Software Security Multiple Choice Questions: Software MCQs

Software Security Multiple Choice Questions. Questions and Answers on the topic of Software Security.

 

Software Security Multiple Choice Questions

 

What is Life cycle risk assessment ?

A. Risk assessment before the system has been deployed
B. Risk assessment while the system is being developed
C. All of the mentioned
D. None of the mentioned

View Answer

C. All of the mentioned

 

What are security controls ?

A. Controls that are intended to ensure that attacks are unsuccessful
B. Controls that are intended to detect and repel attacks
C. Controls that are intended to support recovery from problems
D. All of the mentioned

View Answer

D. All of the mentioned

 

Which of the following is a technique covered in Static Analysis ?

A. Formal verification
B. Model checking
C. Automated program analysis
D. All of the mentioned

View Answer

D. All of the mentioned

 

POFOD stands for ?

A. Possibility of failure of data
B. Probability of failure of data
C. Possibility of failure on demand
D. Probability of failure on demand

View Answer

D. Probability of failure on demand

 

Choose the fault class in which the following automated static analysis check would fall: Pointer Arithmetic ?

A. Storage management faults
B. Data Faults
C. Input/Output Faults
D. Interface faults

View Answer

A. Storage management faults

 

Static Analysis involves executing a program ?

A. True
B. False

View Answer

B. False

 

An impersonation of an authorised user is an example of a security threat ?

A. True
B. False

View Answer

B. False

 

Circumstances that have potential to cause loss or harm is known as ?

A. Attack
B. Threat
C. Vulnerability
D. Control

View Answer

B. Threat

 

Which of the following is incorrect with respect to Model Checking ?

A. Model checking is particularly valuable for verifying concurrent systems
B. Model checking is computationally very inexpensive
C. The model checker explores all possible paths through the model
D. All of the mentioned

View Answer

B. Model checking is computationally very inexpensive

 

A system resource that has a value and has to be protected is known as ?

A. Asset
B. Control
C. Vulnerability
D. None of the mentioned

View Answer

A. Asset

 

Software Security MCQs

 

The records of each patient that is receiving or has received treatment resembles which security concept ?

A. Asset
B. Threat
C. Vulnerability
D. Control

View Answer

A. Asset

 

Select the disadvantage of using Formal methods ?

A. Concurrent systems can be analysed to discover race conditions that might lead to deadlock
B. Producing a mathematical specification requires a detailed analysis of the requirements
C. They require the use of specialised notations that cannot be understood by domain experts
D. All of the mentioned

View Answer

C. They require the use of specialised notations that cannot be understood by domain experts

 

Security engineering is only concerned with maintenance of systems such that they can resist malicious attacks ?

A. True
B. False

View Answer

B. False

 

Choose the fault class in which the following automated static analysis check would fall: Variables declared but never used ?

A. Control Faults
B. Data Faults
C. Input/Output Faults
D. Interface faults

View Answer

B. Data Faults

 

Controls that are intended to ensure that attacks are unsuccessful is analogous to _________ in dependability engineering ?

A. Fault avoidance
B. Fault tolerance
C. Fault detection
D. Fault Recovery

View Answer

A. Fault avoidance

 

Choose the fault class in which the following automated static analysis check would fall: Non-usage of the results of functions ?

A. Storage management faults
B. Data Faults
C. Input/Output Faults
D. Interface faults

View Answer

D. Interface faults

 

Which level of Static Analysis allows specific rules that apply to a program to be checked ?

A. Characteristic error checking
B. User-defined error checking
C. Assertion checking
D. All of the mentioned

View Answer

B. User-defined error checking

 

Which of the following is a layer of protection for Security ?

A. Platform-level protection
B. Application-level protection
C. Record-level protection
D. All of the mentioned

View Answer

D. All of the mentioned

 

Choose the fault class in which the following automated static analysis check would fall: Unreachable code ?

A. Control Faults
B. Data Faults
C. Input/Output Faults
D. Interface faults

View Answer

A. Control Faults

 

Which of the following is a bad practice of Dependable programming ?

A. Limit the visibility of information in a program
B. Check array bounds
C. Check all inputs for validity
D. None of the mentioned

View Answer

B. Check array bounds

 

Software Security Multiple Choice Questions

 

Static analysis is now routinely used in the development of many safety and security critical systems ?

A. True
B. False

View Answer

A. True

 

At which stage of risk analysis specification, the additional security requirements take account of the technologies used in building the system and system design and implementation decisions ?

A. Preliminary risk analysis
B. Life-cycle risk analysis
C. Operational risk analysis
D. All of the mentioned

View Answer

B. Life-cycle risk analysis

 

Which of the following is not a Protection system ?

A. System to stop a train if it passes a red light
B. System to indicate not returning of the library book
C. System to shut down a reactor if temperature/pressure are too high
D. None of the mentioned

View Answer

B. System to indicate not returning of the library book

 

Which reliability metric sets out the probable number of system failures that are likely to be observed relative to a certain time period ?

