Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
58 Cards in this Set
- Front
- Back
|
_____________ is all the tasks that go into a software engineering project from start to finish. |
SDLC (Software Development Life Cycle)
|
|
|
What are the the types of development methods? (6)
|
Waterfall
Agile Prototyping Spiral Clean Room Extreme Programming |
|
|
In Integrated Product Teams, what are:
- IPPD (Integrated Product and Process Development) - IPT (Integrated Product Team) - DevOps |
- IPPD Keeps track of big picture
- IPT (Multidisciplinary group of people - responsible for defined product/process) - DevOps (Blending of tasks performed by company's application development/system operations teams) |
|
|
Which software development model has discrete phases of development that each require formal reviews, approval and documentation before moving to the next step? (measure twice, cut once) |
Waterfall Method (Linear) |
|
|
Which software development model tests concepts and allows rapid development and testing for feedback? RAD (Rapid Application Dev. - Time limits) JAD (Joint Analysis Dev. - Working with users) |
Prototyping |
|
|
Which software development model has multiple cycles that are repeated in iterations and risk is assessed at each one? |
Spiral |
|
|
Which software development model is based on the Spiral, based on close face-to-face feedback with the customers and is based on storyboarding? Fast delivery. |
Agile Model (ASAP) |
|
|
What is a programming technique for Agile framework for effective team collaboration on complex software projects? It incorporates short 2-3 week iterations called ________. |
Scrum, sprints |
|
|
Which software development model is an Agile framework that is focused on teamwork and getting done quickly, with very little sleep? Based on user stories (daily actions) |
Extreme Programming |
|
|
Which software development model that trusts the developer to write good code and gets software right the first time? |
Clean Room |
|
|
What is CASE? |
Computer Aided Software Engineering - Integrated Development Environment - aids in development of software (quickly) (tools document as you go) |
|
|
In programming, what is the difference between a compiler and an interpreter? |
compiler: translates a high level machine language translator: reads line by line - much slower than compiled language. |
|
|
In software development, what does CMMI stand for? |
Capability Maturity Model Integrated (a standard model) (replaced CMM) |
|
|
What is the primary standard for software developers to be rated for strong (mature) practices? |
CMMI (Capability Maturity Model Integrated) Levels 1-5, 5 is best! |
|
|
What is the only CMM developed specifically to address security in addition to maturity? |
SSE-CMM (Systems Security Engineering - Capability Maturity Model) Levels 1-5, 5 is best! |
|
|
What is the open source CMM? |
Software Assurance Maturity Model (SAMM)
*used with OWASP |
|
|
________ is a framework for IT Governance in a software development company. Aids IT management in developing clear policies and applying industry best practices. |
COBIT |
|
|
Regarding software development, what is ISO 90003? |
A new standard in the application of ISO 9001
|
|
|
What is Unit Testing? |
Individual modules/packages are compiled |
|
|
What is Integration Testing? |
Completed system is verified |
|
|
What is regression testing? |
Specialist evaluation after changes |
|
|
What is software Penetration testing? |
Can I break it? |
|
|
What is Acceptance Testing? |
Meet requirements at the end |
|
|
In an ACID test, what does each letter stand for? |
Atomicity Consistency Isolation Durability |
|
|
Short Java programs that run within a user's browser are called _________. |
applets |
|
|
What is is a software component that adds a specific feature to an existing computer program (as in a web browser)? When a program supports plug-ins, it enables customization. |
Plugins |
|
|
What are the CMMs correct order of maturity levels? (level 1 to 5) Repeatable, managed, initial, optimized, defined |
1. Initial 2. Repeatable 3. defined 4. managed 5. optimizing |
|
|
What is static vs dynamic testing? |
Static: review without executing code dynamic: review while code is running. |
|
|
In Quality Control, Verification deals with ____________ standards, while Validation deals with ______________ standards. |
