Читаем CISSP Practice полностью

Software fault tree analysis is incorrect because its purpose is to demonstrate that the software will not cause a system to reach an unsafe state, and to discover what environmental conditions will allow the system to reach an unsafe state. Software fault tree analysis is often conducted on the program code but can also be applied at other stages of the life cycle process (for example, requirements and design). This analysis is not always applied to all the program code, only to the portion that is safety critical.

Software sneak analysis is incorrect because it is based on sneak circuit analysis, which is used to evaluate electrical circuitry—hence the name software sneak circuit analysis. Sneaks are the latest design conditions or design flaws that have inadvertently been incorporated into electrical, software, and integrated systems designs. They are not caused by component failure.

75. Which of the following provides an assessment of software design quality?

a. Trace system requirements specifications to system requirements in requirements definition documentation.

b. Trace design specifications to system requirements and system requirements specifications to design.

c. Trace source code to design specifications and design specifications to source code.

d. Trace system test cases and test data designs to system requirements.

75. b. The goal is to identify requirements with no design elements (under-design) and design elements with no requirements (over-design). It is too early to assess software design quality during system requirements definition. It is too late to assess software design quality during coding. The goal is to identify design elements with no source code and source codes with no design elements. It is too late to assess software design quality during testing.

76. When executed incorrectly, which of the following nonlocal maintenance and diagnostic activities can expose an organization to potential risks?

a. Using strong authenticators

b. Separating the maintenance sessions from other network sessions

c. Performing remote disconnect verification feature

d. Using physically separated communications paths

76. c. An organization should employ remote disconnect verification feature at the termination of nonlocal maintenance and diagnostic sessions. If this feature is unchecked or performed incorrectly, this can increase the potential risk of introducing malicious software or intrusions due to open ports and protocols. The other three choices do not increase risk exposure. Nonlocal maintenance work is conducted through either an external network (mostly through the Internet) or an internal network.

77. Which of the following factors is an important consideration during application system design and development project?

a. Software safety

b. Completing the project on schedule

c. Spending less than budgeted

d. Documenting all critical work

77. a. Software safety is important compared to the other three choices because lack of safety considerations in a computer-based application system can cause danger or injury to people and damage to equipment and property.

78. A software product has the least impact on:

a. Loss of life

b. Loss of property

c. Loss of physical attributes

d. Loss of quality

78. c. Software is an intangible item with no physical attributes such as color and size. Although software is not a physical product, software products have a major impact on life, health, property, safety, and quality of life. Failure of software can have a serious economic impact such as loss of sales, revenues, and profits.

79. A dangerous misconception about software quality is that:

a. It can be inspected after the system is developed.

b. It can be improved by establishing a formal quality assurance function.

c. It can be improved by establishing a quality assurance library in the system.

d. It is tantamount to testing the software.

79. a. Quality should be designed at the beginning of the software development and maintenance process. Quality cannot be inspected or tested after the system is developed. Most seem to view final testing as quality testing. At best, this is quality control instead of quality assurance, hopefully preventing shipment of a defective product. Quality in the process needs to be improved, and quality assurance is a positive function.