Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
100 Cards in this Set
- Front
- Back
|
QUESTION NO: 601 Which of the following is commonly used for retrofitting multilevel security to a database management system? A. trusted front-end B. trusted back-end C. controller D. kernel |
A. trusted front-end |
|
|
QUESTION NO: 602 Which of the following is an advantage of using a high-level programming language? A. It decreases execution times for programs B. It allows programmers to define syntax C. It requires programmer-controlled storage management D. It enforces coding standards |
D. It enforces coding standards |
|
|
QUESTION NO: 603 In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected? A. The transactions should be dropped from processing. B. The transactions should be processed after the program makes adjustments. C. The transactions should be written to a report and reviewed. D. The transactions should be corrected and reprocessed. |
A. The transactions should be dropped from processing. |
|
|
QUESTION NO: 604 Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and its sensitivity level? A. System Auditor B. Data or Information Owner C. System Manager D. Data or Information user |
B. Data or Information Owner |
|
|
QUESTION NO: 605 A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle? A. project initiation and planning phase B. system design specification phase C. development & documentation phase D. acceptance phase |
D. acceptance phase |
|
|
QUESTION NO: 606 Which of the following is often the greatest challenge of distributed computing solutions? A. scalability B. security C. heterogeneity D. usability |
B. security |
|
|
QUESTION NO: 607 What is the appropriate role of the security analyst in the application system development or acquisition project? A. policeman B. control evaluator & consultant C. data owner D. application user |
B. control evaluator & consultant |
|
|
QUESTION NO: 608 The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization? A. project initiation and planning phase B. system design specifications phase C. development and documentation phase D. in parallel with every phase throughout the project |
D. in parallel with every phase throughout the project |
|
|
QUESTION NO: 609 Operations Security seeks to primarily protect against which of the following? A. object reuse B. facility disaster C. compromising emanations D. asset threats |
D. asset threats |
|
|
QUESTION NO: 610 A 'Pseudo flaw' is which of the following? A. An apparent loophole deliberately implanted in an operating system program as a trap for intruders. B. An omission when generating Psuedo-code. C. Used for testing for bounds violations in application programming. D. A normally generated page fault causing the system to halt. |
A. An apparent loophole deliberately implanted in an operating system program as a trap for intruders. |
|
|
QUESTION NO: 611 With SQL Relational databases where is the actual data stored? A. Views B. Tables C. Schemas and sub-schemas D. Index-sequential tables |
B. Tables |
|
|
QUESTION NO: 612 Which of the following is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes? A. The Software Capability Maturity Model (CMM) B. The Spiral Model C. The Waterfall Model D. Expert Systems Model |
A. The Software Capability Maturity Model (CMM) |
|
|
QUESTION NO: 613 Which of the following determines that the product developed meets the projects goals? A. verification B. validation C. concurrence D. accuracy |
B. validation |
|
|
QUESTION NO: 614 Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements? A. Validation B. Verification C. Assessment D. Accuracy |
B. Verification |
|
|
QUESTION NO: 615 Which of the following is one of the oldest and most common problems in software development that is still very prevalent today? A. Buffer Overflow B. Social Engineering C. Code injection for machine language D. Unassembled reversible DOS instructions. |
A. Buffer Overflow |
|
|
QUESTION NO: 616 Which of the following is NOT true concerning Application Control? A. It limits end users use of applications in such a way that only particular screens are visible. B. Only specific records can be requested through the application controls C. Particular usage of the application can be recorded for audit purposes D. It is non-transparent to the endpoint applications so changes are needed to the applications and databases involved |
D. It is non-transparent to the endpoint applications so changes are needed to the applications and databases involved |
|
|
QUESTION NO: 617 The object-relational and object-oriented models are better suited to managing complex data such as required for which of the following? A. computer-aided development and imaging B. computer-aided duplexing and imaging C. computer-aided processing and imaging D. computer-aided design and imaging |
D. computer-aided design and imaging |
|
|
QUESTION NO: 618 Which of the following is not an element of a relational database model? A. Relations, tuples, attributes and domains B. Data Manipulation Language (DML) on how the data will be accessed and manipulated C. Constraints to determine valid ranges and values D. Security structures called referential validation within tables |
