394 Appendix ■ Answers
10. C. In the diagram, Account is the name of the class. Owner and Balance are attributes of
that class. AddFunds and RemoveFunds are methods of the class.- A. Primary storage is a technical term used to refer to the memory that is directly
available to the CPU. Nonvolatile storage mechanisms, such as flash drives, DVDs, and
hard drives, are classified as secondary storage. - A. Dynamic testing of software typically occurs in a black box environment where the
tester does not have access to the source code. Static testing, white box testing, and code
review approaches all require access to the source code of the application. - C. Given the list of options here, the root cause is most likely an issue with an
authorization check that does not properly limit users to the authorization that they
should have. Data validation issues are more likely to allow injection attacks or to allow
bad data to be input, while session management issues would allow session hijacking or
might actually cause them to be logged in as another user. Finally, error handling would
show up as a problem when errors occurred, which this problem does not indicate. - C. Aggregate functions summarize large amounts of data and provide only summary
information as a result. When carefully crafted, aggregate functions may unintentionally
reveal sensitive information. - B. The best protection against buffer overflow attacks is server-side input validation.
This technique limits user input to approved ranges of values that fit within allocated
buffers. While firewalls and intrusion prevention systems may contain controls that limit
buffer overflows, it would be more effective to perform filtering on the application server.
Encryption cannot protect against buffer overflow attacks. - B. The log entries show the characteristic pattern of a port scan. The attacking system
sends connection attempts to the target system against a series of commonly used ports. - C. Acme Widgets is clearly in the initial stage of the SW-CMM. This stage is
characterized by the absence of formal process. The company may still produce working
code, but they do so in a disorganized fashion. - B. The Repeatable stage is the second stage in the SW-CMM, following the Initial
stage. It should be the next milestone goal for Acme Widgets. The Repeatable stage is
characterized by basic lifecycle management processes. - A. The Defined stage of the SW-CMM is marked by the presence of basic lifecycle
management processes and reuse of code. It includes the use of requirements management,
software project planning, quality assurance, and configuration management practices. - D. The Managed stage is the fourth stage in the SW-CMM, following the Defined stage.
It should be the next milestone goal for Beta Particles. The Managed stage is characterized
by the use of quantitative software development measures. - C. Referential integrity ensures that records exist in a secondary table when they are
referenced with a foreign key from another table. Foreign keys are the mechanism used to
enforce referential integrity.