Answers and Explanations
- Answer: B. The structured database management system model is not a valid type. Four common database types are the hierarchical database management system, the object-oriented database management system, the network database management system, and the relational database management system.
- Answer: B. Security should be implemented at the initiation of a project. When security is added during the project initiation phase, substantial amounts of money can be saved. Because the first phase is the project initiation phase, all other answers are incorrect.
- Answer: B. Software Development is the point in the SDLC at which programmers and developers become deeply involved and provide the majority of the work.
- Answer: D. Change control is used to maintain changes to development or production. Without it, control would become very difficult, because there would be no way to track changes that might affect the product’s functionality or security.
- Answer: D. The relational database management system is the most used type. It is structured such that the columns represent the variables and the rows contain the specific instance of data.
- Answer: C. The complete list of system development life cycle phases is as follows:
Functional Design Analysis and Planning
System Design Specifications
Installation and Implementation
Operation and Maintenance
- Answer: B. Only Java is downloaded from the server, executed by the browser, and run on your system. Java has limits placed on what it can do by means of a sandbox.
- Answer: B. The spiral model is the only valid system development methodology listed. It was developed in 1988 at TRW.
- Answer: C. The Waterfall model states that the development process proceeds in a series of discrete steps, each completed before proceeding to the next.
- Answer: C. A tuple is an ordered set of values within a row in the database table.
- Answer: B. The Operation and Maintenance phase of the SDLC is the point at which new systems need to be configured and steps need to be taken to make sure that no new vulnerabilities or security compromises take place. It is also at this step that if major changes are made to the system, network, or environment, the certification and accreditation process may need to be repeated.
- Answer: A. Metadata is data about data that is used in data-mining and data-warehouse operations. Metadata is not used in knowledge-based systems, for fraud detection, or for data dictionaries.
- Answer: C. Aggregation is the process of combining items of low sensitivity to produce an item of high sensitivity. It has the potential to be a rather large security risk.
- Answer: B. Inference occurs when users can put together pieces of information at one security level to determine a fact that should be protected at a higher security level.
- Answer: A. The schema is the structure of the database.
- Answer: D. The greatest danger of worms is their capability to self-replicate. Left unchecked, this process can grow in volume to an astronomical amount. For example, a worm could send copies of itself to everyone listed in your email address book, and those recipients’ computers would then do the same.
- Answer: D. Normalization is the process of removing redundant data. It speeds the analysis process. Normalization is not the process of dividing by a common value, restricting to a range of values, or averaging the data.
- Answer: B. A data dictionary contains a list of all database files. It also contains the number of records in each file and each field name and type.
- Answer: A. Data mining is used to analyze trends and support strategic decisions. It enables complicated business processes to be understood and analyzed. This is achieved through the discovery of patterns in the data relating to the past behavior of business processes or subjects. These patterns can be used to improve the performance of a process by exploiting favorable patterns.
- Answer: A. Polyinstantiation allows different versions of the same information to exist at different classification levels within a database. This permits a security model that can have multiple views of the same information, depending on your clearance level.
- Answer: B. The Functional Design Analysis and Planning stage of the SDLC is the point at which a project plan is developed, test schedules are assigned, and expectations of the product are outlined.
- Answer: A. Application controls are used to enforce an organization’s security policy and procedures. Preventive application controls include data checks, validity checks, contingency planning, and backups. Answers C and D are incorrect because they are not controls, and answer B is a distracter.
- Answer: B. The three valid types of application controls are preventive, corrective, and detective.
- Answer: A. A service-level agreement is used to set the standards of service you expect to receive. It includes items such as response times, system utilization rates, the number of online users, available bandwidth, and system up times.
- Answer: D. The three main components of SQL databases are schemas, tables, and views. Object-oriented interfaces are part of object-oriented database management systems.
- Answer: A. Cyclic redundancy checks, structured walk-throughs, and hash totals are all examples of detective application controls. Application controls are used to enforce the organization’s security policy and procedures. They can be preventive, detective, or corrective.
- Answer: A. A smurf attack targets the network broadcast address and spoofs the source address to be from the computer to be attacked. The result is that the network amplifies the attack and floods the local device with the resulting broadcast traffic.
- Answer: B. The reference monitor is the OS component that enforces access control and verifies that the user has the rights and privileges to access the object in question.
