Secure software development rewview quiz one
Questions and Answers
true or false. Diffusion states that ciphertext should have complex nonlinear relationship **
Answ** True
True or false: A message digest can only guarantee integrity when it has an added layer of
security to prevent its modification ** Answ** True
______ us the prevention of unauthorized access to information ** Answ** Confidentiality
True or false: Security by obscurity is an effective means of securing a system by hiding
information in obscure places where it is unlikely to be found by an attacker. ** Answ**
false
Zombie ** Answ** A compromised system that acts on behalf of its controller rather than
the user
Backdoor ** Answ** This is an unintentional channel that is used to communicate with a
system around stablished security.
Scanner ** Answ** Attempts to find vulnerabilities in the system by probing it
Spyware ** Answ** trackers user movement and activity and offloads it to the installer
Trojan ** Answ** Acts as a different program and may even function but contains malicious
software.
The primary purpose of a vulnerability scanner is ** Answ** To identify known issues and
problems in a system.
, A ___ is a design flaw or implementation bug that allows for the possibility of attack against a
system ** Answ** Vulnerability
True or false: a logic bomb can remain doormat for an extended period of time without activity
or detection. ** Answ** true
True or false: scope creep happens when a system loses functionality as it is developed. **
Answ** false
True or False: when a software system prints too much info about itself if can allow an attacker
to learn enough info to compromise a system. ** Answ** true
True or false: A zero day a is named because it has yet it be deployed but it is can be used
repeatably once it is deployed ** Answ** false
True or false: people acting unintentionally to compromise the security of a system cannot cause
as much damage as these acting intentionally. ** Answ** False
True or false: minimizing the attack surface means eliminating as many of potential channels of
attack as possible. ** Answ** True
True or false: hacktivism is the use of computer skills and technology or political purpose. **
Answ** True
The main difference of defining a virus and a worm s traditionally held that a worm ____ **
Answ** does not require user intervention.
confidentiality ** Answ** Info is not disclosed to unintended recipients.
Integrity ** Answ** Info inside system is not change or corrupted outside proper usage
Questions and Answers
true or false. Diffusion states that ciphertext should have complex nonlinear relationship **
Answ** True
True or false: A message digest can only guarantee integrity when it has an added layer of
security to prevent its modification ** Answ** True
______ us the prevention of unauthorized access to information ** Answ** Confidentiality
True or false: Security by obscurity is an effective means of securing a system by hiding
information in obscure places where it is unlikely to be found by an attacker. ** Answ**
false
Zombie ** Answ** A compromised system that acts on behalf of its controller rather than
the user
Backdoor ** Answ** This is an unintentional channel that is used to communicate with a
system around stablished security.
Scanner ** Answ** Attempts to find vulnerabilities in the system by probing it
Spyware ** Answ** trackers user movement and activity and offloads it to the installer
Trojan ** Answ** Acts as a different program and may even function but contains malicious
software.
The primary purpose of a vulnerability scanner is ** Answ** To identify known issues and
problems in a system.
, A ___ is a design flaw or implementation bug that allows for the possibility of attack against a
system ** Answ** Vulnerability
True or false: a logic bomb can remain doormat for an extended period of time without activity
or detection. ** Answ** true
True or false: scope creep happens when a system loses functionality as it is developed. **
Answ** false
True or False: when a software system prints too much info about itself if can allow an attacker
to learn enough info to compromise a system. ** Answ** true
True or false: A zero day a is named because it has yet it be deployed but it is can be used
repeatably once it is deployed ** Answ** false
True or false: people acting unintentionally to compromise the security of a system cannot cause
as much damage as these acting intentionally. ** Answ** False
True or false: minimizing the attack surface means eliminating as many of potential channels of
attack as possible. ** Answ** True
True or false: hacktivism is the use of computer skills and technology or political purpose. **
Answ** True
The main difference of defining a virus and a worm s traditionally held that a worm ____ **
Answ** does not require user intervention.
confidentiality ** Answ** Info is not disclosed to unintended recipients.
Integrity ** Answ** Info inside system is not change or corrupted outside proper usage
