Page 1567 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1567
Chapter 20: Software Development Security
1. A. The three elements of the DevOps model are software
development, quality assurance, and IT operations.
2. B. Input validation ensures that the input provided by users
matches the design parameters.
3. C. The request control provides users with a framework to request
changes and developers with the opportunity to prioritize those
requests.
4. C. In a fail-secure state, the system remains in a high level of
security until an administrator intervenes.
5. B. The waterfall model uses a seven-stage approach to software
development and includes a feedback loop that allows development
to return to the previous phase to correct defects discovered during
the subsequent phase.
6. A. Content-dependent access control is focused on the internal
data of each field.
7. C. Foreign keys are used to enforce referential integrity constraints
between tables that participate in a relationship.
8. D. In this case, the process the database user is taking advantage of
is aggregation. Aggregation attacks involve the use of specialized
database functions to combine information from a large number of
database records to reveal information that may be more sensitive
than the information in individual records would reveal.
9. C. Polyinstantiation allows the insertion of multiple records that
appear to have the same primary key values into a database at
different classification levels.
10. D. In Agile, the highest priority is to satisfy the customer through
early and continuous delivery of valuable software.
11. C. Expert systems use a knowledge base consisting of a series of
“if/then” statements to form decisions based on the previous
