176 Chapter 8 ■ Software Development Security (Domain 8)
- When designing an object-oriented model, which of the following situations is ideal?
A. High cohesion, high coupling
B. High cohesion, low coupling
C. Low cohesion, low coupling
D. Low cohesion, high coupling - Which of the following is a common way that attackers leverage botnets?
A. Sending spam messages
B. Conducting brute-force attacks
C. Scanning for vulnerable systems
D. All of the above - Which one of the following statements is not true about code review?
A. Code review should be a peer-driven process that includes multiple developers.
B. Code review may be automated.
C. Code review occurs during the design phase.
D. Code reviewers may expect to review several hundred lines of code per hour. - Harold’s company has a strong password policy that requires a minimum length of 12
characters and the use of both alphanumeric characters and symbols. What technique
would be the most effective way for an attacker to compromise passwords in Harold’s
organization?
A. Brute-force attack
B. Dictionary attack
C. Rainbow table attack
D. Social engineering attack - Which process is responsible for ensuring that changes to software include acceptance
testing?
A. Request control
B. Change control
C. Release control
D. Configuration control - Which one of the following attack types attempts to exploit the trust relationship that
a user’s browser has with other websites by forcing the submission of an authenticated
request to a third-party site?
A. XSS
B. CSRF
C. SQL injection
D. Session hijacking