Examen

Examen:

CISSP - (ISC)2 Certified Information Systems Security Professional - Chapter 20

Christine is helping her organization implement a DevOps approach to deploying code.

1.-Which one of the following is not a component of the DevOps model?
A. Information security
B. Software development
C. Quality assurance
D. IT operations

Bob is developing a software application and has a field where users may enter a date. He wants to ensure that the values provided by the users are accurate dates to prevent security issues.

2.-What technique should Bob use?
A. Polyinstantiation
B. Input validation
C. Contamination
D. Screening

Vincent is a software developer who is working through a backlog of change tasks. He is not sure which tasks should have the highest priority.

3.-What portion of the change management process would help him to prioritize tasks?
A. Release control
B. Configuration control
C. Request control
D. Change audit

Frank is conducting a risk analysis of his software development environment and, as a mitigation measure, would like to introduce an approach to failure management that places the system in a high level of security in the event of a failure.

4.-What approach should he use?
A. Fail-open
B. Fail mitigation
C. Fail-secure
D. Fail clear

5.-What software development model uses a seven- stage approach with a feedback loop that allows progress one step backward?
A. Boyce-Codd
B. Iterative waterfall
C. Spiral
D. Agile

Jane is conducting a threat assessment using threat modeling techniques as she develops security requirements for a software package her team is developing.

6.-Which business function is she engaging in under the Software Assurance Maturity Model (SAMM)?
A. Governance
B. Design
C. Implementation
D. Verification

7.-Which one of the following key types is used to enforce referential integrity between database tables?
A. Candidate key
B. Primary key
C. Foreign key
D. Alternate key

Richard believes that a database user is misusing his privileges to gain information about the companys overall business trends by issuing queries that combine data from a large number of records.

8.-What process is the database user taking advantage of?
A. Inference
B. Contamination
C. Polyinstantiation
D. Aggregation

9.-What database technique can be used to prevent unauthorized users from determining classified information by noticing the absence of information normally available to them?
A. Inference
B. Manipulation
C. Polyinstantiation
D. Aggregation

10.-Which one of the following is not a principle of Agile development?
A. Satisfy the customer through early and continuous delivery.
B. Businesspeople and developers work together.
C. Pay continuous attention to technical excellence.
D. Prioritize security over other requirements.

11.-What type of information is used to form the basis of an expert systems decision- making process?
A. A series of weighted layered computations
B. Combined input from a number of human experts, weighted according to past performance
C. A series of if/then rules codified in a knowledge base
D. A biological decision- making process that simulates the reasoning process used by the human mind

12.-In which phase of the SW- CMM does an organization use quantitative measures to gain a detailed understanding of the development process?
A. Initial
B. Repeatable
C. Defined
D. Managed

13.-Which of the following acts as a proxy between an application and a database to support interaction and simplify the work of programmers?
A. SDLC
B. ODBC
C. PCI DSS
D. Abstraction

14.-In what type of software testing does the tester have access to the underlying source code?
A. Static testing
B. Dynamic testing
C. Cross- site scripting testing
D. Black-box testing

15.- What type of chart provides a graphical illustration of a schedule that helps to plan, coordinate, and track project tasks?
A. Gantt
B. Venn
C. Bar
D. PERT

16.-Which database security risk occurs when data from a higher classification level is mixed with data from a lower classification level?
A. Aggregation
B. Inference
C. Contamination
D. Polyinstantiation

Tonya is performing a risk assessment of a third- party software package for use within her organization. She plans to purchase a product from a vendor that is very popular in her industry.

17.-What term best describes this software?
A. Open source
B. Custom-developed
C. ERP
D. COTS

18.-Which one of the following is not part of the change management process?
A. Request control
B. Release control
C. Configuration audit
D. Change control

19.-What transaction management principle ensures that two transactions do not interfere with each other as they operate on the same data?
A. Atomicity
B. Consistency
C. Isolation
D. Durability

Tom built a database table consisting of the names, telephone numbers, and customer IDs for his business. The table contains information on 30 customers.

20.-What is the degree of this table?
C. Thirty
A. Two
B. Three
D. Undefined