196 Chapter 8 ■ Software Development Security (Domain 8)
- What technique do API developers most commonly use to limit access to an API to autho-
rized individuals and applications?
A. Encryption
B. Input validation
C. API keys
D. IP filters - Which one of the following statements about malware is correct?
A. Malware authors do not target Macintosh or Linux systems.
B. The most reliable way to detect known malware is watching for unusual system
activity.
C. Signature detection is the most effective technique to combat known malware.
D. APT attackers typically use malware designed to exploit vulnerabilities identified in
security bulletins. - Which one of the following is the proper order of steps in the waterfall model of software
development?
A. Requirements, Design, Testing, Coding, Maintenance
B. Requirements, Design, Coding, Testing, Maintenance
C. Design, Requirements, Coding, Testing, Maintenance
D. Design, Requirements, Testing, Coding, Maintenance - Which component of the database ACID model ensures that database transactions are an
“all or nothing” affair?
A. Atomicity
B. Consistency
C. Isolation
D. Durability - Tom is writing a software program that calculates the sales tax for online orders placed
from various jurisdictions. The application includes a user-defined field that allows the
entry of the total sale amount. Tom would like to ensure that the data entered in this field
is a properly formatted dollar amount. What technique should he use?
A. Limit check
B. Fail open
C. Fail secure
D. Input validation - Match the following numbered terms to their lettered definitions:
- Session hijacking
- Cross-site scripting