









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A wide range of software testing techniques, including performance testing, load testing, stress testing, and volume testing, as well as various error-checking methods such as sequence checks, limit checks, and logical relationship checks. It also discusses different types of system testing, including alpha testing, beta testing, and parallel testing. Additionally, the document delves into cybersecurity concepts, including different types of attacks like smurf attacks, ping floods, and teardrop attacks, as well as security measures like firewalls, virtual private networks (vpns), and digital envelopes. A comprehensive overview of both software testing and cybersecurity, making it a valuable resource for students, professionals, and anyone interested in these topics.
Typology: Exams
1 / 15
This page cannot be seen from the preview
Don't miss anything!










COBIT Framework - CORRECT ANSWER Framework developed by ISACA to support EGIT by providing a framework to ensure that IT is aligned with the business, IT enables the business and maximizes benefits, IT resources are used responsibly, and IT risk is managed appropriately. (ISO)/International Electrotechnical Commission (IEC) 27000 series - CORRECT ANSWER A set of best practices that provides guidance to organizations implementing and maintaining information security programs. Information Technology Infrastructure Library (ITIL®) - CORRECT ANSWER Framework developed by the UK Office of Government Commerce (OGC), in partnership with the IT Service Management Forum, and is a detailed framework with hands-on information regarding how to achieve successful operational service management of IT. ISO/IEC 38500:2015 - CORRECT ANSWER Information Technology - Governance of IT for the organization provides guiding principles for members of governing bodies of organizations on the effective, efficient and acceptable use of IT ISO/IEC 20000 - CORRECT ANSWER a specification for service management that is aligned with ITIL's service management framework. It is divided into two parts ISO 3100:2018 - CORRECT ANSWER Risk management—Guidelines provides guidelines on and a common approach to risk management for organizations. There are four methods used to estimate the cost of an information system acquisition and development project: - CORRECT ANSWER 1. Analogous estimating
Analogous Estimating - CORRECT ANSWER The project manager can develop the estimated cost for a new project by taking reference from prior projects. This is the quickest estimation technique. Parametric Estimating - CORRECT ANSWER The project manager looks at the same past data that were used in analogous estimating and leverages statistical data (estimated employee hours, materials costs, technology, etc.) to develop the estimate. This approach is more accurate than analogous estimation. Bottom-Up Estimating - CORRECT ANSWER The cost of each activity in the project is estimated to the greatest detail (i.e., starting at the bottom), and then all the costs are added to arrive at the cost estimate of the entire project. The most accurate estimate, this is the most time-consuming approach. Actual Costs - CORRECT ANSWER Takes an extrapolation from the actual costs that were incurred on the same system during past projects. Debugging tools fall into three categories: - CORRECT ANSWER 1. Logic Path Monitors
Limit Check - CORRECT ANSWER Data should not exceed a predetermined amount. For example, payroll checks should not exceed US $4,000. If a check exceeds US $4,000, the data would be rejected for further verification/authorization. Range Check - CORRECT ANSWER Data should be within a predetermined range of values. Validity Check - CORRECT ANSWER Programmed checking of the data validity in accordance with predetermined criteria. Reasonableness Check - CORRECT ANSWER Input data are matched to predetermined reasonable limits or occurrence rates. Table Lookups - CORRECT ANSWER Input data comply with predetermined criteria maintained in a computerized table of possible values. Existence Check - CORRECT ANSWER Data are entered correctly and agree with valid predetermined criteria. Key Verification - CORRECT ANSWER The keying process is repeated by a separate individual using a machine that compares the original keystrokes to the repeated keyed input. Check Digit - CORRECT ANSWER A numeric value that has been calculated mathematically is added to data to ensure that the original data have not been altered or an incorrect, but valid, value substituted. This control is effective in detecting transposition and transcription errors. Completeness Check - CORRECT ANSWER A field should always contain data rather than zeros or blanks. A check of each byte of that field should be performed to determine that some form of data, not blanks or zeros, is present. Duplicate Check - CORRECT ANSWER New transactions are matched to those previously input to ensure that they have not already been entered.
