188 Chapter 8 ■ Software Development Security (Domain 8)
- Roger is conducting a software test for a tax preparation application developed by his
company. End users will access the application over the Web, but Roger is conducting his
test on the back end, evaluating the source code on the web server. What type of test is
Roger conducting?
A. White box
B. Gray box
C. Blue box
D. Black box - Which of the following statements is true about heuristic-based antimalware software?
A. It has a lower false positive rate than signature detection.
B. It requires frequent definition updates to detect new malware.
C. It has a higher likelihood of detecting zero-day exploits than signature detection.
D. It monitors systems for files with content known to be viruses. - Martin is inspecting a system where the user reported unusual activity, including disk
activity when the system is idle and abnormal CPU and network usage. He suspects that
the machine is infected by a virus but scans come up clean. What malware technique
might be in use here that would explain the clean scan results?
A. File infector virus
B. MBR virus
C. Service injection virus
D. Stealth virus - Tomas discovers a line in his application log that appears to correspond with an attempt
to conduct a directory traversal attack. He believes the attack was conducted using URL
encoding. The line reads:
%252E%252E%252F%252E%252E%252Fetc/passwd
What character is represented by the %252E value?
A..
B. ,
C. ;
D. /- An attacker posted a message to a public discussion forum that contains an embedded
malicious script that is not displayed to the user but executes on the user’s system when
read. What type of attack is this?
A. Persistent XSRF
B. Nonpersistent XSRF