Lesson/Domain 6: Telecommunications and networking Quiz questions 1. The act of two different objects responding to the same command in different ways is called what? a. Abstraction b. Object reuse c. Polymorphism d. Polyinstantiation 2. Gathering and uncovering restricted information by using permissible data is referred to as __________. a. Aggregation b. Data mining c. Perturbation d. Cell suppression 3. Unit testing is performed in what phase of the software development lifecycle? a. Acceptance testing/Implementation b. Operations/Maintenance c. System design specifications d. Software development 4. Generation One of program languages includes which of the following? a. Machine language b. Assembly language c. Object-oriented language d. Artificial intelligence 5. Computer programs that are based on human logic by using "if/then statements" and inference engines are called _________. a. ANN b. Artificial expert systems c. Expert systems d. ActiveX 6. What is CORBA? a. A design framework for applications written in Java b. A standard to allow communications between programs written in different languages and platforms c. A Microsoft model aimed at allowing objects to communicate with objects on different computers d. An object-oriented programming language developed by Sun Microsystems 1 7. Polyinstantiation is a technique that is used in databases to thwart what type of threat? a. Collusion b. Inference c. Traffic analysis d. Zero proof knowledge 8. A processor can work in different modes. If it is working in ‘supervisor' mode, what does that mean? a. In cannot accept software or hardware interrupts b. It is working at a lower privilege than user mode c. It has access to privileged and non-privileged instruction d. It is computing non-privileged instructions 9. Your company has several applications that rely on each other for information and processes. Several of the systems use different programming languages, so each has adhered to a CORBA framework. When one system sends a request to an object on another system, what component does the request actually go to? a. EJB b. ORB c. COM d. Active X 10. Applications and operating systems have several vulnerabilities that can be used for attacks. Knowing these weaknesses is the job of security professionals. One attack is when one process modulates its resource as a way of communicating to another process. What is this called? a. Overt timing channel b. Covert timing channel c. Overt storage channel d. Covert storage channel 11. The Capability Maturity Model has five maturity levels that can be assigned to software development companies after a certification process. Which of the following lists the correct five levels? a. Initial, Repeatable, Qualified, Managed, Optimizing b. Initial, Repeatable, Defined, Managed, Optimizing c. Initial, Repeatable, Defined, Managed, Custom d. Initial, Non-repeatable, Defined, Managed, Optimizing 12. A company hires a software development company to create a customized application. The software development company suggests that a software escrow should be set up. What does this mean? a. The source code is split up and held at three different agencies to enforce separation of duties. b. The source code is split up and held at two different agencies to enforce separation of duties. c. A third party will keep a copy of the source code to protect the software developer. d. A third party will keep a copy of the source code to protect the customer. 2 13. When multiple databases exchange transactions take place, each database is updated. This can happen many times and in many different ways. To protect the integrity of the data, databases should incorporate a concept known as an ACID test. What does this acronym stand for? a. Availability, Confidentiality, Integrity, Durability b. Availability, Consistency, Integrity, Durability c. Atomicity, Confidentiality, Isolation, Durability d. Atomicity, Consistency, Isolation, Durability 14. Which of the following best describes the differences between object-oriented databases and relational databases? a. Relational databases are more dynamic than object-oriented databases and the objects contain the procedures within them. b. Object-oriented databases are more dynamic than relational databases and the objects contain the procedures within them. c. Object-oriented databases are more dynamic than relational databases and the relational tables contain the procedures that interact with the objects. d. Relational databases are more dynamic than object-oriented databases and the objects abstract the procedures from the applications. 15. Distributed applications can be written in Java. Which of the following describes the Java structural design used for developing these types of applications? a. Enterprise Java Bean (EJB) dictates the protocols, components, and platforms that have to be implemented to allow different applications to communicate in a distributed environment. b. Enterprise Knowledge-based System (EKS) dictates the interfaces that have to be implemented to allow different applications to communicate in a distributed environment. c. Enterprise Java Bean (EJB) dictates the interfaces that have to be implemented to allow different applications to communicate in a distributed environment. d. Enterprise Java Bean (EJB) dictates the applets that have to be implemented to allow different applications to communicate in a single, centralized system. Answers: 1. C. Polymorphism is a characteristic of object-oriented programming, which allows two different objects to react differently to the same message. The objects behave differently depending upon their types and inheritance from their classes. 2. A. Aggregation and inference go hand-in-hand. For example, a user who uses data from a public database in order to figure out classified information is exercising aggregation and can then infer the relationship between that data and the data he does not have access to. This is called an inference attack. 