Diwali Deal : Flat 20% off + 2 free self-paced courses + $200 Voucher - SCHEDULE CALL
Software security is all about keeping programs safe from hackers and other threats. This means writing code carefully, keeping software up-to-date, checking for weaknesses, and using strong passwords and authentication methods. In the field of cybersecurity, software security is very important because it helps protect against attacks and keeps data safe. Mentioning your skills in software security during a job interview shows that you know how to keep systems secure and can help prevent cyberattacks, which is something employers highly value.
A: The Waterfall Model is a linear application development model that uses rigid phases; when one phase ends, the next begins. The Waterfall Model predates software design and was first used in manufacturing. It was first used to describe a software development process in 1969 when large software projects had become too complex to design using informal methods. Steps occur in sequence, and the unmodified waterfall model prevents developers from returning to previous steps. The waterfall is called because it simulates water falling: it cannot go back up.
A: Closed source software is typically released in executable form; the source code is kept confidential. Examples include Oracle and Microsoft Windows 10. Open-source software publishes source code publicly. Examples include Ubuntu Linux and the Apache web server. Proprietary software is subject to intellectual property protections such as patents or copyrights. "Closed source software" and "proprietary software" are sometimes used as synonyms, but that is not always true: some open source software is also proprietary.
A: Referential integrity means that every foreign key in a secondary table matches a primary key in the parent table; if this is not true, referential integrity has been broken. Semantic integrity means that each attribute (column) value is consistent with the attribute data type. Entity integrity means each tuple has a unique primary key that is not null.
A: Hierarchical databases form a tree: the global Domain Name Service (DNS) servers form a global tree. The root name servers are at the "root zone" at the tree's base; individual DNS entries form the leaves. www.syngress.com points to the syngress.com DNS database, which is part of the dot com (.com) top-level domain (TLD), which is part of the global DNS (root zone). From the root, you may go back down another branch, down to the dot gov (.gov) TLD, to the nist.gov (National Institute of Standards and Technologies) domain, to www.nist.gov.
A: Machine code (machine language) is software executed directly by the CPU. Machine code is CPU-dependent; it is a series of 1s and 0s that translate to instructions that are understood by the CPU. Source code is computer programming language instructions written in text that must be translated into machine code before execution by the CPU. High-level languages contain English-like instructions such as "printf" (print formatted).
Assembly language is a low-level computer programming language. Assembly language instructions are short mnemonics, such as "ADD," "SUB" (subtract), and "JMP" (jump), that match machine language instructions. An assembler converts assembly language into machine language. A disassembler attempts to convert machine language into assembly.
A: An alternative to COTS is to employ custom-developed applications. These custom-developed third-party applications provide both additional risks and potential benefits beyond COTS. Contractual language and Service Level Agreements (SLA) are vital when dealing with third-party development shops. Only assume that security will be a consideration in the development of the product if they are contractually obligated to provide security capabilities.
A: Fourth-generation programming languages (4GL) are computer languages designed to increase programmer's efficiency by automating the creation of computer programming code. They are named "fourth generation" because they can be viewed as the fourth step of the evolution of computer languages:
First-generation language: machine code
Second-generation language: assembly
Third-generation language: COBOL, C, Basic
Fourth-generation language: ColdFusion, Progress 4GL, Oracle Reports
Fourth-generation languages are Graphical User Interface (GUI) focused, dragging and dropping elements and generating code based on the results. 4GL languages are usually focused on creating databases, reports, and websites.
A: Computer-aided Software Engineering (CASE) uses programs to assist in creating and maintaining other computer programs. (Human) programmers or teams have historically performed programming; CASE adds software to the programming "team."
There are three types of CASE software:
1. Tools: support only specific tasks in the software-production process.
2. Workbenches: support one or a few software process activities by integrating several tools in a single application.
3. Environments: support all or at least part of the software production process with a collection of Tools and Workbenches."
Fourth-generation computer languages, object-oriented languages, and GUIs are often used as CASE components.
