Assignment
TRUE/FALSE
1. The process of Complete Mediation requires that every access by a subject to read an object, the operating system should mediate the action.
2. There are currently laws in the USA that make companies liable for their faulty software products.
3. Developers of secure software must know the relevant validation techniques and their applicability.
4. Designers of secure software systems must have distinctive goals for achieving security properties at the software and whole system levels.
5. The software designers can minimize the functionality included in the trusted parts.
6. Software security weaknesses and software vulnerabilities meaning the same thing
7. Contemporary software design efforts occur within a given framework such as Java Enterprise Edition (Java EE), Microsoft's .NET or the open source Eclipse framework
8. Alpha and beta testing are kinds of reliability testing.
9. In dynamic software analysis, we do not actually execute the software under analysis.
10. Most formal software analysis and verification techniques are obsolete
MULTIPLE CHOICES
11. Which of the followings helps to improve security related aspects of software
a. Collecting and analyzing security-related measurements
b. Improving security process
c. Improving artifacts quality
d. all of the above
12. Which of the following properties are related to authentication of identity and access control?
a. Accountability
b. Non-repudiation
c. both a and b
d. None of a and b
13. Which of the following elements is not shared by the software professional ethics and codes of conduct?
a. forcing security measures into the software
b. acting in the public's interest
c. honesty and integrity in the practice of software development
d. maintaining competence in the profession
14. Which of the following is not an approach to reduce the possibilities for software security violations.
A. Deny access unless explicitly authorized
B. Deploy with non-secure initial defaults
C. Implement least privilege
D. Check every access
15. In software design, separation can eliminate or reduce the possibilities of certain kinds of violations via implementing the following except___________
A. most common mechanisms
B. Separation of duties
C. Separation of privilege
D. Constrained dependency
16. After failure, software system should have a well-defined status. Which of the following is a valid status?
A. Rollback
B. Fail forward
C. Compensate
D. all of the above
17. The list of assumptions made primarily about the software systems environment is one of the products of the requirements activity. Which of the following is a valid assumption?
A. Environmental Assumptions
B. Internal Assumptions
C. both a & b
D. neither a nor b
18. Which of the following is a kind of activities related to tolerance of errors or violation of software system correctness?
A. forecasting violations
B. notification and warning
C. repair of fault or vulnerability
D. All of the above
19. Common content filtering mechanisms include all but one of the followings. Which one?
A. Recovering to a safe sate
B. Security wrappers
C. Application firewalls
D. eXtensible Markup Language (XML) gateways
20. The anti-tamper mechanisms most frequently used for protecting software are all but one of the following. Which one?
A. Virtual machines
B. Simulation techniques
C. Hardened operating systems
D. Trusted hardware modules
21. Deception techniques at the system level can be used to divert potential attackers away from targeting the system and towards targeting a purpose-built decoy. Which of the following is a deception technique?
A. Honeypot
B. Intrusion detection system
C. Firewall
D. Virtual Private Network (VPN)
22. Which of the followings is not a software testing technique
A. Attack oriented tested
B. User oriented testing
C. Brute force and random testing
D. Fault and vulnerability-oriented testing
23. Network scanners are examples of ___________
A. Dynamic analysis tools
B. Static analysis tools
C. Compilers
D. None of the above
24. _________is an example of lightweight secure software process
A. Oracle security process
B. Microsoft secure development life cycle
C. CMMI process
D. OSI Security standard
25. Which of the following statements is correct?
A. Risk assessment is the process of planning, managing risk, and mitigating risk.
B. Risk management is the process of planning, assessing risk, and mitigating risk,
C. Risk management applies to software development but risk assessment apply to overall organization.
D. D. None of the above
SHORT ANSWER
26. Briefly describe how much control a Project Manager has with four parameters of project management in managing secure, high assurance software. The four parameters are: scope, quality, resource and time.
27. Briefly explain how a software development process can become dependable through the use of tools..
28. Briefly discuss how do you test for software resiliency?
29. Briefly discuss how can documentation assist secure development and enhancement?
30. Briefly discuss how can open design contribute to better security?
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.