D. Security structures called referential validation within tables |
|
|
QUESTION NO: 619 A persistent collection of interrelated data items can be defined as which of the following? A. database B. database management system C. database security D. database shadowing |
A. database |
|
|
QUESTION NO: 620 The description of the database is called a schema. The schema is defined by which of the following? A. Data Control Language (DCL). B. Data Manipulation Language (DML). C. Data Definition Language (DDL). D. Search Query Language (SQL). |
C. Data Definition Language (DDL). |
|
|
QUESTION NO: 621 Which of the following defines the software that maintains and provides access to the database? A. database management system (DBMS) B. relational database management system (RDBMS) C. database identification system (DBIS) D. Interface Definition Language system (IDLS) |
A. database management system (DBMS) |
|
|
QUESTION NO: 622 Which of the following represents a relation, which is the basis of a relational database? A. One-dimensional table B. Two-dimensional table C. Three-dimensional table D. Four-dimensional table |
B. Two-dimensional table |
|
|
QUESTION NO: 623 Which of the following represents the rows of the table in a relational database? A. attributes B. records or tuples C. record retention D. relation |
B. records or tuples |
|
|
QUESTION NO: 624 Which of the following can be defined as the set of allowable values that an attribute can take? A. domain of a relation B. domain name service of a relation C. domain analysis of a relation D. domains, in database of a relation |
A. domain of a relation |
|
|
QUESTION NO: 625 Which of the following can be defined as a unique identifier in the table that unambiguously points to an individual tuple or record in the table? A. primary key B. candidate key C. secondary key D. foreign key |
A. primary key |
|
|
QUESTION NO: 626 Which of the following can be defined as THE unique attribute used as a unique identifier within a given table to identify a tuple? A. primary key B. candidate key C. foreign key D. secondary key |
A. primary key |
|
|
QUESTION NO: 627 Which of the following can be defined as an attribute in one relation that has values matching the primary key in another relation? A. foreign key B. candidate key C. primary key D. secondary key |
A. foreign key |
|
|
QUESTION NO: 628 Referential Integrity requires that for any foreign key attribute, the referenced relation must have a tuple with the same value for which of the following? A. primary key B. secondary key C. foreign key D. candidate key |
A. primary key |
|
|
QUESTION NO: 629 Matches between which of the following are important because they represent references from one relation to another and establish the connections among these relations? A. foreign key to primary key B. foreign key to candidate key C. candidate key to primary key D. primary key to secondary key |
A. foreign key to primary key |
|
|
QUESTION NO: 630 A database view is the results of which of the following operations? A. Join and Select. B. Join, Insert, and Project. C. Join, Project, and Create. D. Join, Project, and Select. |
D. Join, Project, and Select. |
|
|
QUESTION NO: 631 In regards to the query function of relational database operations, which of the following represent implementation procedures that correspond to each of the low-level operations in the query? A. query plan B. relational plan C. database plan D. structuring plan |
A. query plan |
|
|
QUESTION NO: 632 In regards to relational database operations using the Structure Query Language (SQL), which of the following is a value that can be bound to a placeholder declared within an SQL statement? A. A bind value B. An assimilation value C. A reduction value D. A resolution value |
A. A bind value |
|
|
QUESTION NO: 633 Which of the following are placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server? A. Bind variables B. Assimilation variables C. Reduction variables D. Resolution variables |
A. Bind variables |
|
|
QUESTION NO: 634 Which of the following is an important part of database design that ensures that attributes in a table depend only on the primary key? A. Normalization B. Assimilation C. Reduction D. Compaction |
A. Normalization |
|
|
QUESTION NO: 635 Normalizing data within a database could include all or some of the following except which one? A. Eliminate duplicative columns from the same table. B. Eliminates functional dependencies on a partial key by putting the fields in a separate table from those that are dependent on the whole key C. Eliminates Functional dependencies on non-key fields by putting them in a separate table. At this level, all non-key fields are dependent on the primary key. D. Eliminating duplicate key fields by putting them into separate tables. |
D. Eliminating duplicate key fields by putting them into separate tables. |
|
|
QUESTION NO: 636 Which of the following is used to create and modify the structure of your tables and other objects in the database? A. SQL Data Definition Language (DDL) B. SQL Data Manipulation Language (DML) C. SQL Data Relational Language (DRL) D. SQL Data Identification Language (DIL) |
