CISSP Practice полностью

Unit test is incorrect because its purpose is to verify that the smallest defined module of software (i.e., individual subprograms, subroutines, or procedures) works as intended. These modules are internal to an organization. Integration test is incorrect because its purpose is to verify that units of software, when combined, work together as intended. Typically, a number of software units are integrated or linked together to form an application. Again, this test is performed internally in an organization. System acceptance test is incorrect because its purpose is to verify that the complete system satisfies specified requirements and is acceptable to end users.

170. Which of the following can give a false sense of security?

a. A test tool that requires planning.

b. A test tool that produces error-free software.

c. A test tool that requires time and effort.

d. A test tool that requires experience to use

170. b. A test tool cannot guarantee error-free software; it is neither a cure-all nor a silver bullet. For some, it may give a false sense of security. The test tool still requires careful planning, time, effort, and experience from which it can use and benefit.

171. Which of the following software configuration-management capabilities available for client/server systems can help to detect and correct errors?

a. Install check-in/check-out modules.

b. Archive source code.

c. Allow backtracking.

d. Assemble new builds.

171. c. Errors are made in several places and times: (i) when source code is developed, (ii) when modules are initially written, (iii) when an enhancement is being added to a module, (iv) when another error is fixed, and (v) when code is being moved from one module to another. Software configuration management products have a backtracking feature to correct these types of errors. The product should list the exact source code changes that make up each build. Then, these changes are examined to identify which one can create the new error. The concept of check-in/check-out software enables multiple developers to work on a project without overwriting one another’s work. It is a fundamental method of preventing errors from being included or reintroduced into software modules.

172. Which of the following requires a higher level of security protection in terms of security controls?

a. Test procedures

b. Test cases

c. Test repository

d. Test plans

172. c. The test repository consists of test plans, test cases, test procedures, test requirements, and test objectives maintained by the software test manager. Because of the concentrated work products, the test repository needs a higher level of security protection from unauthorized changes. Test procedures, test cases, and test plans are part of test repository.

173. From a security viewpoint, which of the following pose a severe security problem?

a. Unattended computer operations

b. Unattended computer terminal

c. Unattended software testing

d. Unattended facsimile machine

173. b. An unattended computer terminal represents a severe security violation. An unauthorized user could seize the opportunity to access sensitive data. The data could be copied, deleted, added to, or modified. An intruder can also use this occasion to modify executable files. A virus, Trojan horse, or a password-sniffing program could easily be slipped onto the system in no time. Security logic that detects an idle terminal is needed.

Unattended computer operations are incorrect because they represent a situation where most of computer operational tasks are performed by machines (robots) and less with people.

Unattended software testing is incorrect because testing is conducted by automated test tools without a person watching the testing process. The test tool continues running the test sessions by replaying one or more test scripts. It handles unforeseen circumstances gracefully.

Unattended facsimile machine is incorrect because it can lead to social engineering attacks. The unattended computer operations, software testing, and facsimile machine pose less risk than the unattended computer terminal.

174. What does the most commonly used application program design structure metrics include?

a. Check-in and check-out indicators

b. Fan-in and check-out indicators

c. Fan-in and fan-out metrics

d. Fan-out metrics and check-in indicators