A: Privilege escalation vulnerabilities allow an attacker with (typically limited) access to additional resources. Vertical escalation leverages non-privileged access into higher-level access. One example is escalating privileges from a regular Unix user into root access (UID 0).
Horizontal escalation allows an attacker to access other accounts, such as pivoting from one non-privileged account to another (with access to different resources). Improper software configurations and poor coding and testing practices often cause privilege escalation vulnerabilities.
A: Top-down (TD) programming starts with the broadest and highest-level requirements (the concept of the final program) and works toward low-level technical implementation details. Bottom-up programming is the reverse: it starts with the low-level technical implementation details and works up to the concept of the complete program.
Both methods pose risks: what if the Top-Down approach made incorrect assumptions about the performance of the low-level devices? On the other hand, Bottom-Up risks wasting time by performing lots of programming for features that may not be required or implemented in the final product.
Procedural languages such as C have historically been programmed in a Top-Down style: start with the main program, define the procedures, and work down from there. Object-oriented programming typically uses bottom-up design: define the objects and use them to build up to the final program.
A: Extreme Programming (XP) is an Agile development method that uses pairs of programmers who work off a detailed specification. There is a high level of customer involvement. "Extreme Programming improves a software project in five essential ways: communication, simplicity, feedback, respect, and courage. Extreme Programmers constantly communicate with their customers and fellow programmers. They keep their design simple and clean. They get feedback by testing their software starting on day one. They deliver the system to the customers as early as possible and implement changes as suggested."
XP core practices include:
Planning: specifies the desired features, which are called the User Story. They are used to determine the iteration (timeline) and drive the detailed specifications.
Paired programming: programmers work in teams.
Forty-hour workweek: the forecasted iterations should be accurate enough to forecast how many hours will be required to complete the project. If programmers must put in additional overtime, the iteration must be flawed.
Total customer involvement: the customer is always available and carefully monitors the project.
Detailed test procedures: they are called Unit Tests.
A: The Systems Development Life Cycle (SDLC, also called the Software Development Life Cycle or simply the System Life Cycle) is a system development model. It is used across the IT industry, but it focuses on security when used in the context of the exam.
During the exam, SDLC focused on security in every phase. This model is broader than many application development models, focusing on the entire system, from selection/development through operational requirements to secure disposal. There are many variants of the SDLC, but most follow (or are based on) the National Institute of Standards and Technology (NIST) SDLC process.
A: Software escrow describes having a third-party store store an archive of computer software. This is often negotiated as part of a contract with a proprietary software vendor. The vendor may wish to keep the software source code secret, but the customer may be concerned that the vendor could go out of business (potentially orphaning the software). Orphaned software with no source code will not receive future improvements or patches. Software escrow places the source code in escrow under the control of a neutral third party. A contract strictly specifies the conditions for potential release of the source code to the customer, typically due to the software vendor's business failure.
A: Object-oriented design and programming uses an object metaphor to design and write computer programs. Our bodies are composed of objects that operate independently and communicate with each other. Our eyes are independent organs (objects) that receive light input, sending an output of nerve impulses to our brains.
Our hearts receive deoxygenated blood from our veins and oxygen from our lungs, sending oxygenated blood to our arteries. Many organs can be replaced: a diseased liver can be replaced with a healthy liver. Object-Oriented Programming (OOP) replicates the use of objects in computer programs. Object-Oriented Design (OOD) treats objects as a higher-level design concept, like a flow chart.
A: The Software Capability Maturity Model (CMM) is a maturity framework for evaluating and improving the software development process. The five levels of CMM are:
Initial: The software process is ad hoc and occasionally even chaotic. Few processes are defined, and success depends on individual effort.
Repeatable: Basic project management processes are established to track cost, schedule, and functionality. The necessary process discipline is in place to repeat earlier successes on projects with similar applications.
Defined: The management and engineering activities software process is documented, standardized, and integrated into an organization-wide standard software process. Projects use an approved, tailored version of the organization's standard software process for developing and maintaining software.
Managed: Detailed measures of the software process and product quality are collected, analyzed, and used to control the process. Both the software process and products are quantitatively understood and controlled.
