184 Chapter 8 ■ Software Development Security (Domain 8)
- What vulnerability definitely exists on Linda’s message board?
A. Cross-site scripting
B. Cross-site request forgery
C. SQL injection
D. Improper authentication - What was the likely motivation of the user who posted the message on the forum contain-
ing this code?
A. Reconnaissance
B. Theft of sensitive information
C. Credential stealing
D. Social engineering - Linda communicates with the vendor and determines that no patch is available to correct
this vulnerability. Which one of the following devices would best help her defend the appli-
cation against further attack?
A. VPN
B. WA F
C. DLP
D. IDS - In further discussions with the vendor, Linda finds that they are willing to correct the
issue but do not know how to update their software. What technique would be most effec-
tive in mitigating the vulnerability of the application to this type of attack?
A. Bounds checking
B. Peer review
C. Input validation
D. OS patching - What property of relational databases ensures that once a database transaction is commit-
ted to the database, it is preserved?
A. Atomicity
B. Consistency
C. Durability
D. Isolation - Lauren wants to use software review process for the application she is working on. Which
of the following processes would work best if she is a remote worker who works different
hours from the rest of her team?
A. Pass around
B. Pair programming
C. Team review
D. Fagan inspection