Software Security Threats Quiz

Questions and Answers

Why is software security important?

• To make software more user-friendly
• To increase the speed of software operations
• To protect assets stored, processed, and transmitted by software (correct)
• To make software more visually appealing

What analogy is used to describe using software without security measures?

• Driving a car without a steering wheel
• Walking a high wire without a net (correct)
• Reading a book without words
• Flying a plane without fuel

What makes software a target for various threats?

• Its widespread access to personal identities (correct)
• Its ability to control your phone
• Its resistance to cyber threats
• Its focus on software design

How do hackers typically exploit software vulnerabilities?

By exploiting coding bugs and design flaws (A)

What do organizations increasingly do with sensitive information that raises security concerns?

Use software-intensive systems connected to the Internet (C)

Which statement best describes the role of software in accessing financial services?

Software enables access to financial services through banks (C)

How can a software engineer sabotage the software during its development life cycle?

By intentionally excluding requirements from the specification (D)

What type of attacks are likely to be carried out on network-connected software systems?

Memory corruption attacks (C)

What aspect of the software can be modified by a software engineer to sabotage it?

Design documents (A)

Which vulnerability may be exploited by attackers on network-connected platforms?

Publicly known but unpatched vulnerabilities (B)

What is one of the potential outcomes of attacks on software systems during operation?

Remote code execution (A)

What is the main cause of most targeted attacks, viruses, and worms?

Vulnerabilities in software (D)

How did people traditionally approach security before focusing on software vulnerabilities?

Focusing on network perimeter security (A)

What is the fatal assumption made by the 'network security' market?

All malicious actions can be detected at the network level (B)

How does software security differ from network security?

Network security involves building security into software (C)

What defines a software vulnerability?

A fault in specification, development, or configuration of software (C)

Why are software vulnerabilities considered threats to software security?

They can violate the security policy of the software (C)

What are some consequences of improper and ambiguous specifications in software development?

Ill-chosen internal program structures (C)

Why is it difficult to trace the authorship of software products?

Software companies close within months of opening (B)

What is the purpose of software re-use in development?

To reduce time spent on designing or coding (C)

How does software re-use contribute to efficiency in software development?

By reducing testing costs (A)

What is a potential risk associated with shareware and freeware?

Bringing hostile code into trusted systems (A)

Why do we not care about the quality, honesty, and reliability of most software products?

Because it's not a concern for most users (A)

What is the purpose of OS Fingerprinting?

To determine the hardware platform and operating system version of a machine (C)

How do sniffers intercept data?

By opening the network access layer device in promiscuous mode (D)

What is the primary purpose of hacking and cracking tools?

To recover lost passwords (B)

Which tool is commonly used for packet sniffing?

Ethereal (A)

What does port scanning aim to determine?

Whether a test has crashed the machine (A)

What is one of the legal uses of hacking and cracking tools?

To educate people on password security (B)