Question 1

Before users are allowed to access any information in the MLS model, they assigned a ____ level.

Accepted Answer

In the Multilevel Security (MLS) model, before users are allowed to access any information, they are assigned a clearance level. This clearance level determines the sensitivity of information they are allowed to access.

Question 2

A "____" is a special type of "smart" virus that can replicate from system to system without human user intervention.

Accepted Answer

A worm is a type of virus that is able to self-replicate and spread across multiple systems without requiring any action from the user. Trojan horses, macros, and logic bombs all require some form of user interaction or trigger to execute.

Question 3

A ____ case is a specific way of using the system by performing some part of the functionality.

Accepted Answer

A positive-use case refers to a scenario where the system is used as intended to perform a specific function or achieve a particular goal.

Question 4

The ____ model is the most fundamental process model used to build software.

Accepted Answer

The waterfall model is the most fundamental process model used in software development. It is a linear sequential approach in which development flows downward through several phases: requirements gathering, design, implementation, testing, deployment, and maintenance.

Question 5

The value of a DEUD is the same for every software product deployed.

Accepted Answer

The value of a DEUD (Development, Enhancement, Upgrade, and Debugging) is different for each software product as the effort required to perform these activities varies based on the product's complexity, functionality, and architecture.

Question 6

____ provides strict access control, allowing information to flow freely between users in a computing system who have appropriate security access while preventing information leaks to unauthorized users.

Accepted Answer

MLS (Multilevel Security) provides strict access control in a computing system, allowing only authorized users with appropriate security access to access information and preventing unauthorized access or information leaks. COTS (Commercial Off-The-Shelf) refers to software or hardware products that are readily available in the market and not necessarily designed with security in mind. XP (Extreme Programming) is a software development methodology and CLASP (Comprehensive Lightweight Application Security Process) is a security methodology for application development.

Question 7

Performance and piracy are not considerations when data and execution are sent remotely.

Accepted Answer

Performance and piracy can still be important considerations when data and execution are sent remotely. Slow network connections or server overload can cause performance issues, and pirated access to remote servers can still occur.

Question 8

____ is defined as the illegal copying and/or distributing of copyrighted software without the permission of the copyright holder.

Accepted Answer

Software piracy is the act of illegal copying and/or distributing copyrighted software without the permission of the copyright holder. Extreme programming is a software development methodology, system protection refers to measures taken to protect a computer system from potential threats, and system leak is not a commonly used term in the context of software.

Question 9

A security requirement is a manifestation of a high-level security policy related to the detailed requirements of a specific system.

Accepted Answer

This statement is true. A security requirement is a specific and detailed aspect of an overarching security policy that is applied to a particular system or application. This helps ensure that the system is designed, implemented, and managed in a way that maintains the necessary level of security to protect against threats and risks.

Question 10

During ____, unified security architecture must be put in place to enable the system to enforce various security principles and fulfill all the use cases from requirement analysis.

Accepted Answer

During high-level design, the overall architecture of the system is defined, including the security architecture. A unified security architecture must be put in place to ensure that the system can enforce various security principles and fulfill the use cases identified during the requirement analysis phase. This includes defining authentication and authorization mechanisms, encryption and decryption techniques, and other security measures to protect the system from known and unknown threats.

Question 11

The term ____ describes products that are commercially available and can be purchased and integrated with little or no customization.

Accepted Answer

COTS stands for "commercial off-the-shelf" and refers to products that are pre-built and available for purchase to be integrated with minimal customization.

Question 12

____ breaks the software code into portions that run on ordinary RAM, portions that run on read-only memory (ROM), portions that run under secure hardware, and/or portions that run remotely in a trusted location.

Accepted Answer

Code partitioning is the process of dividing the software code into different parts that run on different hardware or in different environments based on their security requirements. This technique helps to improve the security of the system by isolating critical parts of the code from potential attacks.

Question 13

The ____ model provides an implementation guide that helps project managers to decide if a particular activity needs to be adopted.

Accepted Answer

CLASP (Comprehensive Lightweight Application Security Process) provides a framework for project managers to assess and implement security measures in software development projects. It includes an activity guide that helps project managers to decide what security measures need to be adopted based on the specific requirements of the project. The other models (AOP, XP, waterfall) do not have such implementation guides specifically for security measures.

Question 14

____ takes a close look at each software module and involves picking the appropriate programming languages, data structures, and algorithms.

Accepted Answer

Low-level design involves detailed planning and consideration of the specific components that make up the software, including programming languages, data structures, and algorithms. This stage comes after high-level design and before implementation, where the actual coding takes place. Testing follows implementation to ensure the software is functioning correctly.

Question 15

The MLS security model cannot be implemented on top of another base operating system.

Accepted Answer

The MLS (Multi-Level Security) model can be implemented on top of another base operating system, often through additional security mechanisms or modifications to support MLS policies and controls.

Question 16

A ____ attaches itself to a program or data file so that it can spread from one computer to another, infecting as it travels.

Accepted Answer

A virus is a type of malware that attaches itself to a program or data file and then spreads by infecting other files on the same computer or network. It may also have the ability to spread to other computers through various means, such as email attachments or file-sharing networks. Viruses can cause significant harm to a computer system, including data loss, system crashes, and theft of sensitive information.

Question 17

A "____" is a type of stand-alone software attack that does not replicate by itself.

Accepted Answer

A Trojan horse is a type of stand-alone software attack that does not replicate by itself. Unlike viruses or worms, Trojan horses do not have the ability to self-replicate and spread on their own. Instead, they rely on user interaction or other methods to spread and perform their malicious actions. BIOS virus is a type of virus that is programmed to attack the BIOS of a computer, and a worm is a type of self-replicating malware that can spread across networks without user interaction.

Question 18

With ____, the software is stored in such a way that a code is "hidden" before execution and an independently stored key is retrieved and constructed prior to execution using a method known only by the vendor.

Accepted Answer

The given description matches the concept of code protection where the software's code is obscured and a separate key is retrieved before execution using a method known only by the vendor.

Question 19

Security technologies such as firewalls, anti-virus software, and intrusion-detection engines have been developed to "catch" security holes in software systems.

Accepted Answer

Security technologies like firewalls, anti-virus software, and intrusion-detection engines are designed to detect and prevent security breaches in software systems.

Question 20

____ channels allow information to be transmitted by mechanisms not intended for signaling information, for example, locks, system load, or CPU cycle load.

Accepted Answer

Covert channels allow information to be transmitted by using a mechanism that is not intended for signaling information, such as using the amount of CPU cycles or system load to convey information. Timing channels, on the other hand, use the timing of events to transmit information. Workload channels and storage channels are not relevant to this definition.

Quiz 2: Software Engineering and Security