Internal, External |
|
|
Using hacker techniques against a system is called Misuse Case Testing? T/F |
True |
|
|
An ________test is done with antivirus software by introducing a string that all antivirus products recognize as hostile so that testing can be conducted. |
EICAR |
|
|
The difference between DoS and DDoS? |
The attacker in DoS is usually from one source. In DDoS, the attack has been spread to many hosts as launch platforms. DDoS done by Botnet (zombies, or compromised hosts) commanded by a bot-herder |
|
|
What is a smurf attack? |
ICMP Echo broadcast spoofed to source IP (DoS attack) |
|
|
In Object Oriented programming, define message, method, and behavior? |
- Message: how objects communicate to operate - Method: function of actions an object can carry out - Behavior: results or output of an object upon receipt of a message |
|
|
What is polymorphism? |
Multiple forms with different outputs |
|
|
What is Polyinstantiation? |
Many answers for the same security question - (what color are your eyes) |
|
|
Difference between high and low cohesion? |
high = more connections or easier to talk to each other (simpler/faster tasks can be carried out) High Good |
|
|
Difference between high and low coupling? |
high needs more help (more "couplets" to connect will equal more coordination to complete)
Low = Good |
|
|
What is the difference of these attack vectors? - Web based server side - Web based client side - Network based |
- Web based server side: defacement, cross-scripting, SQL injection - Web based client side: downloaded scripts - Network based: physical or logical access |
|
|
In distributed computing, what was created to allow applications to exchange information over the Internet (though it lacks security)? |
Simple Object Access Protocol (SOAP) |
|
|
In a distributed environment, what is CORBA (Common Object Request Broker)? |
Allows for interoperability among the vast array of different software platforms, and hardware. (platform independent middleware)
OLE and ActiveX should be wrong. CORBA should be right. |
|
|
What is a Microsoft middleware that allows two programs to talk? |
Object Linking and Embedding (OLE) |
|
|
Java applets are (good or bad) for our purposes? |
Good (uses byte code) (not Bite-Me code) |
|
|
Microsoft ________ runs using OLE. It SUX! |
Active X |
|
|
What is an older method of manipulating data passed into a website? (CGI) |
Common Gateway Interface (Bad) |
|
|
T/F Javascript and Java are related? |
False! But Javascript is still ok (runs in a sandbox). ActiveX bad! |
|
|
What is a Fraggle attack? |
Similar to smurf, but uses UDP instead of ICMP |
|
|
An __________ (ANN) is a mathematical or computational model based on the neural structure of the brain. |
Artificial Neural Network (ANN) |
|
|
What is software escrow? |
a legal contract with a third party that provides clients with access to a smaller developer's source code in the event of a business failure. (must request prior to development)
Third party |
|
|
What is software assurance? |
Level of confidence that acquired software is free from vulnerabilities. |
|
|
What are the 7 similar process steps in software development? (NIST's SP 800-64 SDLC Process steps in Bold) |
1. Project Initiation/Risk Analysis (1) 2. Functional Design Analysis/Planning 3. System Design Specification 4. Software Development (write code) (2) 5. Install/Test Implement (3) Only in SLC model: 6. Operational Maintenance (4) 7. Disposal (5) |
|
|
In Software as a Service (SaaS) What is the Service-oriented library? |
ITIL (IT information Library) |
|
|
What is Fuzz Testing or "fuzzing"? |
Black box software testing technique. Automaticall feeds a program multiple input iterations, constructed to trigger an internal error, like a bug and potentially crash it. |
|
|
SQL command injection is good/bad for web application? |
Bad |
|
|
XSS (Cross Site Scripting) is good/bad for web application? |
Bad |
|
|
What is the _aaS if you hire a middle man to do your hacking called? |
Malware as a Service. |
|
|
1. A virus is _______in a program. 2. A logic bomb is triggered by an ________. 3. A trojan horse is ________ by a user. 4. A Root kit is ________ within an operating system. |
1. Embedded 2. Event 3. Installed 4. Hidden |
|
|
What are the countermeasures for a DDoS at the LAN perimeter |
Drop all ICMP packets originating from the Internet at the firewall. |
