Logo
Home Software-Engineering MCQs Dependability And Security MCQs

Dependability And Security MCQs

Related Categories
1

Static Analysis involves executing a program ?

A. True
B. False

Explanation: Static analysis techniques are system verification techniques that don’t involve executing a program.

Correct Answer: False


Click for More Details
2

Which of the following is a technique covered in Static Analysis ?

Option A: Formal verification

Option B: Model checking

Option C: Automated program analysis

Option D: All of the mentioned

Correct Answer: All of the mentioned


Click for More Details
3

Which of the following is incorrect with respect to Model Checking ?

Option A: Model checking is particularly valuable for verifying concurrent systems

Option B: Model checking is computationally very inexpensive

Option C: The model checker explores all possible paths through the model

Option D: All of the mentioned

Correct Answer: Model checking is computationally very inexpensive


Click for More Details
4

The records of each patient that is receiving or has received treatment resembles which security concept ?

Option A: Asset

Option B: Threat

Option C: Vulnerability

Option D: Control

Correct Answer: Asset


Click for More Details
5

Select the disadvantage of using Formal methods __________?

Option A: Concurrent systems can be analysed to discover race conditions that might lead to deadlock

Option B: Producing a mathematical specification requires a detailed analysis of the requirements

Option C: They require the use of specialised notations that cannot be understood by domain experts

Option D: All of the mentioned

Correct Answer: They require the use of specialised notations that cannot be understood by domain experts


Click for More Details
6

Choose the fault class in which the following automated static analysis check would fall:”Variables declared but never used”?

Option A: Control Faults

Option B: Data Faults

Option C: Input/Output Faults

Option D: Interface faults

Correct Answer: Data Faults


Click for More Details
7

Choose the fault class in which the following automated static analysis check would fall:”Non-usage of the results of functions”?

Option A: Storage management faults

Option B: Data Faults

Option C: Input/Output Faults

Option D: Interface faults

Correct Answer: Interface faults


Click for More Details
8

Which level of Static Analysis allows specific rules that apply to a program to be checked ?

Option A: Characteristic error checking

Option B: User-defined error checking

Option C: Assertion checking

Option D: All of the mentioned

Correct Answer: User-defined error checking


Click for More Details
9

Choose the fault class in which the following automated static analysis check would fall: “Unreachable code”?

Option A: Control Faults

Option B: Data Faults

Option C: Input/Output Faults

Option D: Interface faults

Correct Answer: Control Faults


Click for More Details
10

Static analysis is now routinely used in the development of many safety and security critical systems?

A. True
B. False

Explanation: The static analyzer can discover areas of vulnerability such as buffer overflows or unchecked inputs

Correct Answer: True


Click for More Details
11

Choose the fault class in which the following automated static analysis check would fall:”Pointer Arithmetic” ?

Option A: Storage management faults

Option B: Data Faults

Option C: Input/Output Faults

Option D: Interface faults

Correct Answer: Storage management faults


Click for More Details
12

An impersonation of an authorised user is an example of a security threat ?

A. True
B. False

Explanation: It is a security attack.

Correct Answer: False


Click for More Details
13

Circumstances that have potential to cause loss or harm is known as__________?

Option A: Attack

Option B: Threat

Option C: Vulnerability

Option D: Control

Correct Answer: Threat


Click for More Details
14

A system resource that has a value and has to be protected is known as __________?

Option A: Asset

Option B: Control

Option C: Vulnerability

Option D: None of the mentioned

Correct Answer: Asset


Click for More Details
15

What is Life cycle risk assessment ?

Option A: Risk assessment before the system has been deployed

Option B: Risk assessment while the system is being developed

Option C: All of the mentioned

Option D: None of the mentioned

Correct Answer: All of the mentioned


Click for More Details
16

Security engineering is only concerned with maintenance of systems such that they can resist malicious attacks ?

A. True
B. False

Explanation: Security engineering is concerned with maintenance as well as development of such systems.

Correct Answer: False


Click for More Details
17

Controls that are intended to ensure that attacks are unsuccessful is analogous to __________ in dependability engineering?

Option A: Fault avoidance

Option B: Fault tolerance

Option C: Fault detection

Option D: Fault Recovery

Correct Answer: Fault avoidance


Click for More Details
18

What are security controls ?

Option A: Controls that are intended to ensure that attacks are unsuccessful

Option B: Controls that are intended to detect and repel attacks

Option C: Controls that are intended to support recovery from problems

Option D: All of the mentioned

Correct Answer: All of the mentioned


Click for More Details
19

Which of the following is a layer of protection for Security ?

Option A: Platform-level protection

Option B: Application-level protection

Option C: Record-level protection

Option D: All of the mentioned

Correct Answer: All of the mentioned


Click for More Details
20

Which of the following is a bad practice of Dependable programming ?

Option A: Limit the visibility of information in a program

Option B: Check array bounds

Option C: Check all inputs for validity

Option D: None of the mentioned

Correct Answer: Check array bounds


Click for More Details
21

Which of the following is not a Protection system ?

Option A: System to stop a train if it passes a red light

Option B: System to indicate not returning of the library book

Option C: System to shut down a reactor if temperature/pressure are too high

Option D: None of the mentioned

Correct Answer: System to indicate not returning of the library book


Click for More Details
22

Exception handling is a mechanism to provide some fault avoidance ?

A. True
B. False

Explanation: Exception handling is a mechanism to provide some fault tolerance.

Correct Answer: False


Click for More Details
23

What is a Range check ?

