Chapter 8 ■ Software Development Security (Domain 8) 191
- David is working on developing a project schedule for a software development effort, and
he comes across the chart shown here. What type of chart is this?
WBS 1 Summary Element 1WEEKS:START-TO-STARTFINISH-TO-START
FINISH-TO-FINISH12345678910212223WBS 2 Summary Element 2WBS 1.1 Activity AWBS 1.2 Activity BWBS 1.3 Activity C67% complete50% complete0% complete0% complete0% complete0% complete0% complete75% complete55% completeWBS 1.4 Activity DWBS 2.1 Activity EWBS 2.2 Activity FWBS 2.3 Activity G
TODAYA. Work breakdown structure
B. Functional requirements
C. PERT chart
D. Gantt chart- Barry is a software tester who is working with a new gaming application developed by his
company. He is playing the game on a smartphone to conduct his testing in an environ-
ment that best simulates a normal end user, but he is referencing the source code as he con-
ducts his test. What type of test is Barry conducting?
A. White box
B. Black box
C. Blue box
D. Gray box - Miguel recently completed a penetration test of the applications that his organization uses
to handle sensitive information. During his testing, he discovered a condition where an
attacker can exploit a timing condition to manipulate software into allowing him to per-
form an unauthorized action. Which one of the following attack types fits this scenario?
A. SQL injection
B. Cross-site scripting
C. Pass the hash
D. TOC/TOU