198 Chapter 8 ■ Software Development Security (Domain 8)
- Which one of the following tools might an attacker use to best identify vulnerabilities in a
targeted system?
A. Nmap
B. Nessus
C. ipconfig
D. traceroute - Which one of the following database concurrency issues occurs when one transaction
reads information that was written to a database by a second transaction that never
committed?
A. Lost update
B. SQL injection
C. Incorrect summary
D. Dirty read - What type of virus works by altering the system boot process to redirect the BIOS or UEFI
firmware to load malware before the operating system loads?
A. File infector
B. MBR
C. Polymorphic
D. Service injection - What type of virus is characterized by the use of two or more different propagation mech-
anisms to improve its likelihood of spreading between systems?
A. Stealth virus
B. Polymorphic virus
C. Multipartite virus
D. Encrypted virus - What root security issue causes the following issues?
■ (^) Cross-site scripting
■ (^) SQL injection
■ (^) Buffer overflows
■ (^) Cross-site request forgery
A. Lack of API security
B. Improper error handling
C. Improper or missing input validation
D. Source code design issues