1. Which of the following is NOT a well known vendor of antivirus software?

A) Adobe B) F-Secure C) Network Associates D) Symantec Correct Answer(s): A

2. The SDLC is A) a branch of the department of homeland Security B) a task force committed to promoting consistent software development methodolo gies accross operating platforms. C) a learning center for software design. D) a series of activities describing the process of building computer systems. Feedback: See page 297. Correct Answer(s): D 3. Which of the following tests make sure the modified or new system includes appro priate access controls and doesn't introduce any security holes that might compr omise other systems? A) stress/volume testing. B) recovery testing. C) interface testing. D) security testing. Feedback: See page 300. Correct Answer(s): D 4. As the software development process matures, who is increasingly responsible for safeguarding applications? A) IT directors B) Security administrators C) Network administrators D) Software designers Correct Answer(s): D

5. The process of software development A) has remained fundamentally the same over the past several decades. B) has changed from a passive to an active acceptance of security needs. C) has outgrown the need for methodology because of increased maturity of develo pment models. D) has had a diminishing importance since the threat of terrorism has increased. Feedback: See page 295. Correct Answer(s): B 6.

At which stage in the applications development cycle should the security departm ent become involved? A) prior to system testing B) during unit testing C) during requirements development D) prior to implementation Feedback: See page 300. Correct Answer(s): C 7. Which following phases of a system development life cycle is most concerned with establishing a sound policy as the foundation for design? A) implementation B) maintenance C) development/acquistion D) initiation Feedback: See page 300. Correct Answer(s): D 8. Most computer industry experts view security in software as a(n): A) foolproof mechanism to thwart computer attacks. B) elective. C) nice-to-have feature. D) requirement. Feedback: See page 297. Correct Answer(s): D 9. Antivirus software should A) have a track record of successful implementations. B) be self-updating. C) protect a computer system without inhibiting normal processing. D) All of the above. Feedback: See page 305. Correct Answer(s): D 10. Which of the following is not a risk with distributed systems. A) Java applets B) a firewall C) ActiveX controls D) COBRA interfaces Feedback: See page 302. Correct Answer(s): B 11. What was the impetus behind the SDLC Task force's report of April 2004? A) all of the above B) improve security accross the SDLC

C) raise awareness of the importance of system security D) to coordinate security efforts accross public and private sectors Feedback: See page 306 and the slides. Correct Answer(s): A 12. Which of the following is NOT a fundamental task in building an information tech nology system? A) Understand the requirements of the system B) Analyze the requirements in detail C) Test the programs individually only D) Identify program functions Correct Answer(s): C

13. What is a distributed system? A) system resources located on disparate servers B) all of the above C) an implementation of client/serverapplication D) a system using networked services and resources Feedback: See page 301. Correct Answer(s): B 14. When considering an IT system development life cycle,security should be A) treated as an integral part of the overall system design. B) mostly considered during the initiation phase. C) mostly considered during the development phase. D) added once the design is completed Feedback: See page 297 and the Powerpoint slides. Correct Answer(s): A 15. Risk reduction in a system development life cycle should be applied: A) mostly to the initiation phase. B) equally to all phases. C) mostly to the development phase. D) mostly to the disposal phase. Feedback: See the slides. Correct Answer(s): B