Question 1

Bypassing the CCB process gives the developer more time to guard against security vulnerabilities in the application.

Accepted Answer

Bypassing the CCB process means skipping the review and approval of the application by security experts, which increases the likelihood of security vulnerabilities in the application. The CCB process helps ensure that the application is thoroughly evaluated and meets security standards before release.

Question 2

Ajax is a new technology.

Accepted Answer

Ajax (Asynchronous JavaScript and XML) is not a new technology as it was first introduced in 2005. However, it is still widely used in modern web development.

Question 3

Two of the most common changes to a software application during the maintenance phase are new data flows and new user roles.

Accepted Answer

During the maintenance phase, new features may be added to the software application, which could include new data flows or the introduction of new user roles to the system.

Question 4

Software assurance can be proven, validated, and substantiated only by the process in place and the artifacts produced from each process.

Accepted Answer

Software assurance is about ensuring that software meets its specified requirements and works as expected. This can only be demonstrated through evidence like test results, code reviews, and other artifacts produced during the software development process.

Question 5

To help maintain the software's security, make training part of the development methodology for new hires.

Accepted Answer

Making training a part of the development methodology for new hires can help them better understand the importance of security and follow secure coding practices, which can help maintain the software's security.

Question 6

The duty of responding to attacks is to maintain the security integrity of the software throughout its useful lifetime.

Accepted Answer

The duty of responding to attacks is an ongoing process that aims to identify and mitigate potential security vulnerabilities and threats. By doing so, the security integrity of the software can be maintained throughout its useful lifetime.

Question 7

Software assurance means that your code is secure.

Accepted Answer

Software assurance does not necessarily mean that your code is secure. Software assurance is a comprehensive approach to ensure that software is reliable, resilient, and performs as expected in various environments. It includes activities such as testing, verifying, and validating software, as well as ensuring that it meets quality standards and compliance requirements. While security is an essential aspect of software assurance, it is only one of the many factors that need to be considered to ensure software quality.

Question 8

In order to support the application's operations, everyone on the team must sustain secure software until the application retires.

Accepted Answer

All team members are responsible for maintaining the security of the software throughout its lifespan, not just during the development phase.

Question 9

Once the project is in maintenance mode, the developer can relax a little with the details of the requirement process.

Accepted Answer

Even in maintenance mode, attention to detail in the requirement process is crucial to ensure that updates and fixes do not introduce new issues and that they meet the users' needs effectively.

Question 10

A managerial policy is not necessary to include in the Application Guide.

Accepted Answer

A managerial policy is necessary to include in the Application Guide as it provides guidelines on how the application should be used and managed within an organization, ensuring consistency and compliance with organizational standards and objectives.

Question 11

Sensing activities does not help the code protect itself.

Accepted Answer

The answer of Sensing activities does not help the code...

Question 12

One proactive measure that developers can implement in the development team is sensing.

Accepted Answer

The answer of One proactive measure that developers can implement...

Question 13

The benefits to a CCB are twofold: -Provide a known and methodical decision process -Sustain security and quality in the software artifacts

Accepted Answer

The answer of The benefits to a CCB are twofold:...

Question 14

The developer can help sustain the formaility in the development process during maintenance by creating a change control board.

Accepted Answer

The answer of The developer can help sustain the formaility...

Question 15

The CCB is only made up of developers.

Accepted Answer

The answer of The CCB is only made up of...

Question 16

The Applications Guide doesn't need rules in place to be successful.

Accepted Answer

The answer of The Applications Guide doesn't need rules in...

Question 17

The main benefit of a CCB is to reinforce management's support for software artifacts and to prioritize the workload.

Accepted Answer

The answer of The main benefit of a CCB is...

Question 18

Reactive measures are plans and polices that outline the proper response to an incident.

Accepted Answer

The answer of Reactive measures are plans and polices that...

Question 19

Monitoring error logs and responding to immediate issues is a great way to stay proactive in the secure software process.

Accepted Answer

The answer of Monitoring error logs and responding to immediate...

Question 20

Learning new technologies and networking with your peers are two ways to show initiative.

Accepted Answer

The answer of Learning new technologies and networking with your...

Question 21

What is the best way project management can ensure change requests (CR) are appropriately managed?&#10;A) let the team leads handle CRs&#10;B) make sure all CRs are testes&#10;C) put all CR through he normal development methodology&#10;D) create a Change Control Board (CCB)

Accepted Answer

The answer of What is the best way project management...

Question 22

Ajax does not have any security vulnerabilities.

Accepted Answer

The answer of Ajax does not have any security vulnerabilities....

Question 23

Software assurance means?&#10;A) software has been tested&#10;B) you have secure code&#10;C) the software is certified&#10;D) process in place and a plan of action to ensure that the software that is written is secure

Accepted Answer

The answer of Software assurance means?&#10;A) software has been tested&#10;B)...

Question 24

Wikis are online resources that can be used to define common elements of the application, department or company.

Accepted Answer

The answer of Wikis are online resources that can be...

