Exam (elaborations)
CPHIMS EXAM QUESTIONS AND ANSWERS 100% CORRECT
- Course
- Institution
CPHIMS EXAM QUESTIONS AND ANSWERS 100% CORRECT...
[Show more]
Content preview
CPHIMS 2025-2026 EXAM QUESTIONS ANDANSWERS 100% CORRECT
Threat Sources for Systems Privacy and Security
1. humans, including employee saboteurs and hackers 2. natural disasters or other
environmental events.
Risk mitigation process
Was are used to lower the factor of risk. It includes an action that can be taken in order
to lower the risk, controls over it that will help lower the risk, and also documentation of
the residual risk.
AAA or triple A
1. Approach 2. Authentication 3. Accounting
Authentication
1. User knows 2. User has - Token 3. Biometric - fingerprint
Physical safeguards
Physical safeguards are the measures, policies and procedures that protect electronic
information systems from natural and environmental hazards as well as unauthorized
intrusion. Examples of physical safeguards include data centers located outside a
floodplain, having redundant sources of power and limiting access to server rooms or
areas where data may be accessed or damaged.
Network diagramsto include the location and configuration of firewalls, servers and
routers must be maintained.
Strategy
A master plan to achieve one or more long-range or overall objectives under uncertainty
SWOT analysis
A planning tool for examining information on an organization's: strengths, weaknesses,
opportunities and threats
,IT Strategic plan
A set of long-term objectives that describes the IT infrastructure along with major IT
initiatives necessary to accomplish the organizations objectives
Test Strategies
1. testing scope and objectives
2. testing tools and automation
3. Risks and mitigation
4. Testing roles and responsibilities
5. Testing measurements and metrics
6. Defect reporting and tracking
Manual testing - tools required
1. Written test plan
2. Test script
3. Method of recording test results
Black Box Testing
Also known as Functional testing.
Look at program spec to develop test data covering I/O and program functions. Tester
has no knowledge of the internal ops of the system
White box testing
Internal structures of the system as opposed to its functionality
Also knows as structure testing
Grey Box Testing
Gray-box testing is a combination of white-box testing and black-box testing. Goal of this
,testing is to search for the defects if any due to improper structure or improper usage of
applications.
Tester knows expected functionality and some understanding of internal structures
What are 3 testing types performed at specific levels of development?
1. unit level testing
2. integration testing
3. system testing
3 Examples of Objective testing
1. stress
2. user acceptance
3. regression
Unit testing
Smallest part of an application that can be independently tested
Unit tests are
Written by programmers and white-box testers in during the development of the
application
Used to guarantee pieces function in isolation, but individually can't be relied on with
regards to functions being valid
Integration testing
Integration testing is the systematic testing of individual software modules,
applications, or units integrated together that test them as a combined entity for the
purpose of finding interface defects between the integrated components, how well they
interact with each other.
, - When in Gray Box testing this type is mostly applied: The tester needs to be informed of
the internal code of the individual units and also the expected system functionality.
System Testing
Carried out on a full, integrated system to assess the system's conformity with its set
requirements.
Stress testing
Looks for the stability of system. Tests beyond normal operational capacity, sometimes
to a breaking point, to see what happens as a result.
Acceptance testing
To check that requirements of a specification or contract are satisfied and to verify
successful system implementation.
3 types of test controls
1. Version controls or revision controls
2. Security audits
3. Change controls
Version control
monitors and gives control over the different changes made to source code.
Sometimes, software developers and testers make use of version control software to
maintain documentation and configuration files, along with source code.
Also known as revision control
Change control
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Easton. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
81989 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now