SET 4 SSCP practice questions WGU
C845
Which of the following statements pertaining to software testing is incorrect?
A. Unit testing should be addressed and considered when the modules are being
designed.
B. Test data should be part of the specifications.
C. Testing should be performed with live data to cover all possible situations.
D. Test data generators can be used to systematically generate random test data that
can be used to test programs - answerC. Testing should be performed with live data to
cover all possible situations
Which of the following statements pertaining to a security policy is incorrect?
A. Its main purpose is to inform the users, administrators and managers of their
obligatory requirements for protecting technology and information assets.
B. It specifies how hardware and software should be used throughout the organization.
C. It needs to have the acceptance and support of all levels of employees within the
organization in order for it to be appropriate and effective.
D. It must be flexible to the changing environment. - answerB. It specifies how hardware
and software should be used throughout the organization.
Which of the following can be defined as the process of rerunning a portion of the test
scenario or test plan to ensure that changes or corrections have not introduced new
errors?
A. Unit testing
B. Pilot testing
C. Regression testing
D. Parallel testing - answerC. regression testing
Which of the following statements pertaining to software testing approaches is correct?
A. A bottom-up approach allows interface errors to be detected earlier.
B. A top-down approach allows errors in critical modules to be detected earlier.
C. The test plan and results should be retained as part of the system's permanent
documentation.
D. Black box testing is predicated on a close examination of procedural detail. -
answerC. The test plan and results should be retained as part of the system's
permanent documentation.
Which of the following test makes sure the modified or new system includes appropriate
access controls and does not introduce any security holes that might
compromise other systems?
A. Recovery testing
, B. Security testing
C. Stress/volume testing
D. Interface testing - answerB. security testing
Which of the following phases of a software development life cycle normally addresses
Due Care and Due Diligence?
A. Implementation
B. System feasibility
C. Product design
D. Software plans and requirements - answerD. software plans and requirements
Which of the following phases of a software development life cycle normally
incorporates the security specifications, determines access controls, and evaluates
encryption options?
A. Detailed design
B. Implementation
C. Product design
D. Software plans and requirements - answerC. product design
Which of the following is less likely to be included in the change control sub-phase of
the maintenance phase of a software product?
A. Estimating the cost of the changes requested
B. Recreating and analyzing the problem
C. Determining the interface that is presented to the user
D. Establishing the priorities of requests - answerD. establishing the priorities of
requests
What is the act of obtaining information of a higher sensitivity by combining information
from lower levels of sensitivity?
A. Polyinstantiation
B. Inference
C. Aggregation
D. Data mining - answerC. Aggregation
Which expert system operating mode allows determining if a given hypothesis is valid?
A. Blackboard
B. Lateral chaining
C. Forward chaining
D. Backward chaining - answerD. backward chaining
Why does compiled code pose more of a security risk than interpreted code?
A. Because malicious code can be embedded in compiled code and be difficult to
detect.
B. If the executed compiled code fails, there is a chance it will fail insecurely.
C. Because compilers are not reliable.
C845
Which of the following statements pertaining to software testing is incorrect?
A. Unit testing should be addressed and considered when the modules are being
designed.
B. Test data should be part of the specifications.
C. Testing should be performed with live data to cover all possible situations.
D. Test data generators can be used to systematically generate random test data that
can be used to test programs - answerC. Testing should be performed with live data to
cover all possible situations
Which of the following statements pertaining to a security policy is incorrect?
A. Its main purpose is to inform the users, administrators and managers of their
obligatory requirements for protecting technology and information assets.
B. It specifies how hardware and software should be used throughout the organization.
C. It needs to have the acceptance and support of all levels of employees within the
organization in order for it to be appropriate and effective.
D. It must be flexible to the changing environment. - answerB. It specifies how hardware
and software should be used throughout the organization.
Which of the following can be defined as the process of rerunning a portion of the test
scenario or test plan to ensure that changes or corrections have not introduced new
errors?
A. Unit testing
B. Pilot testing
C. Regression testing
D. Parallel testing - answerC. regression testing
Which of the following statements pertaining to software testing approaches is correct?
A. A bottom-up approach allows interface errors to be detected earlier.
B. A top-down approach allows errors in critical modules to be detected earlier.
C. The test plan and results should be retained as part of the system's permanent
documentation.
D. Black box testing is predicated on a close examination of procedural detail. -
answerC. The test plan and results should be retained as part of the system's
permanent documentation.
Which of the following test makes sure the modified or new system includes appropriate
access controls and does not introduce any security holes that might
compromise other systems?
A. Recovery testing
, B. Security testing
C. Stress/volume testing
D. Interface testing - answerB. security testing
Which of the following phases of a software development life cycle normally addresses
Due Care and Due Diligence?
A. Implementation
B. System feasibility
C. Product design
D. Software plans and requirements - answerD. software plans and requirements
Which of the following phases of a software development life cycle normally
incorporates the security specifications, determines access controls, and evaluates
encryption options?
A. Detailed design
B. Implementation
C. Product design
D. Software plans and requirements - answerC. product design
Which of the following is less likely to be included in the change control sub-phase of
the maintenance phase of a software product?
A. Estimating the cost of the changes requested
B. Recreating and analyzing the problem
C. Determining the interface that is presented to the user
D. Establishing the priorities of requests - answerD. establishing the priorities of
requests
What is the act of obtaining information of a higher sensitivity by combining information
from lower levels of sensitivity?
A. Polyinstantiation
B. Inference
C. Aggregation
D. Data mining - answerC. Aggregation
Which expert system operating mode allows determining if a given hypothesis is valid?
A. Blackboard
B. Lateral chaining
C. Forward chaining
D. Backward chaining - answerD. backward chaining
Why does compiled code pose more of a security risk than interpreted code?
A. Because malicious code can be embedded in compiled code and be difficult to
detect.
B. If the executed compiled code fails, there is a chance it will fail insecurely.
C. Because compilers are not reliable.
