Ethical behavior in software testing

Questions and Answers

Which statement BEST describes the behavior of the engineer who created the virus creation tool?

The behavior is ethical because the tool will be used to create a better virus scanner. (correct)

The behavior is not ethical because creating any kind of virus is bad.

The behavior is not ethical because such a tool could be leaked on the Internet.

The behavior is ethical because any experienced programmer could create such a tool.

Which technology effectively obscures network addresses from external exposure when implemented on a firewall or router?

Address Masking

Network Address Translation (NAT) (correct)

Routing Information Protocol (RIP) Version 2

Application Proxy

In a non-climate controlled environment, what should Passive Infrared Sensors (PIR) do?

Automatically compensate for variance in background temperature. (correct)

Detect objects of a specific temperature independent of the background temperature.

Reduce the detected object temperature in relation to the background temperature.

Increase the detected object temperature in relation to the background temperature.

What is a federated identity standard?

Security Assertion Markup Language (SAML)

What is the main influence on designing an organization's electronic monitoring policies?

Workplace privacy laws

For configuring a Domain Name Service (DNS) system, what is a best practice from a security perspective?

Limit zone transfers to authorized devices

What is the primary basis for application access in a large organization according to the given information?

Job classification

Which option is NOT recommended for configuring a DNS system securely?

Allow unlimited zone transfers

What technology is used by the large organization for access control based on the provided information?

Kerberos

What is an attacker MOST likely to target to gain privileged access to a system?

Programs that write to system resources

Which is the MOST effective countermeasure to a malicious code attack against a mobile system?

Sandbox

What transmission media is MOST effective in preventing data interception?

Fiber optic

Which factor increases the level of vulnerability to physical threats when building a data center?

Proximity to high crime areas of the city

What does the Encapsulating Security Payload (ESP) provide?

Confidentiality and integrity

Which type of construction factor can increase the security level of a data center?

Use of biometric access control systems

What is a recommended measure for enhancing security during a user session?

Re-authentication periodically

Why might a customer transaction be kept beyond the retention schedule?

Pending legal hold

What type of security control is exemplified by using a proximity card to access a building?

Physical

What is the most effective method for preventing e-mail spoofing?

Cryptographic signature

Why would a security practitioner need a plan to address client-based attacks?

Existing network vulnerabilities

Which principle requires that changes to the plaintext affect many parts of the ciphertext?

Diffusion

In terms of information classification, what should be the first step in the process?

Conducting a data inventory

What is the primary purpose of testing a Disaster Recovery Plan (DRP)?

Validating the effectiveness of the plan

When computer personnel are terminated, what should be the FIRST security action taken?

Remove their computer access

When should re-authentication be required in a user session according to best practices?

After a period of inactivity

Which type of control recognizes excessive transaction amounts according to corporate policy?

Detection