Software Development Control Overview

Create databases and data warehouses

memory threats

Understand knowledge-based systems

Explain the basic architecture of a relational database management system (RDBMS). Understand the structure of relational databases. Ability to explain the functionality of tables (relationships, rows (records/tuples), and columns (fields/properties). Know how to define relationships between tables and various types of keys. Describe database security threats posed by aggregation and inference.

Explain how expert systems, machine learning, and neural networks work. The expert system consists of two main components: a knowledge base containing a series of irthen rules; and an inference engine that uses the knowledge base information to obtain other data. Machine learning technology attempts to discover knowledge from data through algorithms. Neural networks simulate the operation of the human brain and solve problems by arranging a series of hierarchical calculations within a limited scope. Neural networks require extensive training on a specific problem before they can provide a solution.

Understand models for system development. The waterfall model describes a continuous development process that results in the development of a final product. If an error is found, the developer can only roll back to the previous stage. The spiral model iterates through several waterfall models, resulting in multiple detailed and fully tested prototypes. Agile development models focus on customer needs and rapidly develop new features to meet those needs in an iterative manner.

Explain the Scrum methodology in agile software development. Scrum is an organized approach to implementing the Agile philosophy. It relies on daily Scrum meetings to organize and review work. Development is a short sprint of activities focused on delivering a finished product. The Integrated Product Team IPT is an early example of this approach adopted by the U.S. Department of Defense.

Describe the software development maturity model. Know that the maturity model is designed to help organizations improve the maturity and quality of the software development process by developing ad hoc, chaotic software processes into mature, standardized software development processes. Ability to describe SW-CMM, IDEAL and SAMM models.

Understand the importance of change and configuration management. Know the three basic components of the change management process - request control, change control and release control - and how they contribute to security. Explain how configuration management controls the versions of software used in an organization. Understand how auditing and logging of changes can mitigate organizational risk.

Understand the importance of testing. Software testing should be designed as part of the software development process. Software testing should be used as a management tool to improve the design, development, and production processes.

Explain the role of DevOps and DevSecOps in the modern enterprise. The DevOps approach seeks to integrate software development and IT operations by supporting automation and collaboration between teams. The DevSecOps approach extends the DevOps model by introducing security operations activities into an integrated model. Continuous Integration and Delivery (CICD) technology automates DevOps and DevSecOps pipelines.

Understand the role of different coding tools in the software development ecosystem. Developers write code in different programming languages ​​and then compile the code into machine language or execute it through an interpreter. Developers can use software development toolsets and integrated development environments to facilitate the coding process. Software libraries create shared and reusable code, while code repositories provide a management platform for the software development process.

Explain the impact of procurement software on the organization. Organizations can purchase commercial off-the-shelf (COTS) software to meet their needs, or use free open source software (OSS). These software expand the potential attack surface and require security review and testing.

1. Christine is helping her organization deploy code through a Devops approach. Which of the following options does not belong to One of the three components of the DevOps model? A. Information security B. Software development C. Quality Assurance D. IT operations

2.Bob is developing an application software that has an input box where the user can enter a date. He wants to make sure that the value provided by the user is an accurate date in case security issues arise. Which of the following techniques should Bob adopt? A. Multiple instantiation B. Input validation C.Pollution D. Screening

3. Vincent is a software developer working on a backlog of change tasks. He wasn't sure which tasks should have the highest priority. What part of the change management process helps him prioritize tasks? A. Release Control B. Distribution control C. Request control D. Change audit

4 Frank is conducting a risk analysis of his software development environment and wants to introduce a fault management approach that places the system at a high security level in the event of a failure. What method should he use? A. Fail open B. Fault suppression C. Fail closed D.Fault clearing

5. What software development model uses a 7-phase approach with a feedback loop and allows return to the previous phase? A. Boyce-Codd B. Waterfall model C. Spiral model D.Agile development

6. Jane uses threat modeling techniques to conduct threat assessments when formulating security requirements for a software package her team is developing. Under the Software Assurance Maturity Model (SAMM), which business function is she involved in? A.Governance B. Design C. Implementation D. Verify

7.Which of the following keys is used to enforce referential integrity constraints between database tables? A. Candidate key B. Primary key C.Foreign key D. Alternate key

8. Richard believes that a database user abuses his privileges to query and combine data from a large number of records to obtain Get information on the company's overall business trends. What is the process used by users of this database? A. Reasoning B. pollution C.Multiple instantiation D. Aggregation

9. What kind of database technology can prevent unauthorized users from deriving secrets because they do not have access to normally accessible information? information? A. Reasoning B. Manipulation C.Multiple instantiation D. Aggregation

10. Which of the following is not a principle of agile development? A. Continuously deliver early to satisfy customers B. Business people and developers collaborate with each other C. Unremitting pursuit of technical excellence D. Prioritize security over other needs

11 What information is used to form the basis of the decision-making process of an expert system? A. A series of weighted hierarchical calculations B. Combine input from a large pool of human experts, weighted based on past performance C. A series of if/then rules compiled into a knowledge base D. A biological decision-making process that mimics the reasoning processes used by the human mind

12. In the Software Capability Maturity Model SW-CMM, at what stage does an organization reach the point where it can use quantitative methods to gain a detailed understanding of the development process? A. Initial level B. Repeatable level C.Definition level D.Management level

13. Which of the following options acts as a proxy between an application and a database to support interaction and simplify the programmer's work? A.SDLC B.ODBC C.PCIDSS D. abstract

14. In which software test does the tester have access to the underlying source code? A. Static testing B. Dynamic testing C. Cross-site scripting testing D. Black box testing

15. Which type of chart provides a graphical illustration of scheduling to help plan, coordinate, and track project tasks? A. Gantt chart B. Venn diagram C. Bar chart D.PERT

16. Which of the following types of security risks exist in a database when data at a higher classification level is mixed with data at a lower classification level? A. Aggregation B. Reasoning C.Pollution D.Multiple instantiation

17. Tonya is conducting a risk assessment of third-party software packages used within her organization. She plans to purchase a product from a supplier that is very popular in her industry. What term best describes this software? A. Open source B. Custom development C. Enterprise Resource Planning (ERP) D. Commercial off-the-shelf

18. Which of the following is not part of the change management process? A. Request control B. Release Control C.Configuration audit D.Change control

19. What transaction management principles ensure that two transactions do not interfere with each other when operating on the same data? A. Atomicity B. Consistency C. Isolation D.Persistence

20. Tom created a database table that contains names, phone numbers, and business-related customer IDs. This table also contains information about 30 customers. What is the "degree" of this table? A. 2 B.3 C. 30 D.Undefined