Page430

  1. An object acts differently, depending on the context of the input message. Which Object-Oriented Programming concept does this illustrate?
    A. Delegation
    B. Inheritance
    C. Polyinstantiation
    D. Polymorphism

Correct Answer and Explanation: D. Answer D is correct; polymorphism (based on the Greek roots “poly” and “morph,” meaning many and forms, respectively): allows the ability to overload operators, performing different methods depending on the context of the input message.

Incorrect Answers and Explanations: A, B, and C. Answers A, B, and C are incorrect. Delegation allows objects to delegate messages to other objects. Inheritance means an object inherits capabilities from its parent class. Polyinstantiation means “many instances,” two objects with the same names that have different data.

  1. Two objects with the same name have different data. Which Object-Oriented Programming concept does this illustrate?
    A. Delegation
    B. Inheritance
    C. Polyinstantiation
    D. Polymorphism

Correct Answer and Explanation: C. Answer C is correct; polyinstantiation means “many instances,” two objects with the same names that have different data.

Incorrect Answers and Explanations: A, B, and D. Answers A, B, and D are incorrect. Delegation allows objects to delegate messages to other objects. Inheritance means an object inherits capabilities from its parent class. Polymorphism allows the ability to overload operators, performing different methods depending on the context of the input message.

  1. What is an agile method that automates system administration tasks, including server deployment and configuration management?
    A. Software Configuration Management (SCM)
    B. Security Orchestration, Automation, and Response (SOAR)
    C. Continuous Integration and Continuous Delivery (CI/CD)
    D. Integrated Development Environment (IDE)

Correct Answer and Explanation: A. Answer A is correct; Software Configuration Management (SCM) is an agile method that automates system administration tasks, including server deployment and configuration management

Incorrect Answers and Explanations: B, C, and D. Answers B, C, and D are incorrect. Security Orchestration, Automation, and Response (SOAR) is an agile methodology used to centralize the management of security operations. Continuous Integration and Continuous Delivery (CI/CD) focuses on rapidly deploying code updates via pipelines. Integrated Development Environments (IDEs) improve productivity by providing a programmer with a single interface that can perform numerous functions.

  1. A programmer allocates 20 bytes for a username variable, and an attacker enters a username that is 1000 bytes long. All 1000 bytes are copied to the stack. What type of attack did the attacker perform?
    A. Buffer Overflow
    B. Cross-Site Scripting (XSS)
    C. Fuzzing
    D. Time of Check/Time of Use (TOC/TOU)

Correct Answer and Explanation: A. Answer A is correct; a buffer overflow occurs when a programmer does not perform variable bounds checking.

Incorrect Answers and Explanations: B, C, and D. Answers B, C, and D are incorrect. Cross-Site Scripting (XSS) leverages third-party execution of web scripting languages such as JavaScript within the security context of a trusted site. Fuzzing is a form of black box software testing that enters random malformed data as inputs into software programs to determine if they will crash. Time of Check/Time of Use (TOC/TOU) attacks are also called race conditions: an attacker attempts to alter a condition after it has been checked by the operating system, but before it is used.

  1. What type of database language is used to create, modify, and delete tables?
    A. Data Definition Language (DDL)
    B. Data Manipulation Language (DML)
    C. Database Management System (DBMS)
    D. Structured Query Language (SQL)

Correct Answer and Explanation: A. Answer A is correct; Data Definition Language (DDL) is used to create, modify, and delete tables.

Incorrect Answers and Explanations: B, C, and D. Answers B, C, and D are incorrect. Data Manipulation Language (DML) is used to query and update data stored in the tables. Database Management System (DBMS) manages the database system and provides security features. Structured Query Language (SQL) is a database query language that includes both DDL and DML. DDL is more specific than SQL, or it is a better answer for this question.