3. D. Unit testing is part of the software development phase. This phase involves the actual code writing by the developers and the developers testing their own code. Part of code writing is doing unit testing as different milestones are reached throughout the process. 4. A. Computer programming has gone through many generations of growth. Generation One is the earliest stage and offers the lowest levels of functionality. Below is the list of programming generations: - One - Machine language - Two - Assembly language - Three - High-level language - Four - Very High-level language - Five - Artificial intelligence and natural language 3 5. C. Expert systems are built on the foundation of human logic. The programs use a knowledge base that is filled with information from subject matter experts. The decisionmaking process involves "if/then" statements and an inference engine. 6. C. Common Object Request Broker Architecture (CORBA) is a standard that enables objects to communicate with one another regardless of their programming language or platform type. CORBA was created by the Object Management Group (OMG). 7. B. Polyinstantiation means that a copy of an object is made and the characteristics of the second object are modified in some way. Within databases this technique can be used to allow more than one row to contain the same primary key and different classifications. 8. C. A processor can be executing applications in user mode, which is a lower privilege mode than supervisor mode (also called privileged mode). The processor will execute instructions in this mode to ensure that rogue code does not access sensitive and critical system resources. A processor can execute in supervisor mode. This usually takes place when a process of high system privilege sends a request to the processor. If the processor is in supervisor mode it has access to user-level (non-privileged) and supervisor (privileged) code. 9. B. Platforms using the CORBA standards use object request brokers (ORB) to allow client\server software to communicate to each other. So, when a client sends a request to the server portion of the software, the message first goes to the ORB. The ORB is responsible for knowing where the server software is located and sending the request to it. 10. B. Covert channels are ways that attackers can allow processes to use items for communication. The items were not developed and used for communication purposes in this way. A covert channel is the act of using an unintended communication path to send and receive messages. An overt channel is using a communication path that was intended for communication. 11. B. There are five maturity levels used: Initial -- development process is ad hoc or even chaotic. The company does not use effective management procedures and plans. No assurance of consistency and quality is unpredictable. Repeatable -- A formal management structure, change control, and quality assurance is in place. The company can properly repeat processes throughout each project. The company does not have formal process model defined. Defined -- Formal procedures are in place that outline and define processes that are carried out in each project. The organization has a way to allow for quantitative process improvement. Managed -- The company has formal processes in place to collect and analyze qualitative data, and metrics are defined and fed into the process improvement program. Optimizing -- The company has budged and integrated plans for continuous process improvement. 12. D. Software escrow means that there is a third party involved. This third party will keep a copy of the source code, and possibly other materials, which will only be released to the customer if specific circumstances arrive, mainly if the vendor who developed the code goes out of business or for some reason is not meeting its obligations and responsibilities. This is put into place to protect the customer, because it has paid for this source code to be developed. 13. D. The ACID test concept should be incorporated into the software of a database. ACID means: Atomicity -- divides transactions into units of work and ensures that all modifications take effect or none take effect. The changes are either committed or the database is rolled back. Consistency -- a transaction must follow the integrity policy developed for that particular database and ensure that all data is consistent in the different databases. Isolation -- transactions execute in isolation until completed, without interacting with other transactions. The results of the modification are not available until the transaction is completed. 4 Durability -- once the transaction is verified as accurate on all systems it is committed and the databases cannot be rolled back. 14. B. An object-oriented database is more dynamic in nature when compared to a relational database because objects can be created when needed and the data and procedure go with the object when it is requested. In a relational database an application uses its procedures to obtain data from the database, the database does not actually provide procedures as object-oriented databases do. The object-oriented database has classes to define the attributes and procedures of its objects. 15. C. Enterprise Java Bean (EJB) is a structural design for the development and implementation of distributed applications written in Java. The EJB provides interfaces and methods to allow different applications to be able to communicate across a networked environment. Java is a multi-platform language. The applications are not tied to specific protocols. Return to SearchSecurity.com’s Security School for CISSP training: CISSP Essentials library: http://www.searchsecurity.com/CISSPessentials Class 6 briefing: http://www.searchsecurity.com/Class6spotlight 5