Chapter 8 ■ Software Development Security (Domain 8) 183
- What type of malware is characterized by spreading from system to system under its own
power by exploiting vulnerabilities that do not require user intervention?
A. Trojan horse
B. Virus
C. Logic bomb
D. Worm - Kim is troubleshooting an application firewall that serves as a supplement to the orga-
nization’s network and host firewalls and intrusion prevention system, providing added
protection against web-based attacks. The issue the organization is experiencing is that
the firewall technology suffers somewhat frequent restarts that render it unavailable for
10 minutes at a time. What configuration might Kim consider to maintain availability
during that period at the lowest cost to the company?
A. High availability cluster
B. Failover device
C. Fail open
D. Redundant disks - What type of security issue arises when an attacker can deduce a more sensitive piece of
information by analyzing several pieces of information classified at a lower level?
A. SQL injection
B. Multilevel security
C. Aggregation
D. Inference - Greg is battling a malware outbreak in his organization. He used specialized malware
analysis tools to capture samples of the malware from three different systems and noticed
that the code is changing slightly from infection to infection. Greg believes that this is the
reason that antivirus software is having a tough time defeating the outbreak. What type of
malware should Greg suspect is responsible for this security incident?
A. Stealth virus
B. Polymorphic virus
C. Multipartite virus
D. Encrypted virus
For questions 37–40, please refer to the following scenario:Linda is reviewing posts to a user forum on her company’s website and, when she browses
a certain post, a message pops up in a dialog box on her screen reading “Alert.” She
reviews the source code for the post and finds the following code snippet:
<script>alert(‘Alert’);</script>