Software Engineering Exam 2 Review Flashcards

A comprehensive set of flashcards based on key concepts and terminology from Software Engineering Exam 2 notes across multiple chapters.

What is the core principle of Confidentiality in secure software development?

Ensures that only authorized individuals or systems can access sensitive information.

What security measures support Confidentiality?

Access control mechanisms, encryption techniques, and data loss prevention strategies.

What does Integrity guarantee in software systems?

The accuracy and completeness of data, preventing unauthorized modification or deletion.

Which tools are used to ensure Integrity?

Digital signatures, hashing algorithms, and version control systems.

What is Availability in the context of secure software development?

Ensures that authorized users can access information and resources when needed.

What advanced techniques support Availability?

Redundancy, failover mechanisms, disaster recovery planning, and load balancing.

What is Infrastructure Security focused on?

Securing the underlying infrastructure such as networks, servers, and physical security.

What advanced topics are included in Infrastructure Security?

Network segmentation, zero-trust security models, and cloud security architectures.

What is the focus of Application Security?

Securing individual applications through secure coding practices and input validation.

What advanced concepts are part of Application Security?

Secure design patterns, penetration testing, and static/dynamic code analysis.

What does Operational Security emphasize?

Secure operation and use of systems, including security policies and user training.

What are the advanced topics in Operational Security?

Security awareness training, compliance with regulations, and security information management.

What is an Asset in security terminology?

Something of value that needs protection, like data or hardware.

What is an Attack in cybersecurity?

An exploitation of a system's vulnerability.

What does a Control do in cybersecurity?

A protective measure that reduces a system's vulnerability.

What does Exposure mean in security terminology?

Possible loss or harm to a computing system.

What is a Threat in the context of cybersecurity?

Circumstances that have the potential to cause loss or harm.

What is a Vulnerability?

A weakness in a computer-based system that may be exploited.

What is Authentication in security?

Verifying the identity of a user, device, or other entity.

What determines Authorization?

The permissions or access rights a user or entity is allowed.

Name the four types of Threats identified in cybersecurity.

Interception, interruption, modification, and fabrication.

What does Interception refer to in cybersecurity?

Unauthorized access to an asset.

What does Modification involve in cybersecurity threats?

Tampering with a system asset.

What does Fabrication mean in cybersecurity?

Inserting false information into a system.

What are the key concepts in Secure Systems Design?

Architectural design, design compromises, risk assessment, protection requirements, and distribution.

How does a layered architecture impact security?

It provides clear separation of concerns, enhancing security.

What is Protection Requirements in secure software development?

Defines how the system should protect its assets.

What are the goals of Security Testing?

To verify the system's ability to resist attacks.

What is Security Validation?

Demonstrating that the system meets its security requirements.

What is Experience-Based Testing?

Testing based on known attack patterns and vulnerabilities.

What is Penetration Testing?

Simulating real-world attacks to identify vulnerabilities.

What does Tool-Based Analysis involve?

Using automated tools to analyze the system for vulnerabilities.

What is Formal Verification?

Mathematically proving the system's security properties.

List the steps in the Software Evolution Process.

Change requests, impact analysis, fault repair, release planning, platform adaptation, change implementation, system enhancement, and system release.

What is an Emergency Repair Process?

Streamlined approach for implementing urgent changes.

What is a Legacy System?

An older system relying on outdated languages and technologies.

What are the main components of a Legacy System?

System hardware, support software, application data, business processes.

Name the strategies for Legacy System Management.

Scrap, maintain, transform, and replace.

What is the purpose of Software Reuse?

Using existing software components to build new software.

What are the benefits of Software Reuse?

Accelerated development, effective use of specialists, increased dependability, reduced development costs.

What challenges do Software Reuse practices face?

Maintaining component libraries, adapting components, increasing maintenance costs.

What is an Application Framework?

A set of software artifacts that collaborate to provide a reusable architecture.

What are Software Product Lines?

Families of related applications sharing a common architecture.

What does SOA stand for?

Service-Oriented Architecture.

What is the main focus of SOA?

Enabling applications composed of discrete, self-contained services.

What are the advantages of adopting a Service-Oriented Architecture?

Loose coupling, reusability, and scalability.

What is meant by Loose Coupling in SOA?

Minimizing dependencies between services.

What does the Service Registry do?

Stores information about available services for discovery.

What is Service Composition?

The process of combining multiple services to create a new service or application.

What are Workflows in the context of service-oriented software?

Logical sequences that model a business process.

What challenges are associated with Service Testing?

External dependencies, dynamic binding, and unpredictable non-functional behavior.

Define Static Metrics in software measurement.

Metrics measured without executing the software.

Define Dynamic Metrics in software measurement.

Metrics that require executing the software to assess.

What is the COCOMO model used for?

Estimating effort required for software development.

What factors influence software pricing?

Contractual terms, cost estimate uncertainty, financial health, market opportunity.

What primary factors are considered in Risk Management?

Identifying, analyzing, planning for, and monitoring risks.

What key differentiates Agile planning from Plan-driven development?

Agile is iterative while plan-driven is meticulously planned upfront.

What is the significance of proposals in project management?

They outline project objectives and execution methods to secure funding.

What does Software Quality encompass?

Meeting specified requirements and fulfilling its intended purpose.

What is meant by Fitness for Purpose?

The system fulfilling user needs beyond strict specification compliance.

What key attributes define Software Quality?

Reliability, usability, efficiency, maintainability, security, robustness, and reusability.

What does the term 'Technical Debt' refer to?

The implied cost of future refactoring due to poor design choices.

How do Agile practices differ from traditional quality management?

Agile emphasizes a culture of quality and team responsibility, while traditional methods rely on documentation.

What is the purpose of software metrics?

To assess quality, pinpoint problems, and improve processes.

What is the importance of the ISO 9001 standard?

Provides a quality management framework, though it's often critiqued for focusing too much on conformity.

How can statistical models assist in maintenance prediction?

They can provide insights into which parts of a system may cause future problems.

What is Service-Oriented Development?

Developing systems by linking shared services for interoperability.

What is the role of tools in Software Analytics?

To analyze datasets to gain insights for decision-making.

What is Configuration Management in software?

Managing software versions and changes throughout the lifecycle.

Why is effective communication important in project management?

It ensures clarity and coordination among team members and stakeholders.

What is the purpose of a Risk Analysis in project management?

To assess risks' likelihood and consequences for better planning.

What are the two primary types of software metrics?

Product metrics and process metrics.