100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CISSP PRACTICE TESTS Chapter 8▪Software Development Security (Domain8). Questions and answers, 100% ACCURATE. $12.49   Add to cart

Exam (elaborations)

CISSP PRACTICE TESTS Chapter 8▪Software Development Security (Domain8). Questions and answers, 100% ACCURATE.

 7 views  0 purchase
  • Course
  • Institution

CISSP PRACTICE TESTS Chapter 8▪Software Development Security (Domain8). Questions and answers, 100% ACCURATE. 1. When desgning an object-oriented model, which of the following situations is ideal? A. High cohesion, high coupling B. High cohesion, low coupling C. Low cohesion, low couplin...

[Show more]

Preview 3 out of 27  pages

  • February 21, 2023
  • 27
  • 2022/2023
  • Exam (elaborations)
  • Questions & answers
avatar-seller
CISSP PRACTICE TESTS Chapter
8▪Software Development Security
(Domain8). Questions and answers,
100% ACCURATE.

1. When desgning an object-oriented model, which of the following situations is ideal?

A. High cohesion, high coupling

B. High cohesion, low coupling

C. Low cohesion, low coupling

D. Lo cohesion, high coupling - ✔✔-B. High cohesion, low coupling



2. Which of the following is a common way that attackers leverage botnets?

A. Sending spam messages

B. Conducting brute-force attacks

C. Scanning for vulnerable systems

D. All of the above - ✔✔-D. All of the above



3. Which one of the following statements is not true about code review?

A. Code review should be a peer-driven process that includes multiple developers.

B. Code review may be automated.

C. Code review occurs during thebdesign phase.

D. Code reviewers may expect to review several hundred lines of code per hour. - ✔✔-C. Code review
occurs during the design phase.



4. Harold's conpany has a strong password policy that requires a minimum length of 12 characters and
the use of both alphanumeric characters and symbols. What technique would be the most effective way
for an attacker to compromise passwords in Harold's organization?

A. Brute-force attack

,B. Dictionary attack

C. Rainbow table attack

D. Social engineering attack - ✔✔-D. Social engineering attack



5. Which process is responsible for ensuring that changes to software include acceptance testing?

A. Request control

B. Change control

C. Release control

D. Configuration control - ✔✔-C. Release control



6. Which one of the following attack types attempts to exploit the trust relationship that a user's
browser has with other websites by forcing the submission of an authenticated request to a third-party
site?

A. XSS

B. CSRF

C. SQL injection

D. Session hijacking - ✔✔-B. CSRF



7. When using the SDLC, which one of these steps should you take before the others?

A. Functional requirements determination

B. Control specifications development

C. Code review

D. Design review - ✔✔-A. Functional requirements determination



8. Jaime is a technical support analyst and is asked to visit a user whose computer is displaying the error
message shown here. What state has this computer entered? Refer to page 161 in the book.

A. Fall open

B. Irrecoverable error

C. Memory exhaustion

, D. Fail secure - ✔✔-D. Fail secure



9. Which one of the following is not a goal of software threat modeling?

A.To reduce the number of security-related design flaws

B. To reduce the number of security-related coding flaws

C. To reduce the severity of non-security flaws

D. To reduce the number of threat vectors - ✔✔-D. To reduce the number of threat vectors



10. In the diagram shown here, which is an example of method?

ACCOUNT

Balance: currency=0

Owner: string

AddFunds(deposit: currency)

RemoveFunds (withdrawal: currency)

A. Account

B. Owner

C. Add Funds

D. None of theabovr - ✔✔-C. Add Funds



11. Which one of the following is considered primary storage?

A. Memory

B. Hard disk

C. Flash drive

D. DVD - ✔✔-A. Memory



12. Which one of the following testing methodologies typically works without access to source code?

A. Dynamic testing

B. Static testing

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller QuickPass. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $12.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

81989 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling

Recently viewed by you


$12.49
  • (0)
  Add to cart