Que- What is a Range check?
a. Check that the input does not exceed some maximum size e.g. 40 characters for a name
b. Check that the input falls within a known range
c. Use information about the input to check if it is reasonable rather than an extreme value
d. None of the mentioned
Answer- Check that the input falls within a known range
Que- Which of the following is a layer of protection for Security ?
a. Platform-level protection
b. Application-level protection
c. Record-level protection
d. All of the mentioned
Answer- All of the mentioned
Que- Security engineering is only concerned with maintenance of systems such that they can resist malicious attacks.
a. TRUE
b. FALSE
c. Nothing Can be Said
d. None of the mentioned
Answer- FALSE
Que- What are security controls ?
a. Controls that are intended to ensure that attacks are unsuccessful
b. Controls that are intended to detect and repel attacks
c. Controls that are intended to support recovery from problems
d. All of the mentioned
Answer- All of the mentioned
Que- Controls that are intended to repel attacks is analogous to ____________ in dependability engineering.
a. Fault avoidance
b. Fault tolerance
c. Fault detection
d. None of the mentioned
Answer- Fault tolerance
Que- Controls that are intended to ensure that attacks are unsuccessful is analogous to ____________ in dependability engineering.
a. Fault avoidance
b. Fault tolerance
c. Fault detection
d. Fault Recovery
Answer- Fault avoidance
Que- What is Life cycle risk assessment ?
a. Risk assessment before the system has been deployed
b. Risk assessment while the system is being developed
c. All of the mentioned
d. None of the mentioned
Answer- All of the mentioned
Que- A system resource that has a value and has to be protected is known as
a. Asset
b. Control
c. Vulnerability
d. None of the mentioned
Answer- Asset
Que- An impersonation of an authorised user is an example of a security threat.
a. TRUE
b. FALSE
c. Nothing Can be Said
d. None of the mentioned
Answer- FALSE
Que- The records of each patient that is receiving or has received treatment resembles which security concept ?
a. Asset
b. Threat
c. Vulnerability
d. Control
Answer- Asset
Que- Circumstances that have potential to cause loss or harm is known as
a. Attack
b. Threat
c. Vulnerability
d. Control
Answer- Threat
Que- Static Analysis involves executing a program.
a. TRUE
b. FALSE
c. Nothing Can be Said
d. None of the mentioned
Answer- FALSE
Que- Which of the following is a technique covered in Static Analysis ?
a. Formal verification
b. Model checking
c. Automated program analysis
d. All of the mentioned
Answer- All of the mentioned
Que- Select the disadvantage of using Formal methods
a. Concurrent systems can be analysed to discover race conditions that might lead to deadlock
b. Producing a mathematical specification requires a detailed analysis of the requirements
c. They require the use of specialised notations that cannot be understood by domain experts
d. All of the mentioned
Answer- They require the use of specialised notations that cannot be understood by domain experts
Que- Which of the following is incorrect with respect to Model Checking?
a. Model checking is particularly valuable for verifying concurrent systems
b. Model checking is computationally very inexpensive
c. The model checker explores all possible paths through the model
d. All of the mentioned
Answer- Model checking is computationally very inexpensive
Que- Choose the fault class in which the following automated static analysis check would fall:"Variables declared but never used".
a. Control Faults
b. Data Faults
c. Input/Output Faults
d. Interface faults
Answer- Data Faults
Que- Choose the fault class in which the following automated static analysis check would fall: "Unreachable code".
a. Control Faults
b. Data Faults
c. Input/Output Faults
d. Interface faults
Answer- Control Faults
Que- Choose the fault class in which the following automated static analysis check would fall:"Non-usage of the results of functions".
a. Storage management faults
b. Data Faults
c. Input/Output Faults
d. Interface faults
Answer- Interface faults
Que- Static analysis is now routinely used in the development of many safety and security critical systems.
a. TRUE
b. FALSE
c. Nothing Can be Said
d. None of the mentioned
Answer- TRUE
Que- Which level of Static Analysis allows specific rules that apply to a program to be checked ?
a. Characteristic error checking
b. User-defined error checking
c. Assertion checking
d. All of the mentioned
Answer- User-defined error checking
Que- Choose the fault class in which the following automated static analysis check would fall:"Pointer Arithmetic".
a. Storage management faults
b. Data Faults
c. Input/Output Faults
d. Interface faults
Answer- Storage management faults
Que- Which is the first step in the software development life cycle ?
a. Analysis
b. Design
c. Problem/Opportunity Identification
d. Development and Documentation
Answer- Problem/Opportunity Identification