Chapter 8 ■ Software Development Security (Domain 8) 181
- Carrie is analyzing the application logs for her web-based application and comes across
the following string:
../../../../../../../../../etc/passwd
What type of attack was likely attempted against Carrie’s application?
A. Command injection
B. Session hijacking
C. Directory traversal
D. Brute force- When should a design review take place when following an SDLC approach to software
development?
A. After the code review
B. After user acceptance testing
C. After the development of functional requirements
D. After the completion of unit testing - Tracy is preparing to apply a patch to her organization’s enterprise resource planning
system. She is concerned that the patch may introduce flaws that did not exist in prior
versions, so she plans to conduct a test that will compare previous responses to input with
those produced by the newly patched application. What type of testing is Tracy planning?
A. Unit testing
B. Acceptance testing
C. Regression testing
D. Vulnerability testing - What term is used to describe the level of confidence that software is free from vulner-
abilities, either intentionally designed into the software or accidentally inserted at any time
during its life cycle, and that the software functions in the intended manner?
A. Validation
B. Accreditation
C. Confidence interval
D. Assurance - Victor recently took a new position at an online dating website and is responsible for lead-
ing a team of developers. He realized quickly that the developers are having issues with
production code because they are working on different projects that result in conflicting
modifications to the production code. What process should Victor invest in improving?
A. Request control
B. Release control
C. Change control
D. Configuration control