CISSP Official Practice Tests by Mike Chapple, David Seidl

(chelsyfait) #1

Chapter 8 ■ Software Development Security (Domain 8) 179



  1. Which one of the following controls would best protect an application against buffer
    overflow attacks?
    A. Encryption
    B. Input validation
    C. Firewall
    D. Intrusion prevention system

  2. Berta is analyzing the logs of the Windows Firewall on one of her servers and comes across
    the entries shown in this figure. What type of attack do these entries indicate?


A. SQL injection
B. Port scan
C. Teardrop
D. Land

For questions 17–20, please refer to the following scenario:

Robert is a consultant who helps organizations create and develop mature software devel-
opment practices. He prefers to use the Software Capability Maturity Model (SW-CMM)
to evaluate the current and future status of organizations using both independent review
and self-assessments. He is currently working with two different clients.

Acme Widgets is not very well organized with their software development practices. They
have a dedicated team of developers who do “whatever it takes” to get software out the
door, but they do not have any formal processes.

Beta Particles is a company with years of experience developing software using formal,
documented software development processes. They use a standard model for software
development but do not have quantitative management of those processes.


  1. What phase of the SW-CMM should Robert report as the current status of Acme Widgets?


A. Defined
B. Repeatable
C. Initial
D. Managed
Free download pdf