___________ can help prevent buffer overflow attacks, or other attacks where an entity enters input into the software. This is performed by ensuring that the input's contents are appropriate and do not contribute to an attack before allowing the input to be accepted.Question 11Answera.Obfuscationb.Input obscurityc.User verificationd.Input validationClear my choiceQuestion 12Not yet answeredPoints out of 1.00Flag questionTipsQuestion textThe ________ phase of the software development lifecycle (SDLC) involves identifying the requirements and overall structure of the software which is the foundation of the development process.Question 12Answera.Maintenanceb.Requirementsc.Implementation (Coding)d.TestingClear my choiceQuestion 13Not yet answeredPoints out of 1.00Flag questionTipsQuestion textAn attacker wanting to elevate their privileges would look to exploit _______ vulnerabilities.Question 13Answera.Admissionb.Authenticationc.Authorizationd.AccessClear my choiceQuestion 14Not yet answeredPoints out of 1.00Flag questionTipsQuestion textThe first phase of the software development lifecycle (SDLC) is _________.Question 14Answera.Releaseb.Testingc.Requirement Specificationd.DesignClear my choiceQuestion 15Not yet answeredPoints out of 1.00Flag questionTipsQuestion textPerhaps the most important trait of software, ________ requires that software adheres to its requirements and specifications, enabling users to trust that the software will work as expected.Question 15Answera.Simplicityb.Validationc.Reliabilityd.Compartmentalization

In the context of secure software, content filters are mechanisms to _________ at the application level, or through application software.Question 1Answera.Maintain that design objectives have been adequately metb.Examine the software for the discovery of flaws in design and implementationc.Identify and prevent malicious traffic (input) from being entered or executedd.Ensure that coding standards are effectively maintainedClear my choiceQuestion 2Not yet answeredPoints out of 1.00Flag questionTipsQuestion textAccording to the principles of software security architecture, developers should try to keep from relying solely on __________ as a means of security when modularizing a design.Question 2Answera.Obfuscationb.Veracityc.Encapsulationd.ImplementationClear my choiceQuestion 3Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn the testing phase of secure software, _________ involve mathematical arguments to test and prove the software's correctness as well as decrease the number of vulnerabilities in the software.Question 3Answera.Dynamic analysesb.Code reviewsc.Exception testsd.Formal methodsClear my choiceQuestion 4Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhich of the following is a method for damage confinement in secure software?Question 4Answera.Implement defense in depth through layered security mechanisms.b.Develop a testing strategy for coding practices.c.Limit default actions in cases of system failures.d.None of the above.Clear my choiceQuestion 5Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhich of the following attributes of software must be confirmed to meet the primary software security testing goal?Question 5Answera.Absence of exploitable weaknesses.b.Predictably secure behavior.c.Security-aware error and exception handling.d.All of the above.

Which is an attack against an application that parses XML inputInjectionXXEXXSInput validation

Which of the following measures can prevent injection attacks? Select all that apply.Data sanitizationInput validationLog analysis systemsFlood guards

What are some common ways to prevent buffer overflows?Select one:a.Input validation and sanitizationb.Memory protection techniques such as stack canaries and DEPc.Proper error handling and exception handlingd.All of the above

___________________ vulnerabilities may be exploited for a man in the middle attack.Question 2Answera.Transferb.Communicationc.Datad.SharingClear my choiceQuestion 3Not yet answeredPoints out of 1.00Flag questionTipsQuestion text_______ is a desirable software trait simply because it is easier to find errors in software with this trait than it is to search through numerous classes to find errors in software that has many more unnecessary lines of code written.Question 3Answera.Traceabilityb.Predictabilityc.Dependabilityd.None of the aboveClear my choiceQuestion 4Not yet answeredPoints out of 1.00Flag questionTipsQuestion textAttackers often use _________ to force software into a stage whereby the attacker can change the value of variables in order to change the functionality of the software or gain access to the system.Question 4Answera.Countermeasureb.Vulnerabilityc.Errord.OverflowClear my choiceQuestion 5Not yet answeredPoints out of 1.00Flag questionTipsQuestion text__________ attack occurs when an attacker takes advantage of buffer data that is stored in the program's runtime stack where local variables and functions are stored in memory, making it easy for an attacker to figure out exactly which memory to overwrite.Question 5Answera.Dynamic deallocationb.Buffer deallocationc.Heap overflowd.Stack overflowClear my choice