Optimizing: Continual process improvement is enabled by quantitative feedback from the process and piloting innovative ideas and technologies.
A: The ISTQB (International Software Testing Qualifications Board) lists four levels of acceptance testing:
The User Acceptance test focuses mainly on functionality, thereby validating the business user's fitness-for-use of the system. The users and application managers perform the user acceptance test.
The Operational Acceptance test, also known as the Production Acceptance Test, validates whether the system meets the requirements for operation. In most organizations, the system administration performs the operational acceptance test before the system is released. The test may include testing of backup/restore, disaster recovery, maintenance tasks, and periodic checks of security vulnerabilities.
Contract Acceptance testing: This is performed against the contract's acceptance criteria for producing custom-developed software. Acceptance should be formally defined when the contract is agreed upon.
A: ANNs seek to replicate the capabilities of biological neural networks. A node is used to describe an artificial neuron. Like their biological counterparts, these nodes receive input from synapses and send output when a weight is exceeded. Single-layer ANNs have one layer of input nodes; multilayer ANNs have multiple layers of nodes, including hidden nodes.
An Artificial Neural Network learns by example via a training function: synaptic weights are changed via an iterative process until the output node fires correctly for a given set of inputs. Artificial Neural Networks are used for "fuzzy" solutions, where exactness is not always required (or possible), such as predicting the weather.
A: Genetic Algorithms and Programming fundamentally change how software is developed: instead of being coded by a programmer, they evolve to solve a problem. Genetic Algorithms and Programming seek to replicate nature's evolution, where animals evolve to solve problems. Genetic programming refers to creating entire software programs (usually in Lisp source code); genetic algorithms refer to creating shorter pieces of code (represented as strings called chromosomes).
A: Common Object Request Broker Architecture (CORBA) is an open vendor-neutral networked object broker framework by the Object Management Group (OMG). CORBA competes with Microsoft's proprietary DCOM. CORBA objects communicate via a message interface, described by the Interface Definition Language (IDL).
The essence of CORBA, beyond being a networked object broker, is the separation of the interface (syntax for communicating with an object) from the instance (the specific object): "The interface to each object is defined very strictly. In contrast, the implementation of an object—its running code and data—is hidden from the rest of the system (i.e., encapsulated) behind a boundary that the client may not cross.
Clients access objects only through their advertised interface, invoking only those operations that the object exposes through its IDL interface, with only those parameters (input and output) that are included in the invocation."
A: As the name implies, a data warehouse is an extensive data collection. Modern data warehouses may store many terabytes (1,000 gigabytes) or even petabytes (1,000 terabytes) of data. This requires sizeable scalable storage solutions. The storage must be high performance and allow data analysis and searches.
Once data is collected in a warehouse, data mining is used to search for patterns. Commonly sought patterns include signs of fraud. Credit card companies manage the world's largest data warehouses, tracking billions of transactions annually.
Fraudulent transactions are a primary concern of credit card companies, leading to millions of dollars in lost revenue. No human could monitor all those transactions, so credit card companies use data mining to separate the signal from the noise. A typical data mining fraud rule monitors multiple purchases on one card in different states or countries in a short period. A violation record can be produced when this occurs, leading to suspension of the card or a phone call to the card owner's home.
Cyber Security Training & Certification
JanBask Training's cybersecurity courses can help you gain these essential skills. They offer practical training on the latest security practices, tools, and techniques, preparing you for real-world challenges. Completing their courses can boost your confidence and improve your chances of landing a job in cybersecurity.
CEH Reconnaissance Interview Questions & Answers
Security and Risk Management Interview Questions and Answers
CISSP Asset Security Interview Questions and Answers
Cyber Security
QA
Salesforce
Business Analyst
MS SQL Server
Data Science
DevOps
Hadoop
Python
Artificial Intelligence
Machine Learning
Tableau
Download Syllabus
Get Complete Course Syllabus
Enroll For Demo Class
It will take less than a minute
Tutorials
Interviews
You must be logged in to post a comment