Logical Relationship Check - CORRECT ANSWER If a particular condition is true, then one or more additional conditions or data input relationships may be required to be true and consider the input valid. Redundancy Check - CORRECT ANSWER A common error-detection where a transmitted block of data containing one or more records or messages is checked for the number of characters or patterns of bits contained in it. Parity Check - CORRECT ANSWER A general hardware control that helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is odd or even. When the parity bit disagrees with the sum of the other bits, the computer reports an error. ACID principle for Data Integrity in Online Transaction Processing Systems - CORRECT ANSWER 1. Atomicity
Incremental Backup - CORRECT ANSWER This type of backup scheme copies the files and folders that changed or are new since the last incremental or full backup. If you have a full backup on day 1, your incremental backup on day 2 will copy only the changes from day 1 to day 2. On day 3, it will copy only the changes from day 2 to day 3, and so on. This is a faster method of backup and requires less media capacity, but it requires that all backup sets restore all changes since a full backup, and restoration will take more time. Differential Backup - CORRECT ANSWER This type of backup copies all files and folders that have been added or changed since a full backup was performed. This type of backup is faster and requires less media capacity than a full backup and requires only the last full and differential backup sets to make a full restoration. It also requires less time to restore than incremental backups, but it is slower and requires more media capacity than incremental backups because data that are backed up are cumulative. A Business Continuity Plan should include the following sub-plans: - CORRECT ANSWER 1. Continuity of Operations Plan
Short Term Power Interruption Control (Sags, Spikes, Surges) - CORRECT ANSWER Surge Protector Intermediate Term Power Interruption Control (Few Seconds to 30 Mins) - CORRECT ANSWER uninterruptible power supply (UPS) devices Long Term Power Interruption Control (Few Hours to Several Days) - CORRECT ANSWER Alternate Power Generators Total Flooding - CORRECT ANSWER Systems working under this principle apply an extinguishing agent to a three-dimensional enclosed space in order to achieve a concentration of the agent (volume percent of the agent in air) adequate to extinguish the fire. Local Application (Extinguishing Agent) - CORRECT ANSWER Systems working under this principle apply an extinguishing agent directly onto a fire (usually a two- dimensional area), or into the three-dimensional region immediately surrounding the substance or object on fire The main difference between local application and total flooding designs - CORRECT ANSWER the absence of physical barriers enclosing the fire space in the local application design. Baseband Communication - CORRECT ANSWER The signals are directly injected on the communication link (no modulation or shift in the range of frequencies of the signal). Generally, only one communication channel is available at any a time (half-duplex), although fullduplex modems are now available. Broadband Communication - CORRECT ANSWER Different carrier frequencies defined within the available band can carry analog signals, such as those generated by image processors or a data modem, as if they were placed on separate baseband channels. Network Standards - CORRECT ANSWER 1. Interoperability
Network Layer - CORRECT ANSWER Including IP address, router, firewall - This layer creates a virtual circuit between the transport layer on the local device and the transport layer on the remote device. This is the layer of the stack that understands IP addresses and is responsible for routing and forwarding. Transport Layer - CORRECT ANSWER Including TCP and UDP - This layer provides reliable and transparent transfer of data between end points, end-toend error recovery and flow control. This layer ensures that all of the data sent to it by the session layer are successfully received by the remote system's transport layer. Session Layer - CORRECT ANSWER Including RPC, SQL, Network File System - This layer controls the dialogs (sessions) between computers. It establishes, manages and terminates the connections between the local and remote application layers. All conversations, data exchanges and dialogs between the application layers are managed by the session layer. Presentation Layer - CORRECT ANSWER Including JPEG, MPEG, MP3, GIF - this layer transforms data to provide a standard interface for the application layer and provides common communication services, such as encryption, text compression and reformatting Application Layer - CORRECT ANSWER Including FTP, SSH, Telnet, HTTP - This layer provides a standard interface for applications that must communicate with devices on the network (e.g., print files on a network-connected printer, send an email or store data on a file server). Thus, this layer provides an interface to the network. Star Topology - CORRECT ANSWER Of the physical topologies that have been commonly used—which is the only one used to any great extent in new construction. Repeaters - CORRECT ANSWER physical layer devices that extend the range of a network or connect two separate network segments together. Repeaters receive signals from one network segment and amplify (regenerate) the signal to compensate for signals (analog or digital) that are distorted due to a reduction of signal strength during transmission (i.e., attenuation).
