CISSP Practice полностью

Functionality is incorrect because it can easily be defined and tested. It is a set of attributes that bear on the existence of a set of functions and their specified properties. The functions are those that satisfy stated or implied needs. Reliability is incorrect because it can easily be defined and tested. It is the ability of a component to perform its required functions under stated conditions for a specified period of time. Efficiency is incorrect because it can easily be defined and tested. It is the degree to which a component performs its designated functions with minimum consumption of resources.

88. Portable and removable storage devices should be sanitized to prevent the entry of malicious code to launch:

a. Man-in-the-middle attack

b. Meet-in-the-middle attack

c. Zero-day attack

d. Spoofing attack

88. c. Malicious code is capable of initiating zero-day attacks when portable and removable storage devices are not sanitized. The other three attacks are network-based, not storage device-based. A man-in-the-middle (MitM) attack occurs to take advantage of the store-and-forward mechanism used by insecure networks such as the Internet. A meet-in-the-middle attack occurs when one end of the network is encrypted and the other end is decrypted, and the results are matched in the middle. A spoofing attack is an attempt to gain access to a computer system by posing as an authorized user.

89. Verification is an essential activity in ensuring quality software, and it includes tracing. Which of the following tracing techniques is not often used?

a. Forward tracing

b. Backward tracing

c. Cross tracing

d. Ad hoc tracing

89. c. Traceability is the ease in retracing the complete history of a software component from its current status to its requirements specification. Cross tracing should be used more often because it cuts through the functional boundaries, but it is not performed due to its difficulty in execution. The other three choices are often used due to their ease-of-use.

Forward tracing is incorrect because it focuses on matching inputs to outputs to demonstrate their completeness. Similarly, backward tracing is incorrect because it focuses on matching outputs to inputs to demonstrate their completeness. Ad hoc tracing is incorrect because it involves spot-checking of reconcilement procedures to ensure output totals agree with input totals, less any rejects or spot checking of accuracy of computer calculations such as interest on deposits, late charges, service charges, and past-due loans.

During system development, it is important to verify the backward and forward traceability of the following: (i) user requirements to software requirements, (ii) software requirements to design specifications, (iii) system tests to software requirements, and (iv) acceptance tests to user requirements. Requirements or constraints can also be traced downward and upward due to master-subordinate and predecessor-successor relationships to one another.

90. Which of the following redundant array of independent disks (RAID) data storage systems is used for high-availability systems?

a. RAID3

b. RAID4

c. RAID5

d. RAID6

90. d. RAID6 is used for high-availability systems due to its high tolerance for failure. Each RAID level (i.e., RAID0 to RAID6) provides a different balance between increased data reliability through redundancy and increased input/output performance. For example, in levels from RAID3 to RAID5, a minimum of three disks is required and only one disk provides a fault tolerance mechanism. In the RAID6 level, a minimum of four disks is required and two disks provide fault tolerance mechanisms.

In the single disk fault tolerance mechanism, the failure of that single disk will result in reduced performance of the entire system until the failed disk has been replaced and rebuilt. On the other hand, the double parity (two disks) fault tolerance mechanism gives time to rebuild the array without the data being at risk if a single disk fails before the rebuild is complete. Hence, RAID6 is suitable for high-availability systems due to high fault tolerance mechanisms.

91. Which of the following makes a computer system more reliable?

a. N-version programming

b. Structured programming

c. Defensive programming

d. GOTO-less programming

91. c. Defensive or robust programming has several attributes that makes a computer system more reliable. The major attribute is expected exception domain (i.e., errors and failures); when discovered, it makes the system reliable.