A. SQL Data Definition Language (DDL) |
|
|
QUESTION NO: 637 SQL commands do not include which of the following? A. Select, Update B. Grant, Revoke C. Delete, Insert D. Add, Relist |
D. Add, Relist |
|
|
QUESTION NO: 638 Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are more suited to which of the following database type? A. Object-Oriented Databases (OODB) B. Object-Relational Databases C. Relational Databases D. Database management systems (DBMS) |
A. Object-Oriented Databases (OODB) |
|
|
QUESTION NO: 639 With regard to databases, which of the following has characteristics of ease of reusing code and analysis and reduced maintenance? A. Object-Oriented Databases (OODB) B. Object-Relational Databases (ORDB) C. Relational Databases D. Database management systems (DBMS) |
A. Object-Oriented Databases (OODB) |
|
|
QUESTION NO: 640 Which of the following is the marriage of object-oriented and relational technologies combining the attributes of both? A. object-relational database B. object-oriented database C. object-linking database D. object-management database |
A. object-relational database |
|
|
QUESTION NO: 641 What is used to hide data from unauthorized users by allowing a relation in a database to contain multiple tuples with the same primary keys with each instance distinguished by a security level? A. Data mining B. Polyinstantiation C. Cell suppression D. Noise and perturbation |
B. Polyinstantiation |
|
|
QUESTION NO: 642 Which of the following translates source code one command at a time for execution on a computer? A. A translator B. An interpreter C. A compiler D. An assembler |
B. An interpreter |
|
|
QUESTION NO: 643 Which of the following is a Microsoft technology for communication among software components distributed across networked computers? A. DDE B. OLE C. ODBC D. DCOM |
D. DCOM |
|
|
QUESTION NO: 644 Which of the following statements relating to Distributed Computing Environment (DCE) is FALSE? A. It is a layer of software that sits on the top of the network layer and provides services to the applications above it. B. It uses a Universal Unique Identifier (UUID) to uniquely identify users, resources and components. C. It provides the same functionality as DCOM, but it is more proprietary than DCOM. D. It is a set of management services with a communication layer based on RPC. |
C. It provides the same functionality as DCOM, but it is more proprietary than DCOM. |
|
|
QUESTION NO: 645 Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software? A. Stealth viruses B. Polymorphic viruses C. Trojan horses D. Logic bombs |
B. Polymorphic viruses |
|
|
QUESTION NO: 646 Why would a database be denormalized? A. To ensure data integrity B. To increase processing efficiency C. To prevent duplication of data D. To save storage space |
B. To increase processing efficiency |
|
|
QUESTION NO: 647 Risk analysis is MOST useful when applied during which phase of the system development process? A. Project initiation and Planning B. Functional Requirements definition C. System Design Specification D. Development and Implementation |
`
A. Project initiation and Planning |
|
|
QUESTION NO: 648 Which of the following would MOST likely ensure that a system development project meets business objectives? A. Development and tests are run by different individuals B. User involvement in system specification and acceptance C. Development of a project plan identifying all development activities D. Strict deadlines and budgets |
B. User involvement in system specification and acceptance |
|
|
QUESTION NO: 649 What is RAD? A. A development methodology B. A project management technique C. A measure of system complexity D. Risk-assessment diagramming |
A. A development methodology |
|
|
QUESTION NO: 650 Which of the following best describes the purpose of debugging programs? A. To generate random data that can be used to test programs before implementing them. B. To ensure that program coding flaws are detected and corrected. C. To protect, during the programming phase, valid changes from being overwritten by other changes. D. To compare source code versions before transferring to the test environment |
B. To ensure that program coding flaws are detected and corrected. |
|
|
QUESTION NO: 651 Which of the following would best describe the difference between white-box testing and black-box testing? A. White-box testing is performed by an independent programmer team. B. Black-box testing uses the bottom-up approach. C. White-box testing examines the program internal logical structure. D. Black-box testing involves the business units |
C. White-box testing examines the program internal logical structure. |
|
|
QUESTION NO: 652 Which of the following is a not a preventative control? A. Deny programmer access to production data. B. Require change requests to include information about dates, descriptions, cost analysis and anticipated effects. C. Run a source comparison program between control and current source periodically. D. Establish procedures for emergency changes. |
