is part of every phase of the SDLC.