CISSP Practice полностью

71. Regarding incident handling, which of the following deceptive measures is used during incidents to represent a honeypot?

a. False data flows

b. False status measures

c. False state indicators

d. False production systems

71. d. Honeypot is a fake (false) production system and acts as a decoy to study how attackers do their work. The other three choices are also acceptable deceptive measures, but they do not use honeypots. False data flows include made up (fake) data, not real data. System-status measures include active or inactive parameters. System-state indicators include startup, restart, shutdown, and abort.

72. For large software development projects, which of the following models provides greater satisfactory results on software reliability?

a. Fault count model

b. Mean-time-between-failures model

c. Simple ratio model

d. Simple regression model

72. a. A fault (defect) is an incorrect step, process, or data definition in a computer program, and it is an indication of reliability. Fault count models give more satisfactory results than the mean-time-between-failures (MTBF) model because the latter is used for hardware reliability. Simple ratio and simple regression models handle few variables and are used for small projects.

73. The objective “To provide management with appropriate visibility into the process being used by the software development project and of the products being built” is addressed by which of the following?

a. Software quality assurance management

b. Software configuration management

c. Software requirements management

d. Software project management

73. a. The goals of software quality assurance management include (i) software quality assurance activities are planned, (ii) adherence of software products and activities to the applicable standards, procedures, and requirements is verified objectively, and (iii) noncompliance issues that cannot be resolved are addressed by higher levels of management.

The objectives of software configuration management are to establish and maintain the integrity of products of the software project throughout the project’s software life cycle. The objectives of software requirements management are to establish a common understanding between the customer and the software project requirements that will be addressed by the software project. The objectives of software project management are to establish reasonable plans for performing the software engineering activities and for managing the software development project.

74. Which of the following identifies required functionality to protect against or mitigate failure of the application software?

a. Software safety analysis

b. Software hazard analysis

c. Software fault tree analysis

d. Software sneak circuit analysis

74. a. Software needs to be developed using specific software development and software assurance processes to protect against or mitigate failure of the software. A complete software safety standard references other standards that address these mechanisms and includes a software safety policy identifying required functionality to protect against or mitigate failure.

Software hazard analysis is incorrect because it is a part of software safety. Hazard analysis is the process of identifying and evaluating the hazards of a system, and then making change recommendations that either eliminate the hazard or reduce its risk to an acceptable level. Software hazard analysis makes recommendations to eliminate or control software hazards and hazards related to interfaces between the software and the system (includes hardware and human components). It includes analyzing the requirements, design, code, user interfaces, and changes. Software hazards may occur if the software is improperly developed (designed), the software dispatches incorrect information, or the software fails to transmit information when it should.