David is an applications developer working for Dewer and Sons law firm in Los Angeles David just completed a course on writing secure code and was enlightened by all the intricacies of how code must be rewritten many times to ensure its
security. David decides to go through all the applications he has written and change them to be more secure. David comes across the following snippet in one of his programs:
#include
int main(int argc, char **argv)
{
int number = 5;
printf(argv[1]);
putchar(`\n');
printf("number (%p) is equal to %d\n",
andvalue, value);
}
What could David change, add, or delete to make this code more secure?
A. Change putchar(`\n') to putchar("%s", `\n')
B. Change printf(argv[1]) to printf("%s", argv[1])
C. Change printf(argv[1]) to printf(constv [0])
D. Change int number = 5 to const number = ""
Jayson is the head developer of a team working on an inventory tracking and maintenance program. Jayson and his team are in the third phase of the software development life cycle, designing the program. In their current development phase, what material would be considered the input for their program?
A. Design document
B. User acceptance document
C. Specifications document
D. Maintenance document
What will the following script accomplish?
for (int i=0; i if (HttpCookie.domainMatches(blacklist[i], host)) return false; A. Create a list of blacklist domains B. Check domains against a blacklist C. Prevent site from being blacklisted D. Delete entries in a blacklist file
Clay is a SQL dba working for Integrated Solutions Inc., a graphics design company in Miami. Clay administers 10 SQL servers at the company's headquarters. Clay wants to ensure that all SQL traffic stays within the internal network and no SQL traffic from the outside can get into the internal network.
What ports should Clay tell the network team to close off at the firewall to disallow all incoming and outgoing SQL traffic?
A. 1499
B. 1433
C. 389
D. 1434
Why would a software development firm want to fix any issues with a program at the design stage as opposed to fixing issues with a program through a patch release?
A. Releasing a patch costs 25 times as much as fixing the issue in the design stage
B. Releasing a patch costs 5 times as much as fixing the issue in the design stage
C. Releasing a patch is actually the most efficient and cost effective way of solving issues
D. Releasing a patch costs 60 times as much as fixing the issue in the design stage
Versions Unlimited, a software design company in Seattle, has just finished development of a new mapping software product. They have completed testing the internal code and are now ready to involve users other than programmers in the testing. Versions Unlimited invites internal employees and some external users to come to their company and test the product in a controlled environment.
What type of testing is Versions Unlimited currently undertaking?
A. Alpha testing
B. Open box testing
C. Regression testing
D. Beta testing
Kevin wants to use an SSL certificate from his Mac OS X server so that he can send and receive encrypted email. What would Kevin accomplish by typing in the following command? certtool c k=/Users/root/Library/Keychains/certkc
A. Remove any unnecessary permissions on the file "certkc"
B. Create keychain called "certkc"
C. Copy the root certificate of the server to the file "certkc"
D. Import encryption key into the file "certkc"
What compression library is used by wiretap, the packet analyzer reader for Wireshark?
A. wtapbil
B. pclib
C. winrar
D. zllib
Harold is writing a J2ME program that run an inventory application on his company's PDAs.
Employees will use their PDA to scan barcodes into the program Harold is writing. Harold is very concerned about securing his program's code and ensuring its integrity once it is utilized. Harold particularly wants to stop the execution of class
files loaded in the virtual machine in any way, what is not allowed by java virtual machine specification.
What level of J2ME security should Harold implement to accomplish this?
A. High-end security
B. End-to-end security
C. Low-level-security
D. Application level security
What type of authentication is used in the following Pocket SOAP code? Dim Envelope
Dim HTTP
Set Envelope = CreateObject("PocketSOAP.Envelope.2")
Set HTTP = CreateObject("PocketSOAP.HTTPTransport.2)
Envelope.SetMethod "GetSome", "http://www.mysite.org/message/"
Emvelope.Parameters.Create "SomeParameter", "SomeValue"
HTTP.SOAPAction = "http://www.mysite.org/action/Service.GetSome"
HTTP.Authentication "Username", "Password"
HTTP.Send http://www.mysite.org/webservice.WDSL",Envelope.Serialize
Envelope.Parse HTTP
MsgBox "Result: " and Envelope.Parameters.Item(0).Value
A. Digest authentication
B. SSL authentication
C. Basic authentication
D. Integrated authentication