CISSP Official Practice Tests by Mike Chapple, David Seidl

(chelsyfait) #1

182 Chapter 8 ■ Software Development Security (Domain 8)



  1. What type of database security issue exists when a collection of facts has a higher classifi-
    cation than the classification of any of those facts standing alone?
    A. Inference
    B. SQL injection
    C. Multilevel security
    D. Aggregation

  2. What are the two types of covert channels that are commonly exploited by attackers seek-
    ing to surreptitiously exfiltrate information?
    A. Timing and storage
    B. Timing and firewall
    C. Storage and memory
    D. Firewall and storage

  3. Vivian would like to hire a software tester to come in and evaluate a new web application
    from a user’s perspective. Which of the following tests best simulates that perspective?
    A. Black box
    B. Gray box
    C. Blue box
    D. White box

  4. Referring to the database transaction shown here, what would happen if no account exists
    in the Accounts table with account number 1001?


A. The database would create a new account with this account number and give it
a $250 balance.
B. The database would ignore that command and still reduce the balance of the second
account by $250.
C. The database would roll back the transaction, ignoring the results of both commands.
D. The database would generate an error message.
Free download pdf