CISSP Official Practice Tests by Mike Chapple, David Seidl

(chelsyfait) #1

Chapter 8 ■ Software Development Security (Domain 8) 181



  1. Carrie is analyzing the application logs for her web-based application and comes across
    the following string:
    ../../../../../../../../../etc/passwd


What type of attack was likely attempted against Carrie’s application?
A. Command injection
B. Session hijacking
C. Directory traversal
D. Brute force


  1. When should a design review take place when following an SDLC approach to software
    development?
    A. After the code review
    B. After user acceptance testing
    C. After the development of functional requirements
    D. After the completion of unit testing

  2. Tracy is preparing to apply a patch to her organization’s enterprise resource planning
    system. She is concerned that the patch may introduce flaws that did not exist in prior
    versions, so she plans to conduct a test that will compare previous responses to input with
    those produced by the newly patched application. What type of testing is Tracy planning?
    A. Unit testing
    B. Acceptance testing
    C. Regression testing
    D. Vulnerability testing

  3. What term is used to describe the level of confidence that software is free from vulner-
    abilities, either intentionally designed into the software or accidentally inserted at any time
    during its life cycle, and that the software functions in the intended manner?
    A. Validation
    B. Accreditation
    C. Confidence interval
    D. Assurance

  4. Victor recently took a new position at an online dating website and is responsible for lead-
    ing a team of developers. He realized quickly that the developers are having issues with
    production code because they are working on different projects that result in conflicting
    modifications to the production code. What process should Victor invest in improving?
    A. Request control
    B. Release control
    C. Change control
    D. Configuration control

Free download pdf