- Answer: C. Mobile code is code that can be executed within a network browser. Applets are examples of mobile code. Mobile code is not used on a handheld device, nor is it a script that is executed in an Office document. And although mobile code may run on several different platforms, answer B is an incomplete answer.
- Answer: D. A DoS (denial of service) attack does not give Black Hat Bob access to the network; it does, however, prevent others from gaining legitimate access. Spoofing is the act of pretending to be someone you are not. ICMP redirects can be used to route information to an alternative location. TOC/TOU attacks deal with the change of information between the time it was initially checked and the time it was used.
- Answer: B. The sandbox is a set of security rules that are put in place to prevent Java from having unlimited access to memory and OS resources. It creates an environment in which there are strict limitations on what the Java code can request or do.
- Answer: C. The Software Capability Maturity Model (CMM) was first developed in 1986 and is composed of the following five maturity levels:
- Answer: B. The Software CMM is composed of five maturity levels. The Repeatable maturity level is the step at which project management processes and practices are institutionalized and locked in place by procedures, protocols, and guidelines.
- Answer: A. ActiveX establishes a trust relationship between the client and server by using digital certificates to guarantee that the server is trusted. The shortcoming of ActiveX is that security is really left to the end user. Users are prompted if any problems are found with a certificate. Therefore, even if the certificate is invalid, a user can override good policy by simply accepting the possibly tainted code.
- Answer: A. The configuration library is the process of cataloging all versions of a component configuration.
- Answer: C. A covert storage channel is a communication path that writes to storage by one process and allows the contents to be read through another, less-secure channel. Answer A describes a covert channel. Answers B and D are distracters.
- Answer: A. Inference occurs when a user with low-level access to data can use this access to infer information or knowledge that is not authorized. The three inference channels are deductive, abductive, and statistical.
- Answer: B. Relational databases use one of two control policies to secure information on multilevel systems: MAC (mandatory access control) and DAC (discretionary access control). Answers A and C are distracters. RBAC (role-based access control) is not used in multilevel relational databases.
- Answer: B. It is very likely that the game Boyd installed was bundled with a RAT (Remote-Access Trojan). The executable seems accessible, but after installation is performed, the Trojan program is loaded into the victim’s computer. RATs can control programs because backdoors turn on hardware, open CD-ROM drives, and perform other malicious and ill-willed acts.
- Answer: A. CRM (customer relationship management) is used in conjunction with data mining. The goal of CRM is to learn the behaviors of your customers. Businesses believe that by learning more about their customers, they can provide higher-quality customer service, increase revenues, and switch to more efficient sales techniques. Answer B describes forecasting, answer C describes associations, and answer D describes sequences.
- Answer: D. Neural technology simulates the neural behavior of the human brain. The objective is for a computer to be able to learn to differentiate or model without formal analysis and detailed programming. These systems are targeted to be used in risk management, IDS, and forecasting. Fuzzy logic focuses on how humans think and is used in insurance and financial markets, where there is some uncertainty about the data. Answers A and C are distracters.
- Answer: B. Interoperability, portability, transparency, extensibility, and security are the five requirements that all distributed systems should meet.
- Answer: B. Masquerading is the act of changing email messages to look as though they came from someone else. Spoofing typically involves IP addresses. Relaying occurs when email is sent through an uninvolved third party. Redirecting is the process of sending data to a destination to which it may not have been addressed.
- Answer: A. Cardinality is the number of rows in a relation.
- Answer: B. Answers A, C, and D all represent a valid relationship. Answer B does not, because records are synonymous with rows and tuples, not attributes.
- Answer: D. Perturbation is also called noise and is used as a tool to fight inference attacks. It works by infusing phony information into a database. The goal is to frustrate the attacker so that he or she will give up and move on to an easier target.
- Answer: C. Backdoor programs include SubSeven, NetBus, Back Orifice, and Beast. These programs are characterized by their design. They use two separate components: a server, which is deployed to the victim, and a client, which the attacker uses to control the victim’s computer.
- Answer: D. A SYN attack is characterized by a series of TCP SYNs. Each SYN uses a small amount of memory. If the attacker sends enough of these spoofed SYN packets, the victim’s machine fills up its queue and does not have adequate resources to respond to legitimate computers, denying other systems service from the victim’s computer.
