Lesson/Domain 6: Telecommunications and networking

advertisement
Lesson/Domain 6: Telecommunications and
networking
Quiz questions
1. The act of two different objects responding to the same command in different ways is
called what?
a. Abstraction
b. Object reuse
c. Polymorphism
d. Polyinstantiation
2. Gathering and uncovering restricted information by using permissible data is referred to
as __________.
a. Aggregation
b. Data mining
c. Perturbation
d. Cell suppression
3. Unit testing is performed in what phase of the software development lifecycle?
a. Acceptance testing/Implementation
b. Operations/Maintenance
c. System design specifications
d. Software development
4. Generation One of program languages includes which of the following?
a. Machine language
b. Assembly language
c. Object-oriented language
d. Artificial intelligence
5. Computer programs that are based on human logic by using "if/then statements" and
inference engines are called _________.
a. ANN
b. Artificial expert systems
c. Expert systems
d. ActiveX
6. What is CORBA?
a. A design framework for applications written in Java
b. A standard to allow communications between programs written in different
languages and platforms
c. A Microsoft model aimed at allowing objects to communicate with objects on
different computers
d. An object-oriented programming language developed by Sun Microsystems
1
7. Polyinstantiation is a technique that is used in databases to thwart what type of threat?
a. Collusion
b. Inference
c. Traffic analysis
d. Zero proof knowledge
8. A processor can work in different modes. If it is working in ‘supervisor' mode, what does
that mean?
a. In cannot accept software or hardware interrupts
b. It is working at a lower privilege than user mode
c. It has access to privileged and non-privileged instruction
d. It is computing non-privileged instructions
9. Your company has several applications that rely on each other for information and
processes. Several of the systems use different programming languages, so each has
adhered to a CORBA framework. When one system sends a request to an object on
another system, what component does the request actually go to?
a. EJB
b. ORB
c. COM
d. Active X
10. Applications and operating systems have several vulnerabilities that can be used for
attacks. Knowing these weaknesses is the job of security professionals. One attack is
when one process modulates its resource as a way of communicating to another
process. What is this called?
a. Overt timing channel
b. Covert timing channel
c. Overt storage channel
d. Covert storage channel
11. The Capability Maturity Model has five maturity levels that can be assigned to software
development companies after a certification process. Which of the following lists the
correct five levels?
a. Initial, Repeatable, Qualified, Managed, Optimizing
b. Initial, Repeatable, Defined, Managed, Optimizing
c. Initial, Repeatable, Defined, Managed, Custom
d. Initial, Non-repeatable, Defined, Managed, Optimizing
12. A company hires a software development company to create a customized application.
The software development company suggests that a software escrow should be set up.
What does this mean?
a. The source code is split up and held at three different agencies to enforce
separation of duties.
b. The source code is split up and held at two different agencies to enforce
separation of duties.
c. A third party will keep a copy of the source code to protect the software
developer.
d. A third party will keep a copy of the source code to protect the customer.
2
13. When multiple databases exchange transactions take place, each database is updated.
This can happen many times and in many different ways. To protect the integrity of the
data, databases should incorporate a concept known as an ACID test. What does this
acronym stand for?
a. Availability, Confidentiality, Integrity, Durability
b. Availability, Consistency, Integrity, Durability
c. Atomicity, Confidentiality, Isolation, Durability
d. Atomicity, Consistency, Isolation, Durability
14. Which of the following best describes the differences between object-oriented databases
and relational databases?
a. Relational databases are more dynamic than object-oriented databases and the
objects contain the procedures within them.
b. Object-oriented databases are more dynamic than relational databases and the
objects contain the procedures within them.
c. Object-oriented databases are more dynamic than relational databases and the
relational tables contain the procedures that interact with the objects.
d. Relational databases are more dynamic than object-oriented databases and the
objects abstract the procedures from the applications.
15. Distributed applications can be written in Java. Which of the following describes the Java
structural design used for developing these types of applications?
a. Enterprise Java Bean (EJB) dictates the protocols, components, and platforms
that have to be implemented to allow different applications to communicate in a
distributed environment.
b. Enterprise Knowledge-based System (EKS) dictates the interfaces that have to
be implemented to allow different applications to communicate in a distributed
environment.
c. Enterprise Java Bean (EJB) dictates the interfaces that have to be implemented
to allow different applications to communicate in a distributed environment.
d. Enterprise Java Bean (EJB) dictates the applets that have to be implemented to
allow different applications to communicate in a single, centralized system.
Answers:
1. C. Polymorphism is a characteristic of object-oriented programming, which allows two
different objects to react differently to the same message. The objects behave differently
depending upon their types and inheritance from their classes.
