Module 06 Software and Hardware Assurance Best Practices

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/19

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 9:03 AM on 4/22/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

20 Terms

1
New cards

Which boot security mode sends information on the boot process to a remote server?

a. UEFI Native Mode

b. Secure Boot

c. Trusted Boot

d. Measured Boot

Measured Boot

2
New cards

Which stage conducts a test that will verify the code functions as intended?

a. Production stage

b. Testing stage

c. Staging stage

d. Development stage

Staging stage

3
New cards

Which model uses a sequential design process?

a. Secure model

b. Agile model

c. Rigid model

d. Waterfall model

Waterfall model

4
New cards

Which of these provides cryptographic services and is external to the device?

a. Trusted Platform Module (TPM)

b. Hardware security module (HSM)

c. Self-encrypting hard disk drives (SED)

d. Encrypted hardware-based USB devices

Hardware security module (HSM)

5
New cards

Which of the following is NOT an advantage of a software-oriented architecture (SOA)?

a. Improves business agility

b. Leverages legacy functionality

c. Eliminates the need for business analysts

d. Enhances collaboration

Eliminates the need for business analysts

6
New cards

What is an XML standard that allows secure web domains to exchange user authentication and authorization data in an SOA?

a. REST-X

b. SAML

c. Macroservices

d. SDLC

SAML

7
New cards

Which technology is REST replacing?

a. SOAP

b. XMLX

c. SAM-X

d. IPA-REST

SOAP

8
New cards

Which of the following is NOT correct about the software development lifecycle (SDLC)?

a. It is a methodology that can be used to build a program or application from its inception to decommission.

b. There has been only one approved SDLC model.

c. The SDLC includes the basic steps of software planning, designing, testing, coding, and maintenance.

d. An advantage is that there is a higher awareness of security by stakeholders.

There has been only one approved SDLC model

9
New cards

Which of the following is NOT a secure SDLC source?

a. OWASP

b. Nessus

c. SANS

d. CIS

Nessus

10
New cards

Which of the following is NOT correct about the agile model?

a. It follows a rigid sequential design process.

b. Work is done in "sprints."

c. The project's priorities are continually evaluated as tests are run.

d. It was designed to overcome the disadvantages of the waterfall model.

It follows a rigid sequential design process

11
New cards

Raul is removing HTML control characters from text that is to be displayed on the screen. What secure coding best practice is he following?

a. Display sanitization

b. Output encoding

c. Screen scraping

d. HTML cleaning

Output encoding

12
New cards

Simpson is using predefined variables as placeholders when querying a database. What secure best coding practice is he following?

a. SQL injection

b. Parameterized query

c. SELECT Targeting

d. Statement containerization

Parameterized query

13
New cards

Which type of code analysis is conducted prior to the source code being compiled?

a. Dynamic code analysis

b. Precompiled code analysis

c. Static code analysis

d. DLDS code analysis

Static code analysis

14
New cards

Ryker has added a new module to an application and now needs to test it to be sure that the new module does not reintroduce any old vulnerabilities. What testing is Ryker performing?

a. Software coding analysis (SCA)

b. Application SDLC verification

c. Code reuse testing

d. Security regression testing

Security regression testing

15
New cards

Which of the following types of NVM cannot be reset once code is written to it?

a. EPROM

b. EEPROM

c. Flash

d. eFuse

efuse

16
New cards

Where does a hardware root of trust security check begin?

a. Software

b. Firmware

c. Hardware

d. Appware

Hardware

17
New cards

Which boot security mode provides the highest degree of security?

a. Measured Boot

b. Trusted Boot

c. UEFI Native Boot

d. ABAD Secure Boot

Measured Boot

18
New cards

Which of the following is a secure area of the processor that guarantees that code and data are loaded inside a special secure area?

a. Sandbox

b. Container

c. Trusted execution

d. Restricted access processor (RAP)

Trusted execution

19
New cards

Which of the following permits a processor to read from a memory location or write to a location during the same data operation?

a. Atomic execution

b. Data protection

c. RAM confinement

d. RAIA

Atomic execution

20
New cards

Which of the following is NOT correct about YARA?

a. It is method of creating a malware signature.

b. It is a proprietary tool.

c. Signatures are encoded as text files.

d. It provides a robust language.

It is a proprietary tool