- Answer: C. The Disposal and Postmortem Review phase of the SDLC is the point at which information may need to be archived or discarded. A postmortem team may be assembled to examine ways to improve subsequent iterations of this or other products.
- Answer: A. Multipartite viruses can spread by many different methods. Polymorphic viruses can change themselves over time.
- Answer: B. SODA (Secure Object-Oriented Database) allows the use of polyinstantiation as a solution to the multiparty update conflict. This problem is caused when users of various levels of clearance and sensitivity in a secure database system attempt to use the same information.
- Answer: C. The suggestion here is that Jack somehow contaminated File B and caused it to be raised to a higher security level after he saved it. However, in Mandatory Access Control, a label cannot be changed after it is assigned (or it would be discretionary). John has access to files A and B based on his security clearance (sensitivity label) and need to know (categories) both before and after Jack’s edit.
- Answer: A. Fifth-generation languages (LISP, Prolog) are most focused on the logic of constraints. Fourth-generation (SQL, ColdFusion), third-generation (COBOL, Java), and second-generation (Assembly, Byte Code) are focused on the logic of algorithms.
- Answer: C. SYN flooding is a resource attack on bandwidth. The attack does not involve malformed packets. The intent of the flood is to use up all the bandwidth so that legitimate incoming requests cannot be processed (not redirected). This flooding could result in excessive traffic on the front-end, load-balancing servers that seek to balance incoming requests between multiple back-end processing servers. Although crashing the server is not the ultimate goal of the attack, there is the possibility that this could occur.
- Answer: D. The higher the level of language you use when programming, the less likely it is that the code will have unintended flaws that can be attacked. Instead of using C, you should use C++, but both of these are third-generation languages (3GL). SQL is a fourth-generation language (4GL).
- Answer: B. Polymorphism is the ability to present data in a different light depending on the needs of the moment. Encapsulation is when an object has knowledge of functions and traits it requires so that other routines can access the object via standard function calls. Instantiation is the creation of an object based on its rule set. Abstraction refers to the suppression of unnecessary details but not the changing of details.
- Answer: B. Low coupling means that the modules transfer data directly to each other without transferring data through a lot of other modules. High cohesion means that modules stand alone well by handling their own requirements and without calling other modules. High coupling and low cohesion are present when modules depend heavily on each other, leading to race conditions in which multiple modules could be vying for the same resource.
- Answer: A. The inference engine creates the forward and reverse chains. Certainty factors reflect a confidence level that permits the chaining to occur. The rulebase describes what is known. Neural structures belong in artificial neural networks, not expert systems.
- Answer: D. One of the most common problems with audit logs is that they are collected but not analyzed. Often no one is interested in the audit logs until someone reports a problem. Even though it isn’t a technical problem, this is an administrative and policy issue, because no analysis takes place. Answers A, B, and C are all important concerns but are not the most common problem.
- Answer: D. The primary vulnerability is the WAP gateway. WAP requires some type of conversion, and this conversion is performed on the gateway. This means that, for a short period of time, the data is in a clear format while being converted from WAP to SSL, TLS, or another encrypted format. This makes the gateway an attractive target. Answers A, B, and C are incorrect because they do not represent the level of risk that the gateway does.
- Answer: B. Fourth-generation (SQL, ColdFusion), third-generation (COBOL, Java), and second-generation (Assembly, Byte Code) are focused on the logic of algorithms. Fifth-generation languages (LISP, Prolog) are most focused on the logic of constraints. First-generation languages are written in machine language.
- Answer: B. A hierarchical database combines related records and fields into a logical tree structure. A relational database uses columns and rows to organize the information. An object-oriented database is considered much more dynamic than earlier designs because it can handle not only data but also audio, images, and other file formats. A network database is unique in that it supports multiple parent or child records.
- Answer: D. A network database is unique in that it supports multiple parent and child records. A relational database uses columns and rows to organize the information. A hierarchical database combines related records and fields into a logical tree structure. An object-oriented database is considered much more dynamic than earlier designs because it can handle not only data but also audio, images, and other file formats.
- Answer: D. One of the primary reasons to use the SDLC is to build in security from the beginning. As such, security issues need to be identified as soon as possible. Although some issues can be worked out during feasibility, options are still open at that point, which makes final decisions impossible. Waiting until later to build in security simply adds to the cost.
