CERTIPORT SOFTWARE DEVELOPMENT
ACTUAL TEST QUESTIONS WITH VERIFIED
ANSWERS COMPLETE EXAM REVIEW
●● 2. Which of the following is a common way that attackers leverage
botnets?
A. Sending spam messages
B. Conducting brute-force attacks
C. Scanning for vulnerable systems
D. All of the above
Answer: D. All of the above
●● 3. Which one of the following statements is not true about code
review?
A. Code review should be a peer-driven process that includes multiple
developers.
B. Code review may be automated.
C. Code review occurs during thebdesign phase.
D. Code reviewers may expect to review several hundred lines of code
per hour.
Answer: C. Code review occurs during the design phase.
,●● 4. Harold's conpany has a strong password policy that requires a
minimum length of 12 characters and the use of both alphanumeric
characters and symbols. What technique would be the most effective
way for an attacker to compromise passwords in Harold's organization?
A. Brute-force attack
B. Dictionary attack
C. Rainbow table attack
D. Social engineering attack
Answer: D. Social engineering attack
●● 5. Which process is responsible for ensuring that changes to software
include acceptance testing?
A. Request control
B. Change control
C. Release control
D. Configuration control
Answer: C. Release control
●● 6. Which one of the following attack types attempts to exploit the
trust relationship that a user's browser has with other websites by forcing
the submission of an authenticated request to a third-party site?
A. XSS
B. CSRF
C. SQL injection
,D. Session hijacking
Answer: B. CSRF
●● 7. When using the SDLC, which one of these steps should you take
before the others?
A. Functional requirements determination
B. Control specifications development
C. Code review
D. Design review
Answer: A. Functional requirements determination
●● 8. Jaime is a technical support analyst and is asked to visit a user
whose computer is displaying the error message shown here. What state
has this computer entered? Refer to page 161 in the book.
A. Fall open
B. Irrecoverable error
C. Memory exhaustion
D. Fail secure
Answer: D. Fail secure
●● 9. Which one of the following is not a goal of software threat
modeling?
A.To reduce the number of security-related design flaws
, B. To reduce the number of security-related coding flaws
C. To reduce the severity of non-security flaws
D. To reduce the number of threat vectors
Answer: D. To reduce the number of threat vectors
●● 10. In the diagram shown here, which is an example of method?
ACCOUNT
Balance: currency=0
Owner: string
AddFunds(deposit: currency)
RemoveFunds (withdrawal: currency)
A. Account
B. Owner
C. Add Funds
D. None of theabovr
Answer: C. Add Funds
●● 11. Which one of the following is considered primary storage?
A. Memory
B. Hard disk
C. Flash drive
D. DVD
ACTUAL TEST QUESTIONS WITH VERIFIED
ANSWERS COMPLETE EXAM REVIEW
●● 2. Which of the following is a common way that attackers leverage
botnets?
A. Sending spam messages
B. Conducting brute-force attacks
C. Scanning for vulnerable systems
D. All of the above
Answer: D. All of the above
●● 3. Which one of the following statements is not true about code
review?
A. Code review should be a peer-driven process that includes multiple
developers.
B. Code review may be automated.
C. Code review occurs during thebdesign phase.
D. Code reviewers may expect to review several hundred lines of code
per hour.
Answer: C. Code review occurs during the design phase.
,●● 4. Harold's conpany has a strong password policy that requires a
minimum length of 12 characters and the use of both alphanumeric
characters and symbols. What technique would be the most effective
way for an attacker to compromise passwords in Harold's organization?
A. Brute-force attack
B. Dictionary attack
C. Rainbow table attack
D. Social engineering attack
Answer: D. Social engineering attack
●● 5. Which process is responsible for ensuring that changes to software
include acceptance testing?
A. Request control
B. Change control
C. Release control
D. Configuration control
Answer: C. Release control
●● 6. Which one of the following attack types attempts to exploit the
trust relationship that a user's browser has with other websites by forcing
the submission of an authenticated request to a third-party site?
A. XSS
B. CSRF
C. SQL injection
,D. Session hijacking
Answer: B. CSRF
●● 7. When using the SDLC, which one of these steps should you take
before the others?
A. Functional requirements determination
B. Control specifications development
C. Code review
D. Design review
Answer: A. Functional requirements determination
●● 8. Jaime is a technical support analyst and is asked to visit a user
whose computer is displaying the error message shown here. What state
has this computer entered? Refer to page 161 in the book.
A. Fall open
B. Irrecoverable error
C. Memory exhaustion
D. Fail secure
Answer: D. Fail secure
●● 9. Which one of the following is not a goal of software threat
modeling?
A.To reduce the number of security-related design flaws
, B. To reduce the number of security-related coding flaws
C. To reduce the severity of non-security flaws
D. To reduce the number of threat vectors
Answer: D. To reduce the number of threat vectors
●● 10. In the diagram shown here, which is an example of method?
ACCOUNT
Balance: currency=0
Owner: string
AddFunds(deposit: currency)
RemoveFunds (withdrawal: currency)
A. Account
B. Owner
C. Add Funds
D. None of theabovr
Answer: C. Add Funds
●● 11. Which one of the following is considered primary storage?
A. Memory
B. Hard disk
C. Flash drive
D. DVD