C. Run a source comparison program between control and current source periodically. |
|
|
QUESTION NO: 653 Which of the following would provide the BEST stress testing environment taking under consideration and avoiding possible data exposure and leaks of sensitive data? A. Test environment using test data. B. Test environment using sanitized live workloads data. C. Production environment using test data. D. Production environment using sanitized live workloads data. |
B. Test environment using sanitized live workloads data. |
|
|
QUESTION NO: 654 Which of the following BEST explains why computerized information systems frequently fail to meet the needs of users? A. Inadequate quality assurance (QA) tools. B. Constantly changing user needs. C. Inadequate user participation in defining the system's requirements. D. Inadequate project management. |
C. Inadequate user participation in defining the system's requirements. |
|
|
QUESTION NO: 655 Which of the following would be the MOST serious risk where a systems development life cycle methodology is inadequate? A. The project will be completed late. B. The project will exceed the cost estimates. C. The project will be incompatible with existing systems. D. The project will fail to meet business and user needs. |
D. The project will fail to meet business and user needs. |
|
|
QUESTION NO: 656 Which of the following is an advantage of prototyping? A. Prototype systems can provide significant time and cost savings. B. Change control is often less complicated with prototype systems. C. It ensures that functions or extras are not added to the intended system. D. Strong internal controls are easier to implement. |
A. Prototype systems can provide significant time and cost savings. |
|
|
QUESTION NO: 657 Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis? A. DSS is aimed at solving highly structured problems. B. DSS emphasizes flexibility in the decision making approach of users. C. DSS supports only structured decision-making tasks. D. DSS combines the use of models with non-traditional data access and retrieval functions. |
B. DSS emphasizes flexibility in the decision making approach of users. |
|
|
QUESTION NO: 658 Which of the following is an advantage in using a bottom-up versus a top-down approach to software testing? A. Interface errors are detected earlier. B. Errors in critical modules are detected earlier. C. Confidence in the system is achieved earlier. D. Major functions and processing are tested earlier. |
B. Errors in critical modules are detected earlier. |
|
|
QUESTION NO: 659 Which of the following would be the best reason for separating the test and development environments? A. To restrict access to systems under test. B. To control the stability of the test environment. C. To segregate user and development staff. D. To secure access to systems under development. |
B. To control the stability of the test environment. |
|
|
QUESTION NO: 660 Why do buffer overflows happen? What is the main cause? A. Because buffers can only hold so much data B. Because of improper parameter checking within the application C. Because they are an easy weakness to exploit D. Because of insufficient system memory |
B. Because of improper parameter checking within the application |
|
|
QUESTION NO: 661 What is called the number of columns in a table? A. Schema B. Relation C. Degree D. Cardinality |
C. Degree |
|
|
QUESTION NO: 662 Which of the following would not correspond to the number of primary keys values found in a table in a relational database? A. Degree B. Number of tuples C. Cardinality D. Number of rows |
A. Degree |
|
|
QUESTION NO: 663 Which of the following represents the best programming? A. Low cohesion, low coupling B. Low cohesion, high coupling C. High cohesion, low coupling D. High cohesion, high coupling |
C. High cohesion, low coupling |
|
|
QUESTION NO: 664 Java is not: A. Object-oriented. B. Distributed. C. Architecture Specific. D. Multithreaded. |
C. Architecture Specific. |
|
|
QUESTION NO: 665 In which of the following phases of system development life cycle (SDLC) is contingency planning most important? A. Initiation B. Development/acquisition C. Implementation D. Operation/maintenance |
A. Initiation |
|
|
QUESTION NO: 666 Buffer overflow and boundary condition errors are subsets of which of the following? A. Race condition errors. B. Access validation errors. C. Exceptional condition handling errors. D. Input validation errors. |
D. Input validation errors. |
|
|
QUESTION NO: 667 Which of the following does not address Database Management Systems (DBMS) Security? A. Perturbation B. Cell suppression C. Padded cells D. Partitioning |
C. Padded cells |
|
|
QUESTION NO: 668 During which phase of an IT system life cycle are security requirements developed? A. Operation B. Initiation C. Functional design analysis and Planning D. Implementation |
C. Functional design analysis and Planning |
|
|
QUESTION NO: 669 Which of the following phases of a system development life-cycle is most concerned with establishing a good security policy as the foundation for design? A. Development/acquisition B. Implementation C. Initiation D. Maintenance |
C. Initiation |
