Chat with AI
Deck 11: Maintain Your Software, Maintain Your Career
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/43
Play
Full screen (f)
Deck 11: Maintain Your Software, Maintain Your Career
1
Bypassing the CCB process gives the developer more time to guard against security vulnerabilities in the application.
False
2
Ajax is a new technology.
False
3
Two of the most common changes to a software application during the maintenance phase are new data flows and new user roles.
True
4
Software assurance can be proven, validated, and substantiated only by the process in place and the artifacts produced from each process.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
5
To help maintain the software's security, make training part of the development methodology for new hires.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
6
The duty of responding to attacks is to maintain the security integrity of the software throughout its useful lifetime.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
7
Software assurance means that your code is secure.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
8
In order to support the application's operations, everyone on the team must sustain secure software until the application retires.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
9
Once the project is in maintenance mode, the developer can relax a little with the details of the requirement process.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
10
A managerial policy is not necessary to include in the Application Guide.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
11
Sensing activities does not help the code protect itself.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
12
One proactive measure that developers can implement in the development team is sensing.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
13
The benefits to a CCB are twofold: -Provide a known and methodical decision process -Sustain security and quality in the software artifacts
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
14
The developer can help sustain the formaility in the development process during maintenance by creating a change control board.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
15
The CCB is only made up of developers.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
16
The Applications Guide doesn't need rules in place to be successful.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
17
The main benefit of a CCB is to reinforce management's support for software artifacts and to prioritize the workload.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
18
Reactive measures are plans and polices that outline the proper response to an incident.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
19
Monitoring error logs and responding to immediate issues is a great way to stay proactive in the secure software process.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
20
Learning new technologies and networking with your peers are two ways to show initiative.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
21
What is the best way project management can ensure change requests (CR) are appropriately managed?
A) let the team leads handle CRs
B) make sure all CRs are testes
C) put all CR through he normal development methodology
D) create a Change Control Board (CCB)
A) let the team leads handle CRs
B) make sure all CRs are testes
C) put all CR through he normal development methodology
D) create a Change Control Board (CCB)
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
22
Ajax does not have any security vulnerabilities.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
23
Software assurance means?
A) software has been tested
B) you have secure code
C) the software is certified
D) process in place and a plan of action to ensure that the software that is written is secure
A) software has been tested
B) you have secure code
C) the software is certified
D) process in place and a plan of action to ensure that the software that is written is secure
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
24
Wikis are online resources that can be used to define common elements of the application, department or company.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
25
According to the Organization for Internet Safety (OIS), which of the following steps for a threat response process does the organization announce the attack?
A) Resolution:
B) Release
C) Notification
D) Investigation
A) Resolution:
B) Release
C) Notification
D) Investigation
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
26
If someone were to ask you to prove that your application is secure, what would the Application Guide prove?
A) That you have secure code
B) documentation of the reusable, secure process
C) That you have tools configured
D) That the software is bug free
A) That you have secure code
B) documentation of the reusable, secure process
C) That you have tools configured
D) That the software is bug free
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
27
Why is it important to network with peers in this field?
A) Good to find out salaries
B) good to get exposure with the boss
C) Good for moral
D) People move from project to project and place to place in this field very quickly. Chances are you will work with them again
A) Good to find out salaries
B) good to get exposure with the boss
C) Good for moral
D) People move from project to project and place to place in this field very quickly. Chances are you will work with them again
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
28
Podcasts are online videos that can be used for training, instructions, or demonstrations.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
29
What does benchmarking time do for you?
A) let's everyone on the team know where they should be
B) provides goals
C) looking at the project plan and comparing the estimates with the actual coding time
D) padds hours for the plan
A) let's everyone on the team know where they should be
B) provides goals
C) looking at the project plan and comparing the estimates with the actual coding time
D) padds hours for the plan
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
30
According to the Organization for Internet Safety (OIS), which of the following steps for a threat response process does the organization verify the attack?
