A majority of security defects and vulnerabilities in software are related to se
ID: 3734502 • Letter: A
Question
A majority of security defects and vulnerabilities in software are related to security functionality.
True
False
QUESTION 2
Security testing needs to make use of both white hat and black hat concepts and approaches.
True
False
QUESTION 3
It is easy to test whether a feature works or not.
True
False
QUESTION 4
It is easy to show whether or not a system is secure enough under malicious attack.
True
False
QUESTION 5
Passing a software penetration test provides very little assurance that an application is immune to attack.
True
False
QUESTION 6
Penetration testing is driven by an outside->in approach.
True
False
QUESTION 7
Consider the following scenario. A set of reformed hackers is hired to carry out a penetration test. The hackers discover a few problems in the software, usually relating to vulnerabilities in base technology such as an application framework or a basic misconfiguration problem. The hackers report their findings.
a.
None of the parties involved know whether the most critical security risks have been uncovered
b.
The software will be secure after the problems discovered by the reformed hackers are fixed
c.
This scenario shows the security of the software has been properly tested.
d.
There are likely still remaining security flaws in the software.
QUESTION 8
1. Which of the following are true?
a.
Penetration testing is best suited to probing configuration problems and other environmental factors that deeply impact software security
b.
It is more effective if a penetration test is conducted with knowledge of risk analysis results
c.
Penetration testing results can be used to declare security victory
d.
Penetration testing is conducted on a system in its final production environment.
QUESTION 9
1. Which of the following are true?
a.
a. Effective use of tools can relieve some of the work of a tester and thus drive down cost.
b.
a. Tool output can be used as metrics to track progress over time in meeting a security goal.
c.
a. Tools can be used as a replacement for review by a skilled security analyst.
d.
a. Tools should be used in penetration testing.
QUESTION 10
To benefit most from penetrating testing, what should the software developers do?
a.
Use the penetration testing results to carry out a root-cause analysis of the identified vulnerabilities.
b.
Declare the software as secure after fixing the issue found by the penetration testing tool.
c.
Use penetration testing results to measure progress against a goal.
d.
Devise mitigation strategies to address the identified vulnerabilities as well as similar vulnerabilities in the software.
Explanation / Answer
1. True, yes the majority of security defects and vulnerabilities in software are related to security functionality
2. True, security testing should consider the both the types of hackers to enhance security performance.
3. True, It is easy to test single component or feature where as typical to compare with other feature security.
4.False, It is difficult to analyse as all the aspects of security and vulnerabilities have to be considered to secure the system.
5. True, Passing a software penetration test doesn't implies the entire security of software.
6. True, Penetration testing is started from basic approach .
7. d.There are likely still remaining security flaws in the software.
8. d.Penetration testing is conducted on a system in its final production environment.
9. a.Tools using may result in less work but those are should used in effective manner.
10. a.Use the penetation testing results to carry out a root-cause analysis of the identified vulnerabilities.
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.