During vulnerability scanning, which of the following is NOT typically identified: outdated software, network configurations, application bugs, or employee salaries?
- Application Bugs
- Employee Salaries
- Network Configurations
- Outdated Software
Vulnerability scanning is used to identify potential vulnerabilities in system configurations, software, and applications. It does not involve accessing sensitive company information like employee salaries. The main goal is to highlight technical flaws and offer insights into potential areas of improvement.
The process of deciding how to approach and plan areas of risk in the project is known as risk _______.
- identification
- management
- mitigation
- response
The term "risk response" refers to the process of deciding how to approach, address, and handle identified risks in a project. It includes actions like accepting the risk, transferring it, mitigating it, or avoiding it. Effective risk response planning ensures that risks are managed proactively.
You are tasked with automating a frequently changing application. What scripting technique would be most effective in minimizing maintenance overhead?
- Data-driven testing
- Hard coding values
- Keyword-driven testing
- Using a record-and-playback tool
Keyword-driven testing uses a set of custom keywords to represent different actions or functionalities in a test, making the scripts more modular and easier to maintain. When an application changes frequently, this approach allows for centralized modifications, reducing the overhead associated with each change as opposed to hard coding or simple record-and-playback techniques.
End-to-end testing typically involves testing the application from the user's perspective and ensuring that data flows correctly across _______.
- databases
- interfaces
- modules
- platforms
End-to-end testing focuses on verifying data flow and functionalities across interfaces. It ensures that data flows smoothly throughout the application and between integrated systems or components, mimicking real-world scenarios from the user's perspective.
The method where all developed modules are combined together to check the completeness of software is called _______ integration testing.
- Big Bang
- Bottom-Up
- Sandwich
- Top-Down
Big Bang integration testing is where all or most of the modules that are developed are integrated simultaneously and then tested. While it might seem efficient, this method can lead to challenges in identifying the root cause of defects.
The black-box testing technique which is specifically based on system models, such as state-transition diagrams or flowgraphs, is called _______ testing.
- Boundary Value
- Functional
- Regression
- State-transition
State-transition testing is a black-box testing technique that's based on system models. It uses state-transition diagrams or flowgraphs to capture system behavior. Test cases can then be designed to cover state transitions, ensuring that the system behaves as expected when transitioning from one state to another.
How does Configuration Management support the maintenance phase of a software product?
- By automating code deployment
- By detecting code vulnerabilities
- By facilitating code reviews
- By tracking product versions
During the maintenance phase, the software may undergo several updates or patches. Configuration Management supports this phase by keeping track of various product versions and ensuring that any changes or fixes are made to the correct version, minimizing risks and ensuring the product's integrity.
Which type of testing focuses on the interfaces between units and components?
- Functional Testing
- Interface Testing
- System Testing
- Unit Testing
Interface Testing specifically focuses on ensuring that the interfaces or interactions between units or components work correctly. This includes checking data flow, error conditions, and coordination processes between interconnected modules.
Which type of attack tries multiple combinations of credentials to gain unauthorized access and can be detected through security testing?
- Brute Force Attack
- Cross-Site Scripting
- Phishing Attack
- SQL Injection
A Brute Force Attack involves cybercriminals systematically attempting all possible combinations of passwords or encryption keys until the correct one is found. Through security testing, repeated failed login attempts or unusual system calls can be detected, signifying potential brute force attempts.
Consider you are a security tester for a new web application. You identify a potential vulnerability that allows for data injection into the system. What type of vulnerability have you likely found?
- Buffer Overflow
- Cross-site Scripting (XSS)
- Distributed Denial of Service (DDoS)
- SQL Injection
SQL Injection is a type of vulnerability that allows attackers to inject malicious SQL code into an application, thereby gaining unauthorized access to a database and fetching/altering its contents. While XSS and Buffer Overflows are vulnerabilities, they aren't typically associated with direct data injection into databases.