CISSP Practice полностью

3. c. Configuration management is a procedure for applying technical and administrative direction and monitoring to (i) identify and document the functional and physical characteristics of an item or system, (ii) control any changes made to such characteristics, and (iii) record and report the change, process, and implementation status. The authorization process may be manual or automated. All authorized transactions should be recorded and entered into the system for processing. Validation ensures that the data entered meets predefined criteria in terms of its attributes. Error notification is as important as error correction.

4. Software configuration management (SCM) should primarily address which of the following questions?

a. How does software evolve during system development?

b. How does software evolve during system maintenance?

c. What constitutes a software product at any point in time?

d. How is a software product planned?

4. c. Software configuration management (SCM) is a discipline for managing the evolution of computer products, both during the initial stages of development and through to maintenance and final product termination. Visibility into the status of the evolving software product is provided through the adoption of SCM on a software project. Software developers, testers, project managers, quality assurance staff, and the customer benefit from SCM information. SCM answers questions such as (i) what constitutes the software product at any point in time? (ii) What changes have been made to the software product?

How a software product is planned, developed, or maintained does not matter because it describes the history of a software product’s evolution, as described in the other choices.

5. What is the main feature of software configuration management (SCM)?

a. Tracing of all software changes

b. Identifying individual components

c. Using computer-assisted software engineering tools

d. Using compilers and assemblers

5. a. Software configuration management (SCM) is practiced and integrated into the software development process throughout the entire life cycle of the product. One of the main features of SCM is the tracing of all software changes.

Identifying individual components is incorrect because it is a part of configuration identification function. The goals of configuration identification are to create the ability to identify the components of the system throughout its life cycle and to provide traceability between the software and related configuration identification items.

Computer-assisted software engineering (CASE) tools, compilers, and assemblers are incorrect because they are examples of technical factors. SCM is essentially a discipline applying technical and administrative direction and surveillance for managing the evolution of computer program products during all stages of development and maintenance. Some examples of technical factors include use of CASE tools, compilers, and assemblers.

6. Which of the following areas of software configuration management (SCM) is executed last?

a. Identification

b. Change control

c. Status accounting

d. Audit

6. d. There are four elements of configuration management. The first element is configuration identification, consisting of selecting the configuration items for a system and recording their functional and physical characteristics in technical documentation.

The second element is configuration change control, consisting of evaluation, coordination, approval or disapproval, and implementation of changes to configuration items after formal establishment of their configuration identification.

The third element is configuration status accounting, consisting of recording and reporting of information that is needed to manage a configuration effectively.

The fourth element is software configuration audit, consisting of periodically performing a review to ensure that the SCM practices and procedures are rigorously followed. Auditing is performed last after all the elements are in place to determine whether they are properly working.

7. Which of the following is an example of input validation error?

a. Access validation error

b. Configuration error

c. Buffer overflow error

d. Race condition error

7. c. In an input validation error, the input received by a system is not properly checked, resulting in a vulnerability that can be exploited by sending a certain input sequence. In a buffer overflow, the input received by a system is longer than the expected input length, but the system does not check for this condition.