2. A. Aggregation and inference go hand-in-hand. For example, a user who uses data from
a public database in order to figure out classified information is exercising aggregation
and can then infer the relationship between that data and the data he does not have
access to. This is called an inference attack.
3. D. Unit testing is part of the software development phase. This phase involves the actual
code writing by the developers and the developers testing their own code. Part of code
writing is doing unit testing as different milestones are reached throughout the process.
4. A. Computer programming has gone through many generations of growth. Generation
One is the earliest stage and offers the lowest levels of functionality. Below is the list of
programming generations:
 - One - Machine language
 - Two - Assembly language
 - Three - High-level language
 - Four - Very High-level language
 - Five - Artificial intelligence and natural language
3
5. C. Expert systems are built on the foundation of human logic. The programs use a
knowledge base that is filled with information from subject matter experts. The decisionmaking process involves "if/then" statements and an inference engine.
6. C. Common Object Request Broker Architecture (CORBA) is a standard that enables
objects to communicate with one another regardless of their programming language or
platform type. CORBA was created by the Object Management Group (OMG).
7. B. Polyinstantiation means that a copy of an object is made and the characteristics of the
second object are modified in some way. Within databases this technique can be used to
allow more than one row to contain the same primary key and different classifications.
8. C. A processor can be executing applications in user mode, which is a lower privilege
mode than supervisor mode (also called privileged mode). The processor will execute
instructions in this mode to ensure that rogue code does not access sensitive and critical
system resources. A processor can execute in supervisor mode. This usually takes place
when a process of high system privilege sends a request to the processor. If the
processor is in supervisor mode it has access to user-level (non-privileged) and
supervisor (privileged) code.
9. B. Platforms using the CORBA standards use object request brokers (ORB) to allow
client\server software to communicate to each other. So, when a client sends a request to
the server portion of the software, the message first goes to the ORB. The ORB is
responsible for knowing where the server software is located and sending the request to
it.
10. B. Covert channels are ways that attackers can allow processes to use items for
communication. The items were not developed and used for communication purposes in
this way. A covert channel is the act of using an unintended communication path to send
and receive messages. An overt channel is using a communication path that was
intended for communication.
11. B. There are five maturity levels used:
 Initial -- development process is ad hoc or even chaotic. The company does not use
effective management procedures and plans. No assurance of consistency and
quality is unpredictable.
 Repeatable -- A formal management structure, change control, and quality assurance
is in place. The company can properly repeat processes throughout each project.
The company does not have formal process model defined.
 Defined -- Formal procedures are in place that outline and define processes that are
carried out in each project. The organization has a way to allow for quantitative
process improvement.
 Managed -- The company has formal processes in place to collect and analyze
qualitative data, and metrics are defined and fed into the process improvement
program.
 Optimizing -- The company has budged and integrated plans for continuous process
improvement.
12. D. Software escrow means that there is a third party involved. This third party will keep a
copy of the source code, and possibly other materials, which will only be released to the
customer if specific circumstances arrive, mainly if the vendor who developed the code
goes out of business or for some reason is not meeting its obligations and
responsibilities. This is put into place to protect the customer, because it has paid for this
source code to be developed.
13. D. The ACID test concept should be incorporated into the software of a database. ACID
means:
 Atomicity -- divides transactions into units of work and ensures that all modifications
take effect or none take effect. The changes are either committed or the database is
rolled back.
 Consistency -- a transaction must follow the integrity policy developed for that
particular database and ensure that all data is consistent in the different databases.
 Isolation -- transactions execute in isolation until completed, without interacting with
other transactions. The results of the modification are not available until the
transaction is completed.
4

Durability -- once the transaction is verified as accurate on all systems it is committed
and the databases cannot be rolled back.
14. B. An object-oriented database is more dynamic in nature when compared to a relational
database because objects can be created when needed and the data and procedure go
with the object when it is requested. In a relational database an application uses its
procedures to obtain data from the database, the database does not actually provide
procedures as object-oriented databases do. The object-oriented database has classes
to define the attributes and procedures of its objects.
15. C. Enterprise Java Bean (EJB) is a structural design for the development and
implementation of distributed applications written in Java. The EJB provides interfaces
and methods to allow different applications to be able to communicate across a
networked environment. Java is a multi-platform language. The applications are not tied
to specific protocols.
Return to SearchSecurity.com’s Security School for CISSP training:
CISSP Essentials library:
http://www.searchsecurity.com/CISSPessentials
Class 6 briefing:
http://www.searchsecurity.com/Class6spotlight
5
Download