- Answer: D. Java Database Connectivity (JDC) is not a markup standard that is self-defining and provides a lot of flexibility in how data within the database is presented. JDC is an API communication mechanism for databases. Although it is true that the object linking and embedding database (OLE DB) is a replacement for open database connectivity (ODBC), ActiveX Data Objects (ADO) is an API that allows applications to access back-end database systems. The data definition language (DDL) defines the structure and schema of the database.
- Answer: D. Referential integrity ensures that all foreign keys reference existing primary keys.
- Answer: B. Inference is the ability to obtain privileged information that normally is unavailable. Enumeration is performed when the attacker gathers information about the network structure. It includes items such as what open shares and applications are available on a network. Polyinstantiation is the use of different information at different security levels. Online transaction processing is a mechanism used in databases to provide fault tolerance.
- Answer: D. The most likely cause of the problem is invalid time synchronization. In a distributed environment, this can cause a server to overwrite newer data. If the change took a while to make, answer A cannot be correct. Answer B is incorrect because no change would be possible, even for a short period of time. Answer C is incorrect because it would be impossible for the user to make a change.
- Answer: C. A knowledge discovery database (KDD) is also known as data mining. A data warehouse is used for data storage and can combine data from multiple sources. Metadata is used to discover the unseen relationships between data. Atomicity is used to divide works into units that are processed completely or not at all.
- Answer: B. The correct statements are as follows: The data definition language (DDL) defines the structure and schema of the database. The data manipulation language (DML) contains all the commands that enable a user to manipulate, view, and use the database (view, add, modify, sort, and delete commands). The query language (QL) allows users to make requests of the database. The report generator creates printouts of data in a user-defined manner.
- Answer: C. Jim is data mining—searching for unseen relationships. A data warehouse is used for data storage and can combine data from multiple sources. Metadata is used to discover the unseen relationships between data. Atomicity is used to divide work into units that are processed completely or not at all.
- Answer: B. Before this significant change is made, the module should be technically tested (certification) and administratively approved (accreditation). Answers A, C, and D are all recommended best practices.
- Answer: C. Verification verifies that the product meets specifications. Validation is the measurement of how well the program or application solves a real-world problem.
- Answer: A. Cohesion and coupling are two items that need to be reviewed when creating code or modifying existing code. Cohesion is a module’s ability to perform only a single precise task. Coupling refers to the amount of interaction. Both can have a significant effect on change management. Therefore, the goal is to work toward modules that have high cohesion and loose coupling.
- Answer: B. Citizen (casual) programmers are people who can code but who do so from outside the SDLC process. The concern here is that they are writing programs and allowing others within the department to use them without any type of certification process. These programs have not been shown to work effectively or produce repeatable results. Lack of certification and review is a real problem. Answers A, C, and D are important, but they are not the primary concern.
- Answer: D. A relational database is a two-dimensional table; this allows each table to contain unique rows, columns, and cells. Relational databases have advantages over hierarchical databases. One such advantage is that a number of different relations can be defined, including overcoming the limitation of hierarchical databases that allows a child to have only one parent. Answers A, B, and C are therefore incorrect.
- Answer: B. The capability maturity model features five maturity levels that specify software development process maturity. These levels include initial, repeatable, defined, managed, and optimized. The defined level allows for quantitative process improvement.
- Answer: C. Software escrow is a form of insurance. Suppose company A buys software from company B. Company A is concerned that company B may go broke. A copy of the software source code can be placed in a safe place so that company A can access and modify it in case company B goes bankrupt.
- Answer: B. A commit completes the transaction. A savepoint is designed to allow the system to return to a certain point should an error occur. A rollback is similar, except that it is used when changes need to be canceled. An audit point is used as a control point to verify input, process, or output data.
- Answer: A. The capability maturity model features five maturity levels that specify software development process maturity. These levels are initial, repeatable, defined, managed, and optimized.
- Answer: A. Metadata is data that describes other data. Nonatomic data is a data value that consists of multiple data values. A data structure is a set of data in memory composed of fields. Transaction processing is a mode of computer operation.
- Answer: C. Relational databases are two-dimensional tables; this allows each table to contain unique rows, columns, and cells. Hierarchical, network, and object do not meet these requirements.
