Testing Q Is Violet
Testing Q Is Violet
Software Construction
Questions Bank
Choose the right answers
1. What is software?
a) set of programs b) documentation and configuration of data
c) set of programs, documentation & configuration of data d) None of the mentioned
2. Which of these software engineering activities are not a part of software processes?
a)Software dependence b) Software development
c) Software validation d) Software specification
3. Which of these is true?
a) Generic products and customized products are types of software products
b) Generic products are produced by organization and sold to open market
c) Customized products are commissioned by particular customer
d) All of the mentioned
4. Early increments act as a prototype to help elicit requirements for later increments.
a)true b)false
5. A weakness in a computer-based system that may be exploited to cause loss or harm is known as?
a. Vulnerability b. Attack c. Threat d. Exposure
6. A password checking system that disallows user passwords that are proper names or words that are normally
included in a dictionary is an example of ___________ with respect to security systems.
a. Risk b. Control c. Attack d. Asset
7. At which stage of risk analysis specification, the additional security requirements take account of the
technologies used in building the system and system design and implementation decisions?
a. Preliminary risk analysis b. life-cycle risk analysis
c. Operational risk analysis d. All of the mentioned
8. Which of the following known as the ability of the system to deliver service as specified?
a. Availability b. reliability c. security d. safety
9. Which one of the following threats allow an attacker to make part of the system unavailable?
a. Interruption b. Interception c. Fabrication d. Modification
10. A system resource that has a value and has to be protected is known as
a. Asset b. Control c. Vulnerability d. Attack
11. The records of each patient that is receiving or has received treatment resembles which security concept?
a. Asset b. Threat c. Vulnerability d. Control
12. Circumstances that have potential to cause loss or harm is known as
a. Attack b. Threat c. Vulnerability d. Control
13. Threats that allow an attacker to insert false information into a system known as ….
a. Interruption b. Interception c. Fabrication d. Modification
14. The determination of the identity or role that someone has Known as….
a. Authentication b. Authorization c. Accounting d. Intrusion detection
15. In computer security, ……. means that the information in a computer system only is accessible for reading by
authorized users
a. Confidentiality b. Integrity c. Availability d. Authenticity
16. Possible loss or harm to a computing system known as……………………..
a. Attack b. Vulnerability c. Threat d. Exposure
17. Which security requirements used to specify what mechanisms should be used to detect attacks on the system?
a. Security auditing b. Immunity c. Non-repudiation d. Intrusion detection
18. Which security requirements used to specify how a system should protect itself against viruses, worms, and
similar threats?
a. Authentication b. Immunity c. Non-repudiation d. Intrusion detection
19. Which security requirements used to specify that a party in a transaction cannot deny its involvement in that
transaction?
a. Privacy b. Integrity c. Non-repudiation d. Intrusion detection
20. Which security design guideline means that you should not rely on a single mechanism to ensure security;
rather, you should employ several different techniques?
a. Avoid a single point of failure b. fail securely c. Compartmentalize your assets d. Log user actions
21. Which of these is true?
a. Interruption threats allow an attacker to make part of the system unavailable.
b. Fabrication threats attackers alters or destroys data.
c. Modification threats allow an attacker to add false information to system
d. Interruption threats allow an attacker to gain access to an asset.
22. In computer security … means that computer system assets can be modified only by authorized parities.
a. Confidentiality b. Authenticity c. Availability d. Integrity
23. Which risk assessment process assesses the potential losses associated with each asset?
a. Feasibility assessment b. Asset value assessment c. Attack assessment d. Exposure assessment
24. Which risk assessment process decompose threats into possible attacks on the system and the ways that these
may occur?
a. Threat identification b. Asset value assessment c. Attack assessment d. Exposure assessment
25. Which security design guideline means that you keep multiple copies of data?
a. Avoid a single point of failure b. fail securely c. Compartmentalize your assets d. Use redundancy
26. Which security design guideline means that you should organize the system so that assets are in separate areas?
a. Avoid a single point of failure b. fail securely c. Compartmentalize your assets d. Use redundancy
27. A security test in which a tester looks for ways to exploit vulnerabilities and gain access to a system and include
a post-test report describing vulnerabilities to the developer/programmer. known as
a. Ethical Hacking b. Scanning c. Exploitation d. Confidentiality
28. Which of the following tool used to scan the ports on each of the IP addresses ?
a. Whois b. harvester c. Nmap d. Hmap
29. Which phase concerned with gathering information’s in pen test?
a. Reporting b. Reconnaissance c. Pre engagement d. Scanning
a. Malicious software b. Security software c. Bad software d. Dependable software
30. The probability that the system will be up and running and able to deliver useful services to users known as ….
a. Security b. Availability c. Error tolerance d. Reliability
31. The system’s ability to protect itself from external attacks which may be accidental or deliberate known as ……
a. Safety b. Usability c. Security d. Reliability
32. Which of the following is true with respect to the harvester tool?
a. The harvester is a web-based tool used to obtain information about subdomains of the target.
b. The harvester used to scan the ports on each of the IP addresses.
c. The harvester retrieves emails, subdomains, and hosts that are associated with the target.
d. The harvester identify which ports are open and determine what services are available on our target system.
33. Which phase resembles knocking on the various doors and windows of a house and seeing who answering in
pen test?
a. Reporting b. Reconnaissance c. Pre engagement d. Scanning
34. In MVC pattern which component manages how the data is presented to the user?
a. View b. Controller c. Model d. View and model
35. In MVC pattern which component manages user interaction?
a. View b. Controller c. Model d. View and model
36. Which architecture pattern describes how a set of interacting components can share data?
a. Model-view-controller b. Architecture pattern c. Repository pattern d. Client server pattern
37. Which of the following pattern is the basis of interaction management in many web-based systems?
a. Model-view-controller b. Architecture pattern c. Repository pattern d. Client server pattern
38. If ……….is a critical requirement, a layered structure for the architecture should be used.
a. Performance b. Usability c. Reliability d. Security
39. In MVC pattern which component manages the system data and associated operations on that
data?
a. View b. Controller c. Model d. View and model
40. In Pipe and filter architecture filter is
a. Data Flow b. Component c. Connector d. None of the mentioned
41. Which phase concerned with plan and prepare the scope of the penetration test?
a. Reporting b. Reconnaissance c. Pre engagement d. Scanning
42. Which of the following property does not correspond to a good Software Requirements Specification
(SRS)?
a. Verifiable b. Ambiguous c. Complete d. Traceable
43. Scenarios that represent malicious interactions with a system is …….
a. Test case b. Misuse cases c. Up use case d. Use case
44. The ability of system to work without catastrophic failures ……
72. When Software written in such a way so that it can evolve to meet the changing needs of
customers this known as …….
a. Efficiency b. Dependability c. Security d. Maintainability
73. Open source licensing model that called ‘reciprocal’ license that means that if you use open
source software then you must make that software open source is …..
a. The GNU General Public License (GPL)
b. The GNU Lesser General Public License (LGPL)
c. The Berkley Standard Distribution (BSD) License
d. none of the mentioned
74. Subversion is a widely used example of a centralized Version control systems. (T/F)
75. In customized products the specification of what the software should do is owned by ……
a. Customer b. Developer c. Tester d. none of the mentioned