Ethical behavior in software testing

Questions and Answers

Which statement BEST describes the behavior of the engineer who created the virus creation tool?

• The behavior is ethical because the tool will be used to create a better virus scanner. (correct)
• The behavior is not ethical because creating any kind of virus is bad.
• The behavior is not ethical because such a tool could be leaked on the Internet.
• The behavior is ethical because any experienced programmer could create such a tool.

Which technology effectively obscures network addresses from external exposure when implemented on a firewall or router?

• Address Masking
• Network Address Translation (NAT) (correct)
• Routing Information Protocol (RIP) Version 2
• Application Proxy

In a non-climate controlled environment, what should Passive Infrared Sensors (PIR) do?

• Automatically compensate for variance in background temperature. (correct)
• Detect objects of a specific temperature independent of the background temperature.
• Reduce the detected object temperature in relation to the background temperature.
• Increase the detected object temperature in relation to the background temperature.

What is a federated identity standard?

Security Assertion Markup Language (SAML) (D)

What is the main influence on designing an organization's electronic monitoring policies?

Workplace privacy laws (C)

For configuring a Domain Name Service (DNS) system, what is a best practice from a security perspective?

Limit zone transfers to authorized devices (A)

What is the primary basis for application access in a large organization according to the given information?

Job classification (B)

Which option is NOT recommended for configuring a DNS system securely?

Allow unlimited zone transfers (A)

What technology is used by the large organization for access control based on the provided information?

Kerberos (C)

What is an attacker MOST likely to target to gain privileged access to a system?

Programs that write to system resources (D)

Which is the MOST effective countermeasure to a malicious code attack against a mobile system?

Sandbox (D)

What transmission media is MOST effective in preventing data interception?

Fiber optic (A)

Which factor increases the level of vulnerability to physical threats when building a data center?

Proximity to high crime areas of the city (B)

What does the Encapsulating Security Payload (ESP) provide?

Confidentiality and integrity (D)

Which type of construction factor can increase the security level of a data center?

Use of biometric access control systems (A)

What is a recommended measure for enhancing security during a user session?

Re-authentication periodically (C)

Why might a customer transaction be kept beyond the retention schedule?

Pending legal hold (B)

What type of security control is exemplified by using a proximity card to access a building?

Physical (A)

What is the most effective method for preventing e-mail spoofing?

Cryptographic signature (D)

Why would a security practitioner need a plan to address client-based attacks?

Existing network vulnerabilities (D)

Which principle requires that changes to the plaintext affect many parts of the ciphertext?

Diffusion (A)

In terms of information classification, what should be the first step in the process?

Conducting a data inventory (C)

What is the primary purpose of testing a Disaster Recovery Plan (DRP)?

Validating the effectiveness of the plan (C)

When computer personnel are terminated, what should be the FIRST security action taken?

Remove their computer access (B)

When should re-authentication be required in a user session according to best practices?

After a period of inactivity (D)

Which type of control recognizes excessive transaction amounts according to corporate policy?

Detection (C)

Flashcards are hidden until you start studying