Uncategorized

In CMMI (capability maturity model integration) capability and maturity terminologies refer to the same property that on organization may/should have

Posted by author-avatar
On July 9, 2021
0 comments

TRUE/FALSE

  1. Software Assurance and Software Security are the same.
  2. In CMMI (capability maturity model integration) capability and maturity terminologies refer to the same property that on organization may/should have.
  3. In CMMI, a constellation is a particular collection of process areas specifically chosen to help improve a given business need. Currently there are three constellations.
  4. Formal methods of software development are based on formal mathematical proofs of correctness and are the most thorough means of model of verification and validation.
  5. Security auditing and logging means the same thing
  6. Operating systems do not have the capability of enforcing the security policy.
  7. The functionality of your SIEM software plays an important role in your organization’s security
  8. Organizations must handle all security logs manually.
  9. Security Onion (SO) is a Windows distribution for IDS (Intrusion Detection) and NSM (Network Security Monitoring).
  10. Security Information and Event Management (SIEM) software  aggregates data from many sources

MULTIPLE CHOICES

  1. Which of the following is not a software development model?

A.  Iterative                                                                       

B.  Spiral

C.  Block

D.  Extreme programming

  1. What is the first line of defense in a software development life cycle?

A.  Technology

B. Education & Training

C.  Programming skill

D.  Knowledge of SDLC model

  1. The Federal Aviation Administration (FAA) and Capability Maturity Model Integration (CMMI) proposed Safety and Security additions that include______

A.  One goal

B.  Two goals

C.  Three goals

D.  Four goals

  1. Chose one of the following. The Maturity Level three of the Software Assurance Maturity Model (SAMM) refer to:
  2. starting point where activities in the practice are largely unfulfilled
  3. practice area activities and processes are understood to an initial extent, but fulfillment is ad hoc
  4. practice efficiency and/or effectiveness is increasing
  5. practice area activities and processes are comprehensive, indicating full scale mastery of the area
  1. How many processes are there in the Capability Maturity Model Integration (CMMI)?

                A.  zero                                                                                

                B.  one

                C.  two

                D.  three

  1. 16.   How many different ways are there to implement CMMI?

        A.  one

B.  five

C.  infinite

D.  three

  1. General estimates of software quality suggest that one can expect about ____ errors per one thousand lines of “high-level” computer code

A.  five

B. zero

C. ten

D.  eight

  1. Which of the following is a/an Information and Event Management (SIEM) software?

                A.  Splunk

                B. Sumo Logic

C. Alien Vault

D.  All of the above

  1. Security Architecture is concerned with

        A.  Modes of Operation                                                               

        B.  Architecture Concepts

        C.  Implementation Models

D.  All of the above

  • Part I of the Common Criteria (ISO 15408) addresses

        A.  general model of security                                     

        B. security functional requirements

        C.  security assurance requirements

        D.  none of the above

  • Which of the following is recommended best practice to protect yourself in social networking?

        A.  Limit the amount of personal information you post                                                  

        B. Be wary of strangers

        C.  Evaluate your settings

        D.  all of the following

  • Web applications that accept file uploads may  present_____

                A.  Malware vulnerability                                             

B. Trojan or directory traversal vulnerabilities

C.  DoS vulnerability

D.  none of the above

  • Which of the following is not a component of Security Onion (SO)?

        A.  sguil

B. squert

        C.  firewall

D.  snorby

  • Operating systems Audit Records
  • are operational actions performed by OS components                                                                          
  • contain security event information such as successful and failed authentication attempts
  • must be configured manually
  • none of the above
  • Security logs are usually maintained in_______
  • Main memory                                                          
  • Hard drive
  • C. Registry
  • D. Cache

SHORT ANSWER

  • As you know, there are several different development methodologies. However, the all share some common elements. List seven of these common elements and describe each of them in a small paragraph.
  • The Federal Aviation Administration (FAA) and the Department of Defense (DoD) sponsored a joint effort to identify best safety and security practices for use in combination with CMMI. List and briefly describe these safe and security additions.
  • Identify three software development applications that would be suitable for applying formal evaluation and verification. Briefly describe their effectiveness.
  • Discuss the vulnerability assessment, penetration testing, security testing and evaluation/compliance assessment?
  • Security information and event management (SIEM) software provides the log management infrastructure inlcuding log analysis, log storage and log monitoring tiers. Briefly describe the benefits of log management.

Newer answer these questions
Back to list
Older writing homework on The Formation of Petroleum.

Leave a Reply

Your email address will not be published. Required fields are marked *