46.
Tests that are conducted to determine the breaking point of the software
after which the software will no longer be functional is characteristic
of which of the following types of software testing?
- A.Regression
- B.Stress
- C.Integration
- D.Simulation
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| The goal of stress testing is to determine if the software will continue to operate reliably under duress or extreme conditions. Often the resources that the software needs is taken away from the software and the software’s behavior observed as part of the stress test. |
47.
Which of the following tools or techniques can be used to facilitate the
white box testing of software for insider threats?
- A.Source code analyzers
- B.Fuzzers
- C.Banner grabbing software
- D.Scanners
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| White box testing or structural analysis is about testing the software with prior knowledge of the code and configuration. Source code review is a type of white box testing. Embedded code issues such as Trojan horses, logic bomb etc. that are implanted by insiders can be detected using source code analyzers. |
48.
When very limited or no knowledge of the software is made known to
the software tester before she can test for its resiliency, it is characteristic
of which of the following types of security tests?
- A.White box
- B.Black box
- C.Clear box
- D.Glass box
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| In black box or behavioral testing, test conditions are developed on the basis of the program’s or system’s functionality; that is, the tester requires information about the input data and observed output, but does not know how the program or system works. The tester focuses on testing the program’s behavior (or functionality) against the specification. With black box testing, the tester views the program as a black box and is completely unconcerned with the internal structure of the program or system. In white box or structural testing, the tester knows the internal program structure such as paths, statement coverage, branching, and logic. White box testing is also referred to as clear box or glass box testing. Gray box testing is a software testing technique that uses a combination of black box and white box testing. |
49.
Penetration testing must be conducted with properly defined
- A.rules of engagement.
- B.role based access control mechanisms.
- C.threat models.
- D.use cases.
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Penetration testing must be controlled and not ad hoc in nature with properly defined rules of engagement. |
50.
Testing for the randomness of session identifiers and the presence of
auditing capabilities provides the software team insight into which of
the following security controls?
- A.Availability.
- B.Authentication.
- C.Non-repudiation.
- D.Authorization.
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| When session management is in place, it provides for authentication and when authentication is combined with auditing capabilities, it provides nonrepudiation i.e., the authenticated user cannot claim broken sessions and intercepted authentication and deny their user actions due to the audit logs recording their actions. |
|
|
||||||||||||||||||||||||||||