|
|
QUESTION NO: 670 When considering an IT System Development Life-cycle, security should be: A. Mostly considered during the initiation phase. B. Mostly considered during the development phase. C. Treated as an integral part of the overall system design. D. Added once the design is completed. |
C. Treated as an integral part of the overall system design. |
|
|
QUESTION NO: 671 Risk reduction in a system development life-cycle should be applied: A. Mostly to the initiation phase. B. Mostly to the development phase. C. Mostly to the disposal phase. D. Equally to all phases. |
D. Equally to all phases. |
|
|
QUESTION NO: 672 Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions? A. Development/acquisition B. Implementation C. Operation/Maintenance D. Initiation |
C. Operation/Maintenance |
|
|
QUESTION NO: 673 What can be defined as: It confirms that users’ needs have been met by the supplied solution? A. Accreditation B. Certification C. Assurance D. Acceptance |
D. Acceptance |
|
|
QUESTION NO: 674 Which of the following statements pertaining to software testing is incorrect? A. Unit testing should be addressed and considered when the modules are being designed. B. Test data should be part of the specifications. C. Testing should be performed with live data to cover all possible situations. D. Test data generators can be used to systematically generate random test data that can be used to test programs. |
C. Testing should be performed with live data to cover all possible situations. |
|
|
QUESTION NO: 675 Which of the following can be defined as the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors? A. Unit testing B. Pilot testing C. Regression testing D. Parallel testing |
C. Regression testing |
|
|
QUESTION NO: 676 Which of the following statements pertaining to software testing approaches is correct? A. A bottom-up approach allows interface errors to be detected earlier. B. A top-down approach allows errors in critical modules to be detected earlier. C. The test plan and results should be retained as part of the system's permanent documentation. D. Black box testing is predicated on a close examination of procedural detail. |
C. The test plan and results should be retained as part of the system's permanent documentation. |
|
|
QUESTION NO: 677 Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems? A. Recovery testing B. Security testing C. Stress/volume testing D. Interface testing |
B. Security testing |
|
|
QUESTION NO: 678 Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence? A. Implementation B. System feasibility C. Product design D. Software plans and requirements |
D. Software plans and requirements |
|
|
QUESTION NO: 679 Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options? A. Detailed design B. Implementation C. Product design D. Software plans and requirements |
C. Product design |
|
|
QUESTION NO: 680 In a database management system (DBMS), what is the "cardinality?" A. The number of rows in a relation. B. The number of columns in a relation. C. The set of allowable values that an attribute can take. D. The number of relations in a database. |
A. The number of rows in a relation. |
|
|
QUESTION NO: 681 At which of the basic phases of the System Development Life Cycle are security requirements formalized? A. Disposal B. System Design Specifications C. Development and Implementation D. Functional Requirements Definition |
D. Functional Requirements Definition |
|
|
QUESTION NO: 682 Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product? A. Estimating the cost of the changes requested B. Recreating and analyzing the problem C. Determining the interface that is presented to the user D. Establishing the priorities of requests |
C. Determining the interface that is presented to the user |
|
|
QUESTION NO: 683 Sensitivity labels are an example of what application control type? A. Preventive security controls B. Detective security controls C. Compensating administrative controls D. Preventive accuracy controls |
A. Preventive security controls |
|
|
QUESTION NO: 684 What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity? A. Polyinstantiation B. Inference C. Aggregation D. Data mining |
C. Aggregation |
|
|
QUESTION NO: 685 Which expert system operating mode allows determining if a given hypothesis is valid? A. Blackboard B. Lateral chaining C. Forward chaining D. Backward chaining |
D. Backward chaining |
|
|
QUESTION NO: 686 Why does compiled code pose more of a security risk than interpreted code? A. Because malicious code can be embedded in compiled code and be difficult to detect. B. If the executed compiled code fails, there is a chance it will fail insecurely. C. Because compilers are not reliable. D. There is no risk difference between interpreted code and compiled code. |
A. Because malicious code can be embedded in compiled code and be difficult to detect. |
|
|
QUESTION NO: 687 Which of the following is not a defined maturity level within the Software Capability Maturity Model? A. Repeatable B. Defined C. Managed D. Oriented |
D. Oriented |
|
|
