Chapter 10: Practice Test 2 421
- B. Application programming interfaces (APIs), user interfaces (UIs), and physical
interfaces are all tested during the software testing process. Network interfaces are not
typically tested, and programmatic interfaces is another term for APIs. - D. The hearsay rule says that a witness cannot testify about what someone else told
them, except under very specific exceptions. The courts have applied the hearsay rule
to include the concept that attorneys may not introduce logs into evidence unless they
are authenticated by the system administrator. The best evidence rule states that copies
of documents may not be submitted into evidence if the originals are available. The
parol evidence rule states that if two parties enter into a written agreement, that written
document is assumed to contain all of the terms of the agreement. Testimonial evidence is
a type of evidence, not a rule of evidence. - B. While key risk indicators can provide useful information for organizational planning
and a deeper understanding of how organizations view risk, KRIs are not a great way to
handle a real-time security response. Monitoring and detection systems like IPS, SIEM,
and other tools are better suited to handling actual attacks. - B. Worms have built-in propagation mechanisms that do not require user interaction,
such as scanning for systems containing known vulnerabilities and then exploiting those
vulnerabilities to gain access. Viruses and Trojan horses typically require user interaction
to spread. Logic bombs do not spread from system to system but lie in wait until certain
conditions are met, triggering the delivery of their payload. - A. In this scenario, the vendor is providing object-based storage, a core infrastructure
service. Therefore, this is an example of infrastructure as a service (IaaS). - C. In the community cloud computing model, two or more organizations pool their
resources to create a cloud environment that they then share. - A. The Agile approach to software development states that working software is the
primary measure of progress, that simplicity is essential, and that businesspeople and
developers must work together daily. It also states that the most efficient method of
conveying information is face-to-face, not electronic. - C. Encryption, access controls, and firewalls would not be effective in this example
because the accountants have legitimate access to the data. Integrity verification software
would protect against this attack by identifying unexpected changes in protected data. - C. Class C fire extinguishers use carbon dioxide or halon suppressants and are useful
against electrical fires. Water-based extinguishers should never be used against electrical
fires due to the risk of electrocution. - A. Frame Relay supports multiple private virtual circuits (PVCs), unlike X.25. It is a
packet switching technology that provides a Committed Information Rate, which is a
minimum bandwidth guarantee provided by the service provider to customers. Finally,
Frame Relay requires a DTE/DCE at each connection point, with the DTE providing
access to the Frame Relay network, and a provider-supplied DCE that transmits the data
over the network.