Hubs - CORRECT ANSWER physical layer devices that serve as the center of a star- topology network or a network concentrator. These can be active (if they repeat signals sent through them) or passive (if they merely split signals). Bridges - CORRECT ANSWER data link layer devices that were developed to connect LANs or create two separate LAN or WAN network segments from a single segment to reduce collision domains. Layer 2 Switches - CORRECT ANSWER data link level devices that can divide and interconnect network segments and help to reduce collision domains in Ethernet- based networks. Routers - CORRECT ANSWER similar to bridges and switches in that they link two or more physically separate network segments. The network segments linked by this method however, remain logically separate and can function as independent networks. Layer 3 Switches - CORRECT ANSWER These switches enable the concept of establishing a VLAN. Gateways - CORRECT ANSWER Devices that are protocol converters. Typically, they connect and convert between LANs and the mainframe, or between LANs and the Internet, at the application layer of the OSI reference model. Depending on the type m, the operation occurs at various OSI layers. The most common form is a systems network architecture (SNA) gateway, converting between a TCP/IP, NetBios or Inter-network Packet Exchange (IPX) session (terminal emulator) and the mainframe. Modems (modulator/demodulator) - CORRECT ANSWER Data communications equipment (DCE) devices that make it possible to use analog lines (generally, the public telephone network) as transmission media for digital networks. Multiplexors - CORRECT ANSWER physical layer devices used when a physical circuit has more bandwidth capacity than required by individual signals. Point-to-Point Protocol (PPP) - CORRECT ANSWER This protocol works in the data link layer and provides a single, preestablished WAN communication path from
Packet-Filtering Firewall - CORRECT ANSWER First generation, worked on headers. Vulnerable to IP spoofing, source routing specifications, and miniature fragment attacks. Application Firewall - CORRECT ANSWER There are two of these types of systems —application-level and circuit-level. They provide greater protection capabilities than packet filtering routers. These systems allow information to flow between systems but do not allow the direct exchange of packets. They work at the application level of the OSI model. Stateful Inspection Firewall - CORRECT ANSWER This system keeps track of the destination IP address of each packet that leaves the organization's internal network. Whenever the response to a packet is received, its record is referenced to ascertain and ensure that the incoming message is in response to the request that went out from the organization. Firewall Types - CORRECT ANSWER 1. Packet-Filtering
because it supports networkand application-level security while defining a separate, small, isolated network for an organization's public servers, bastion host information servers and modem pools. Digital Envelope - CORRECT ANSWER Similar to a digital signature, this is an electronic "container" that can be used to protect data or a message through the use of encryption and data authentication. The message is first encoded using symmetric encryption and then the code to decode the message is secured using public key encryption. This provides a more convenient option for encryption. Digital Signature - CORRECT ANSWER A piece of information, a digitized form of signature, that provides sender authenticity, message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function. Digital Certificate - CORRECT ANSWER The resulting document from a Certification Authority (CA) from which any signed document is considered automatically authentic by the sender and the recipient. In the first place, this trusted party identifies the holder of a public key (the subject) and then signs this public key while appending details of the subject's identity. Certification Authority (CA) - CORRECT ANSWER As well as issuing new certificates, this party maintains a list of compromised certificates (i.e., those whose private key has been leaked or lost) called the certificate revocation list (CRL). Registration Authority (RA) - CORRECT ANSWER The individual institution that validates an entity's proof of identity and ownership of a key pair. Smurf Attack - CORRECT ANSWER Occurs when misconfigured network devices allow packets to be sent to all hosts on a particular network via the broadcast address of the network Ping Flood - CORRECT ANSWER Occurs when the target system is overwhelmed with ping packets