148. The scope of a functional configuration audit does not include which of the following?
a. Evaluation of change control
b. Testing of software product
c. Tracing of system requirements
d. Evaluation of test approach and results
148. a. Evaluation of change control is a part of the physical configuration audit, whereas the other choices are part of the functional configuration audit. The physical configuration audit provides an independent evaluation of whether components in the as-built version of the software map to the specifications of the software. Specifically, this audit is held to verify that the software and its documentation are internally consistent and ready for delivery. Activities typically planned and executed as part of the physical configuration audit include evaluation of product composition and structure, product functionality, and change control.
The functional configuration audit provides an independent evaluation of configuration items to determine whether actual functionality and performance are consistent with the requirements specifications. Specifically, this audit is conducted prior to the software delivery to verify that all requirements specified in the requirements document have been met. Activities typically planned and executed as part of a functional configuration audit include testing of software products, tracing of system requirements from their initial specification through system testing, evaluation of the test approach and results attained, and evaluating the consistency between the baselined product elements.
149. Which of the following statements is not true about applets?
a. Applets are large application programs.
b. Applets are written mostly in Java language.
c. Applets are automatically downloaded.
d. Applets are small application programs.
149. a. Applets are small application programs mostly written in Java programming language that are automatically downloaded and executed by applet-enabled Web browsers.
150. The contingency processes should be tested in which of the following phases of system development life cycle (SDLC)?
a. Initiation
b. Development/acquisition
c. Implementation
d. Operation/maintenance
150. c. The contingency processes should be tested and maintained during the implementation phase of the SDLC. The capability to recover and reconstitute data should be considered during the initiation phase. Recovery strategies should be considered during the development phase. The contingency plan should be exercised and maintained during the operation/maintenance phase.
151. Programmers frequently create entry points into a program for debugging purposes and/or insertion of new program codes at a later date. What are these entry points called?
a. Logic bombs
b. Worms
c. Backdoors
d. Trojan horses
151. c. Backdoors are also called hooks and trapdoors. Logic bomb is incorrect because it is a program that triggers an unauthorized, malicious act when some predefined condition occurs. Worms are incorrect because they search the network for idle computing resources and use them to execute the program in small segments. Trojan horses are incorrect because a Trojan horse is a production program that has access to otherwise unavailable files and is changed by adding extra, unauthorized instructions. It disguises computer viruses.
152. Software vendors and contractors can install a backdoor entry into their own products or client’s computer systems. Which of the following are major risks arising from such installation?
a. Software disconnection and hacker entry
b. Remote monitoring and remote maintenance
c. Software disconnection and remote monitoring
d. Remote maintenance and hacker entry
152. a. Some vendors can install a backdoor or a trapdoor entry for remote monitoring and maintenance purposes. The good news is that the backdoor is a convenient approach to solve operational problems. The bad news is that the backdoor is wide open for hackers. Also, the vendor can modify the software at will without the user’s knowledge or permission. An unhappy vendor can disconnect a user from accessing the software as a penalty for nonpayment or disputes in payment. Access codes should be required for remote monitoring and maintenance.
153. A macro virus is most difficult to:
a. Prevent