A) Notification
B) Investigation
C) Resolution:
D) Discovery
A) Notification
B) Investigation
C) Resolution:
D) Discovery
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
31
Keeping a daily journal is a waste of time and has no place on your project.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
32
How can one scout for incidents?
A) Ask a friend
B) Hold weekly incident meetings
C) look at US-CERT database
D) watch error logs
A) Ask a friend
B) Hold weekly incident meetings
C) look at US-CERT database
D) watch error logs
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
33
Web 2.0 is a term used to describe the transitional status of today's Web applications.
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
34
If someone were to ask you to prove that your application is secure, what would the Incident reports prove?
A) It provides documentation of the reusable, secure process
B) Prove that testing is a major process in the development life cycle
C) Prove that a process is in place to scan for bugs vulnerabilities, and standards in the code
D) Prove that there is a process in place that proactively monitors new threats to existing software
A) It provides documentation of the reusable, secure process
B) Prove that testing is a major process in the development life cycle
C) Prove that a process is in place to scan for bugs vulnerabilities, and standards in the code
D) Prove that there is a process in place that proactively monitors new threats to existing software
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
35
Why are new developers somewhat of a risk to the security of the software?
A) they don't have the background knowledge that the developers who wrote the software do
B) they may not know the CCB process
C) they might know how to report incidents
D) they may not know the Application Guide
A) they don't have the background knowledge that the developers who wrote the software do
B) they may not know the CCB process
C) they might know how to report incidents
D) they may not know the Application Guide
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
36
What do sensing activities include?
A) how to provide estimates
B) how to monitor, test, and review code for threats and vulnerabilities
C) how to upgrade software
D) update the Application Guide
A) how to provide estimates
B) how to monitor, test, and review code for threats and vulnerabilities
C) how to upgrade software
D) update the Application Guide
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
37
If someone were to ask you to prove that your application is secure, what would the Misuse cases prove?
A) Proves that threat analysis and investigation was done looking for ways to break the software
B) Prove that there is a process in place that proactively monitors new threats
C) Prove that testing is a major process in the development life cycle
D) It provides documentation of the reusable, secure process
A) Proves that threat analysis and investigation was done looking for ways to break the software
B) Prove that there is a process in place that proactively monitors new threats
C) Prove that testing is a major process in the development life cycle
D) It provides documentation of the reusable, secure process
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
38
Which is the most threatens to a software during the maintenance phase?
A) Change Request Board
B) software upgrades
C) Change Requests
D) no testing procedures
A) Change Request Board
B) software upgrades
C) Change Requests
D) no testing procedures
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
39
What is one way you can improve your ability to provide meaningful estimates?
A) keep a daily journal of how long each code module takes to code
B) exagerate more hours
C) let someone else estimate
D) work as long as it takes to make the deadlines
A) keep a daily journal of how long each code module takes to code
B) exagerate more hours
C) let someone else estimate
D) work as long as it takes to make the deadlines
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
40
What type of report is reactive?
A) Application Guide
B) Misuse Case
C) Incident
D) Test script
A) Application Guide
B) Misuse Case
C) Incident
D) Test script
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
41
When should an incident report be released?
A) As soon as one is found
B) After a Resolution is found
C) ASAP
D) Right after the verification of the attack
A) As soon as one is found
B) After a Resolution is found
C) ASAP
D) Right after the verification of the attack
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
42
What is the best way to be proactive in solving application errors?
A) Test more
B) Monitor error logs
C) Re-read the use case document
D) Wait for the user to open a Change Request
A) Test more
B) Monitor error logs
C) Re-read the use case document
D) Wait for the user to open a Change Request
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
43
What is the first thing the develop can rely on when an attack occurs to the Application Guide?
A) look at the code
B) view error logs
C) rely on the Are You Ready section of the Application Guide
D) wait for CCB direction
A) look at the code
B) view error logs
C) rely on the Are You Ready section of the Application Guide
D) wait for CCB direction
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 43 flashcards in this deck.
