CISSP Practice полностью

5. Continuous monitoring is performed in which of the following phases of an SDLC?

a. Initiation

b. Development/acquisition

c. Implementation

d. Operations/maintenance

5. d. Continuous monitoring ensures that controls continue to be effective in their application through periodic testing and evaluation. It is a task performed in the operation/maintenance phase.

6. Media sanitization is performed in which of the following phases of an SDLC?

a. Development/acquisition

b. Implementation

c. Operations/maintenance

d. Disposition

6. d. Media sanitization ensures that data is deleted, erased, and written over as necessary. It is a task performed in the disposition phase.

7. Security controls and audit trails should be built into computer systems in which of the following SDLC phases?

a. System initiation phase

b. System development phase

c. System implementation phase

d. System operation phase

7. b. During the system development phase, the system is designed, purchased, programmed, developed, or otherwise constructed. During this phase, functional users with system/security administrators develop system controls and audit trails used during the operational phase.

8. A security evaluation report and an accreditation statement are produced in which of the following phases of the SDLC?

a. Requirements definition phase

b. Design phase

c. Development phase

d. Testing phase

8. d. Major outputs from the testing phase include the security evaluation report and accreditation statement. The purpose of the testing phase is to perform various tests (unit, integration, system, and acceptance). Security is tested to see if it works and is then certified.

9. Which of the following phases of a system development life cycle (SDLC) should not be compressed so much for the proper development of a prototype?

a. Initiation

b. Development/acquisition

c. Implementation

d. Operation/maintenance

9. c. System testing, which is a part of implementation, is important to determine whether internal controls and security controls are operating as designed and are in accordance with established policies and procedures.

In the prototyping environment, there is a tendency to compress system initiation, definition, design, programming, and training phases. However, the testing phase should not be compressed so much for quality reasons. By definition, prototyping requires some compression of activities and time due to the speedy nature of the prototyping development methodology without loss of the main features, functions, and quality.

10. The activity that would be different between a prototype development approach and the traditional system development approach is:

a. How activities are to be accomplished

b. What users need from the system

c. What a project plan should contain

d. How individual responsibilities are defined

10. a. Managers still need to define what they want from the system, some assessment of costs/benefits is still needed, and a plan to proceed with individual responsibilities is still required. The difference may be in the way activities are accomplished. The tools, techniques, methods, and approaches used in the prototype development project and traditional system development project are different.

11. A general testing strategy for conducting an application software regression testing includes which of the following sequence of tasks?

a. Read, insert, and delete

b. Precompile, link, and compile

c. Prepare, execute, and delete

d. Test, debug, and log

11. c. Each test program involves preparing the executable program, executing it, and deleting it. This saves space on mass storage and generates a complete log. This approach is recommended for debugging and validating purposes. Read, insert, and delete include the transfer of all rows from Table A to Table B in that a table is read, inserted, and deleted. A source program is precompiled, linked, and compiled to become an object or executable program.

Sources and References