- Answer: D. A database view allows the database administrator to control what a specific user at a specific level of access can see. For example, an HR employee may be able to see department payroll totals but not individual employee salaries. A schema is the structure of the database. DMCL is unrelated to databases. Data mining is the process of analyzing metadata.
- Answer: D. Security controls must be considered at all points of the SDLC process. To learn more about the system development life cycle, see NIST 800-14, “Generally Accepted Principles and Practices for Securing Information Technology Systems.”
- Answer: D. The change control process has the following steps: Make a formal request for a change, analyze the request, record the change request, submit the change request for approval, develop the change, and report the results to management.
- Answer: A. Answers B, C, and D not fully define an expert system. An expert system is unique in that it contains a knowledge base of information and mathematical algorithms that use a series of if...then statements to infer facts from data.
- Answer: C. Common Object Request Broker Architecture (CORBA) is vendor-independent middleware. Its purpose is to tie together different vendors’ products so that they can seamlessly work together over distributed networks. Atomicity deals with the validity of database transactions. Object Linking and Embedding (OLE) is a proprietary system developed by Microsoft that allows applications to transfer and share information. Object-oriented programming is a modular form of programming.
- Answer: D. The Capability Maturity Model (CMM) expired in 2007 and was replaced with the Capability Maturity Model Integration (CMMI) model. It features 22 process areas: causal analysis and resolution, configuration management, decision analysis and resolution, integrated project management, measurement and analysis, organizational innovation and deployment, organizational process definition, organizational process focus, organizational process performance, organizational training, project monitoring and control, project planning, process and product quality assurance, product integration, quantitative project management, requirements management, requirements development, risk management, supplier agreement management, technical solution, validation, and verification.
- Answer: A. At level 1 of the CMM, processes likely to be variable (inconsistent) and depend heavily on institutional knowledge. At level 2, processes are seen as repeatable. At level 3, documented standards are put in place. At level 4, metrics and management standards are in place.
- Answer: B. The two methods of reasoning when using inference rules are forward chaining and backward chaining. Knowledge transparency deals with knowledge representation.
- Answer: True. SQL is a 4GL language. Others include CASE and Statistical Analysis System (SAS).
- Answer: False. 5GL languages are designed to use knowledge-based systems to solve problems and use constraints instead of an algorithm.
- Answer: False. The spiral model is the one that is based on the concept that software development is evolutionary.
- Answer: False. It is true that reengineering attempts to update software by reusing as many of the components as possible instead of designing an entirely new system. However, reverse engineering is a technique that can be used to decrease development time by decompiling existing code. Reverse engineering has many legal issues and concerns.
- Answer: True. Cohesion addresses the fact that a module can perform a single task with little input from other modules. Coupling is the measurement of the interconnecting between modules. Low coupling means that a change to one module should not affect another.
- Answer: True. An ERD helps map the requirements and define the relationship between elements. The basic components of an ERD are an entity and a relationship. After a data dictionary is designed, the database schema can be developed.
- Answer: True. WBAD offers standardized integration through the use of application development technologies such as XML. Its components include SOAP, WSDL, and UDDI.
- Answer: False. Prototyping is still used. The advantage is that it can provide real savings in development time and costs.
- Answer: False. Zeroization is the act of writing 0s, or a known pattern of bits, to media to make it difficult to recover the residual data. Purging makes data removal next to impossible. Therefore, purging is the higher level of data removal.
The answers are as follows:
- Stealth: 2.
- Meme: 5.
- Macro: 1.
- EICAR: 4.
- Encrypted virus: 3.
A stealth virus can modify functionality, so detection is very difficult. A meme is not a virus; it works like a chain letter. Its purpose is to forward the message from user to user, propagating the hoax. The “I love you” and Melissa viruses are examples of macro viruses. “I love you” was an active script that could infect via a number of vectors of systems running Microsoft Windows with Windows Scripting Host enabled. Melissa targeted Microsoft Office documents (specifically, Microsoft Word). These viruses target Office documents. The EICAR test is used to verify the functionality of antivirus software. It is basically a signature that all participating vendors recognize. Encrypted viruses are similar to polymorphic viruses but can change how they are stored on the disk. This form of malware can make use of a cryptographic key.