A. POFOD
B. ROCOF
C. AVAIL
D. None of the mentioned

View Answer

B. ROCOF

 

Exception handling is a mechanism to provide some fault avoidance ?

A. True
B. False

View Answer

B. False

 

To specify security requirements, one should identify the risks that are to be dealt with ?

A. True
B. False

View Answer

B. False

 

What is a Range check ?

A. Check that the input does not exceed some maximum size e.g. 40 characters for a name
B. Check that the input falls within a known range
C. Use information about the input to check if it is reasonable rather than an extreme value
D. None of the mentioned

View Answer

B. Check that the input falls within a known range

 

Which reliability requirements are concerned with maintaining copies of the system ?

A. Checking requirements
B. Recovery requirements
C. Redundancy requirements
D. Ambiguous requirements

View Answer

B. Recovery requirements

 

The use of a well-defined, repeatable process is essential if faults in a system are to be minimized ?

A. True
B. False

View Answer

A. True

 

Which of the following is not a functional reliability requirement for a system ?

A. Checking requirements
B. Recovery requirements
C. Redundancy requirements
D. Ambiguous requirements

View Answer

D. Ambiguous requirements

 

Software Security Multiple Choice Questions

 

What is the term for a system that is designed such that the faults in the delivered software do not result in system failure ?

A. Fault Avoidance
B. Fault detection
C. Fault tolerance
D. None of the mentioned

View Answer

C. Fault tolerance

 

What is the term for development process organised such that faults in the system are detected and repaired before delivery to the customer ?

A. Fault Avoidance
B. Fault detection
C. Fault tolerance
D. None of the mentioned

View Answer

A. Fault Avoidance

 

How many stages are there in Risk-driven requirements specification ?

A. three
B. four
C. five
D. six

View Answer

B. four

 

Which of the following is a Strategy to achieve Software diversity ?

A. Different programming languages
B. Different design methods and tools
C. Explicit specification of different algorithms
D. All of the mentioned

View Answer

D. All of the mentioned

 

An event that occurs at some point in time when the system does not deliver a service as expected by its users is called ?

A. Human error or mistake
B. System fault
C. System error
D. System failure

View Answer

D. System failure

 

Which process characteristic with respect to Dependability Engineering is mentioned by the statement: The process should be understandable by people apart from process participants ?

A. Diverse
B. Documentable
C. Auditable
D. None of the mentioned

View Answer

C. Auditable

 

Consider a case where the system is unavailable and cannot deliver its services to users. What type of failure is being described here ?

A. Loss of service
B. Incorrect service delivery
C. System/data corruption
D. None of the mentioned

View Answer

A. Loss of service

 

Which of the following examples does not involve dependability engineering ?

A. Medical Systems
B. Power Systems
C. Library Management
D. Telecommunications

View Answer

C. Library Management

 

A weakness in a computer-based system that may be exploited to cause loss or harm is known as ?

A. Vulnerability
B. Attack
C. Threat
D. Exposure

View Answer

A. Vulnerability

 

Consider a case where the failure of the system causes damage to the system itself or it data. What type of failure is being described here ?

A. Loss of service
B. Incorrect service delivery
C. System/data corruption
D. None of the mentioned

View Answer

C. System/data corruption

 

Software Security Multiple Choice Questions

 

A password checking system that disallows user passwords that are proper names or words that are normally included in a dictionary is an example of ________ with respect to security systems ?

A. risk
B. control
C. attack
D. asset

View Answer

B. control

 

An assessment of the worst possible damage that could result from a particular hazard is known as ?

A. Risk
B. Hazard probability
C. Hazard severity
D. Mishap

View Answer

C. Hazard severity

 

An erroneous system state that can lead to system behavior that is unexpected by system users is known as ?

A. Human error or mistake
B. System fault
C. System error
D. System failure

View Answer

C. System error

 

The safety of a system is a system attribute that reflects the system’s ability to operate, normally or abnormally, without injury to people or damage to the environment ?

A. True
B. False

View Answer

A. True

 

A chemical plant system may detect excessive pressure and open a relief valve to reduce these pressures before an explosion occurs. What kind of dependability and security issue the example states ?

A. Hazard avoidance
B. Damage limitation
C. Hazard detection
D. Hazard detection and removal

View Answer

D. Hazard detection and removal

 

An aircraft engine normally includes automatic fire extinguishers.What kind of dependability and security issue the example states ?

A. Hazard avoidance
B. Damage limitation
C. Hazard detection
D. Hazard detection and removal

View Answer

B. Damage limitation

 

A characteristic of a software system that can lead to a system error is known as ?

A. Human error or mistake
B. System fault
C. System error
D. System failure

View Answer

B. System fault

 

Which of the following terms is a measure of the probability that the system will cause an accident ?

A. Risk
B. Hazard probability
C. Accident
D. Damage

View Answer

A. Risk

 

Read More

Leave a Comment

Your email address will not be published. Required fields are marked *

error: Content is protected !!