Software Security Threats Quiz

Questions and Answers

Why is software security important?

To make software more user-friendly

To increase the speed of software operations

To protect assets stored, processed, and transmitted by software (correct)

To make software more visually appealing

What analogy is used to describe using software without security measures?

Driving a car without a steering wheel

Walking a high wire without a net (correct)

Reading a book without words

Flying a plane without fuel

What makes software a target for various threats?

Its widespread access to personal identities (correct)

Its ability to control your phone

Its resistance to cyber threats

Its focus on software design

How do hackers typically exploit software vulnerabilities?

By exploiting coding bugs and design flaws

What do organizations increasingly do with sensitive information that raises security concerns?

Use software-intensive systems connected to the Internet

Which statement best describes the role of software in accessing financial services?

Software enables access to financial services through banks

How can a software engineer sabotage the software during its development life cycle?

By intentionally excluding requirements from the specification

What type of attacks are likely to be carried out on network-connected software systems?

Memory corruption attacks

What aspect of the software can be modified by a software engineer to sabotage it?

Design documents

Which vulnerability may be exploited by attackers on network-connected platforms?

Publicly known but unpatched vulnerabilities

What is one of the potential outcomes of attacks on software systems during operation?

Remote code execution

What is the main cause of most targeted attacks, viruses, and worms?

Vulnerabilities in software

How did people traditionally approach security before focusing on software vulnerabilities?

Focusing on network perimeter security

What is the fatal assumption made by the 'network security' market?

All malicious actions can be detected at the network level

How does software security differ from network security?

Network security involves building security into software

What defines a software vulnerability?

A fault in specification, development, or configuration of software

Why are software vulnerabilities considered threats to software security?

They can violate the security policy of the software

What are some consequences of improper and ambiguous specifications in software development?

Ill-chosen internal program structures

Why is it difficult to trace the authorship of software products?

Software companies close within months of opening

What is the purpose of software re-use in development?

To reduce time spent on designing or coding

How does software re-use contribute to efficiency in software development?

By reducing testing costs

What is a potential risk associated with shareware and freeware?

Bringing hostile code into trusted systems

Why do we not care about the quality, honesty, and reliability of most software products?

Because it's not a concern for most users

What is the purpose of OS Fingerprinting?

To determine the hardware platform and operating system version of a machine

How do sniffers intercept data?

By opening the network access layer device in promiscuous mode

What is the primary purpose of hacking and cracking tools?

To recover lost passwords

Which tool is commonly used for packet sniffing?

Ethereal

What does port scanning aim to determine?

Whether a test has crashed the machine

What is one of the legal uses of hacking and cracking tools?

To educate people on password security