Question 25

According to the Organization for Internet Safety (OIS), which of the following steps for a threat response process does the organization announce the attack?&#10;A) Resolution:&#10;B) Release&#10;C) Notification&#10;D) Investigation

Accepted Answer

The answer of According to the Organization for Internet Safety...

Question 26

If someone were to ask you to prove that your application is secure, what would the Application Guide prove?&#10;A) That you have secure code&#10;B) documentation of the reusable, secure process&#10;C) That you have tools configured&#10;D) That the software is bug free

Accepted Answer

The answer of If someone were to ask you to...

Question 27

Why is it important to network with peers in this field?&#10;A) Good to find out salaries&#10;B) good to get exposure with the boss&#10;C) Good for moral&#10;D) People move from project to project and place to place in this field very quickly. Chances are you will work with them again

Accepted Answer

The answer of Why is it important to network with...

Question 28

Podcasts are online videos that can be used for training, instructions, or demonstrations.

Accepted Answer

The answer of Podcasts are online videos that can be...

Question 29

What does benchmarking time do for you?&#10;A) let's everyone on the team know where they should be&#10;B) provides goals&#10;C) looking at the project plan and comparing the estimates with the actual coding time&#10;D) padds hours for the plan

Accepted Answer

The answer of What does benchmarking time do for you?&#10;A)...

Question 30

According to the Organization for Internet Safety (OIS), which of the following steps for a threat response process does the organization verify the attack?&#10;A) Notification&#10;B) Investigation&#10;C) Resolution:&#10;D) Discovery

Accepted Answer

The answer of According to the Organization for Internet Safety...

Question 31

Keeping a daily journal is a waste of time and has no place on your project.

Accepted Answer

The answer of Keeping a daily journal is a waste...

Question 32

How can one scout for incidents?&#10;A) Ask a friend&#10;B) Hold weekly incident meetings&#10;C) look at US-CERT database&#10;D) watch error logs

Accepted Answer

The answer of How can one scout for incidents?&#10;A) Ask...

Question 33

Web 2.0 is a term used to describe the transitional status of today's Web applications.

Accepted Answer

The answer of Web 2.0 is a term used to...

Question 34

If someone were to ask you to prove that your application is secure, what would the Incident reports prove?&#10;A) It provides documentation of the reusable, secure process&#10;B) Prove that testing is a major process in the development life cycle&#10;C) Prove that a process is in place to scan for bugs vulnerabilities, and standards in the code&#10;D) Prove that there is a process in place that proactively monitors new threats to existing software

Accepted Answer

The answer of If someone were to ask you to...

Question 35

Why are new developers somewhat of a risk to the security of the software?&#10;A) they don't have the background knowledge that the developers who wrote the software do&#10;B) they may not know the CCB process&#10;C) they might know how to report incidents&#10;D) they may not know the Application Guide

Accepted Answer

The answer of Why are new developers somewhat of a...

Question 36

What do sensing activities include?&#10;A) how to provide estimates&#10;B) how to monitor, test, and review code for threats and vulnerabilities&#10;C) how to upgrade software&#10;D) update the Application Guide

Accepted Answer

The answer of What do sensing activities include?&#10;A) how to...

Question 37

If someone were to ask you to prove that your application is secure, what would the Misuse cases prove?&#10;A) Proves that threat analysis and investigation was done looking for ways to break the software&#10;B) Prove that there is a process in place that proactively monitors new threats&#10;C) Prove that testing is a major process in the development life cycle&#10;D) It provides documentation of the reusable, secure process

Accepted Answer

The answer of If someone were to ask you to...

Question 38

Which is the most threatens to a software during the maintenance phase?&#10;A) Change Request Board&#10;B) software upgrades&#10;C) Change Requests&#10;D) no testing procedures

Accepted Answer

The answer of Which is the most threatens to a...

Question 39

What is one way you can improve your ability to provide meaningful estimates?&#10;A) keep a daily journal of how long each code module takes to code&#10;B) exagerate more hours&#10;C) let someone else estimate&#10;D) work as long as it takes to make the deadlines

Accepted Answer

The answer of What is one way you can improve...

Question 40

What type of report is reactive?&#10;A) Application Guide&#10;B) Misuse Case&#10;C) Incident&#10;D) Test script

Accepted Answer

The answer of What type of report is reactive?&#10;A) Application...

Question 41

When should an incident report be released?&#10;A) As soon as one is found&#10;B) After a Resolution is found&#10;C) ASAP&#10;D) Right after the verification of the attack

Accepted Answer

The answer of When should an incident report be released?&#10;A)...

Question 42

What is the best way to be proactive in solving application errors?&#10;A) Test more&#10;B) Monitor error logs&#10;C) Re-read the use case document&#10;D) Wait for the user to open a Change Request

Accepted Answer

The answer of What is the best way to be...

Question 43

What is the first thing the develop can rely on when an attack occurs to the Application Guide?&#10;A) look at the code&#10;B) view error logs&#10;C) rely on the Are You Ready section of the Application Guide&#10;D) wait for CCB direction

Accepted Answer

The answer of What is the first thing the develop...

Deck 11: Maintain Your Software, Maintain Your Career