QUESTION NO: 688 Which software development model is actually a meta-model that incorporates a number of the software development models? A. The Waterfall model B. The modified Waterfall model C. The Spiral model D. The Critical Path Model (CPM) |
C. The Spiral model |
|
|
QUESTION NO: 689 Which of the following is used in database information security to hide information? A. Inheritance B. Polyinstantiation C. Polymorphism D. Delegation |
B. Polyinstantiation |
|
|
QUESTION NO: 690 Which model, based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes, introduced five levels with which the maturity of an organization involved in the software process is evaluated? A. The Total Quality Model (TQM) B. The IDEAL Model C. The Software Capability Maturity Model D. The Spiral Model |
C. The Software Capability Maturity Model |
|
|
QUESTION NO: 691 Which of the following characteristics pertaining to databases is not true? A. A data model should exist and all entities should have a significant name. B. Justifications must exist for normalized data. C. No NULLs should be allowed for primary keys. D. All relations must have a specific cardinality. |
B. Justifications must exist for normalized data. |
|
|
QUESTION NO: 692 Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it? A. Aggregation B. Inference C. Clustering D. Collision |
A. Aggregation |
|
|
QUESTION NO: 693 At what stage of the applications development process should the security department become involved? A. Prior to the implementation B. Prior to systems testing C. During unit testing D. During requirements development |
D. During requirements development |
|
|
QUESTION NO: 694 What is one disadvantage of content-dependent protection of information? A. It increases processing overhead. B. It requires additional password entry. C. It exposes the system to data locking. D. It limits the user's individual address space. |
A. It increases processing overhead. |
|
|
QUESTION NO: 695 In what way could Java applets pose a security threat? A. Their transport can interrupt the secure distribution of World Wide Web pages over the Internet by removing SSL and S-HTTP B. Java interpreters do not provide the ability to limit system access that an applet could have on a client system. C. Executables from the Internet may attempt an intentional attack when they are downloaded on a client system. D. Java does not check the bytecode at runtime or provide other safety mechanisms for program isolation from the client system. |
C. Executables from the Internet may attempt an intentional attack when they are downloaded on a client system. |
|
|
QUESTION NO: 696 A system file that has been patched numerous times becomes infected with a virus. The anti-virus software warns that disinfecting the file may damage it. What course of action should be taken? A. Replace the file with the original version from master media B. Proceed with automated disinfection C. Research the virus to see if it is benign D. Restore an uninfected version of the patched file from backup media |
D. Restore an uninfected version of the patched file from backup media |
|
|
QUESTION NO: 697 For competitive reasons, the customers of a large shipping company called the "Integrated International Secure Shipping Containers Corporation" (IISSCC) like to keep private the various cargos that they ship. IISSCC uses a secure database system based on the Bell-LaPadula access control model to keep this information private. Different information in this database is classified at different levels. For example, the time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other's cargos. An unscrupulous fruit shipper, the "Association of Private Fuit Exporters, Limited" (APFEL) wants to learn whether or not a competitor, the "Fruit Is Good Corporation" (FIGCO), is shipping pineapples on the ship "S.S. Cruise Pacific" (S.S. CP). APFEL can't simply read the top secret contents in the IISSCC database because of the access model. A smart APFEL worker, however, attempts to insert a false, unclassified record in the database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so APFEL can't be sure whether or not FIGCO is shipping pineapples on the S.S. CP. What is the name of the access control model property that prevented APFEL from reading FIGCO's cargo information? What is a secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples? A. *-Property and Polymorphism B. Strong *-Property and Polyinstantiation C. Simple Security Property and Polymorphism D. Simple Security Property and Polyinstantiation |
D. Simple Security Property and Polyinstantiation |
|
|
QUESTION NO: 698 A shared resource matrix is a technique commonly used to locate: A. Malicious code B. Security flaws C. Trap doors D. Covert channels |
D. Covert channels |
|
|
QUESTION NO: 699 What is NOT included in a data dictionary? A. Data Element Definitions B. Schema Objects C. Reference Keys D. Structured Query Language |
D. Structured Query Language |
|
|
QUESTION NO: 700 In which phase of the System Development Lifecycle (SDLC) is Security Accreditation Obtained? A. Functional Requirements Phase B. Testing and evaluation control C. Acceptance Phase D. Postinstallation Phase |
B. Testing and evaluation control |