Option A: Check that the input does not exceed some maximum size e.g. 40 characters for a name

Option B: Check that the input falls within a known range

Option C: Use information about the input to check if it is reasonable rather than an extreme value

Option D: None of the mentioned

Correct Answer: Check that the input falls within a known range


Click for More Details
24

The use of a well-defined, repeatable process is essential if faults in a system are to be minimized ?

A. True
B. False

Explanation: The answer is self explanatory.

Correct Answer: True


Click for More Details
25

What is the term for a system that is designed such that the faults in the delivered software do not result in system failure ?

Option A: Fault Avoidance

Option B: Fault detection

Option C: Fault tolerance

Option D: None of the mentioned

Correct Answer: Fault tolerance


Click for More Details
26

What is the term for development process organised such that faults in the system are detected and repaired before delivery to the customer ?

Option A: Fault Avoidance

Option B: Fault detection

Option C: Fault tolerance

Option D: None of the mentioned

Correct Answer: Fault Avoidance


Click for More Details
27

Which of the following is a Strategy to achieve Software diversity ?

Option A: Different programming languages

Option B: Different design methods and tools

Option C: Explicit specification of different algorithms

Option D: All of the mentioned

Correct Answer: All of the mentioned


Click for More Details
28

Which process characteristic with respect to Dependability Engineering is mentioned by the statement: “The process should be understandable by people apart from process participants” ?

Option A: Diverse

Option B: Documentable

Option C: Auditable

Option D: None of the mentioned

Correct Answer: Auditable


Click for More Details
29

Which of the following examples does not involve dependability engineering ?

Option A: Medical Systems

Option B: Power Systems

Option C: Library Management

Option D: Telecommunications

Correct Answer: Library Management


Click for More Details
30

Consider a case where the failure of the system causes damage to the system itself or it data. What type of failure is being described here ?

Option A: Loss of service

Option B: Incorrect service delivery

Option C: System/data corruption

Option D: None of the mentioned

Correct Answer: System/data corruption


Click for More Details
31

At which stage of risk analysis specification, the additional security requirements take account of the technologies used in building the system and system design and implementation decisions ?

Option A: Preliminary risk analysis

Option B: Life-cycle risk analysis

Option C: Operational risk analysis

Option D: All of the mentioned

Correct Answer: Life-cycle risk analysis


Click for More Details
32

Which reliability metric sets out the probable number of system failures that are likely to be observed relative to a certain time period ?

Option A: POFOD

Option B: ROCOF

Option C: AVAIL

Option D: None of the mentioned

Correct Answer: ROCOF


Click for More Details
33

To specify security requirements, one should identify the risks that are to be dealt with ?

A. True
B. False

Explanation: To specify security requirements, one should identify the assets that are to be dealt with.

Correct Answer: False


Click for More Details
34

Which reliability requirements are concerned with maintaining copies of the system ?

Option A: Checking requirements

Option B: Recovery requirements

Option C: Redundancy requirements

Option D: Ambiguous requirements

Correct Answer: Recovery requirements


Click for More Details
35

Which of the following is not a functional reliability requirement for a system ?

Option A: Checking requirements

Option B: Recovery requirements

Option C: Redundancy requirements

Option D: Ambiguous requirements

Correct Answer: Ambiguous requirements


Click for More Details
36

POFOD stands for__________?

Option A: Possibility of failure of data

Option B: Probability of failure of data

Option C: Possibility of failure on demand

Option D: Probability of failure on demand

Correct Answer: Probability of failure on demand


Click for More Details
37

How many stages are there in Risk-driven requirements specification ?

Option A: three

Option B: four

Option C: five

Option D: six

Correct Answer: four


Click for More Details
38

An event that occurs at some point in time when the system does not deliver a service as expected by its users is called __________?

Option A: Human error or mistake

Option B: System fault

Option C: System error

Option D: System failure

Correct Answer: System failure


Click for More Details
39

Consider a case where the system is unavailable and cannot deliver its services to users. What type of failure is being described here ?

Option A: Loss of service

Option B: Incorrect service delivery

Option C: System/data corruption

Option D: None of the mentioned

Correct Answer: Loss of service


Click for More Details
40

A weakness in a computer-based system that may be exploited to cause loss or harm is known as ?

Option A: Vulnerability

Option B: Attack

Option C: Threat

Option D: Exposure

Correct Answer: Vulnerability


Click for More Details
41

A password checking system that disallows user passwords that are proper names or words that are normally included in a dictionary is an example of __________ with respect to security systems?

Option A: risk

Option B: control

Option C: attack

Option D: asset

Correct Answer: control


Click for More Details
42

An assessment of the worst possible damage that could result from a particular hazard is known as __________?

Option A: Risk

Option B: Hazard probability

Option C: Hazard severity

Option D: Mishap

Correct Answer: Hazard severity


Click for More Details
43

An erroneous system state that can lead to system behavior that is unexpected by system users is known as__________?

Option A: Human error or mistake

Option B: System fault

Option C: System error

Option D: System failure

Correct Answer: System error


Click for More Details
44

The safety of a system is a system attribute that reflects the system’s ability to operate, normally or abnormally, without injury to people or damage to the environment ?

A. True
B. False

Explanation: None.

Correct Answer: True


Click for More Details
45

A chemical plant system may detect excessive pressure and open a relief valve to reduce these pressures before an explosion occurs. What kind of dependability and security issue the example states ?

Option A: Hazard avoidance

Option B: Damage limitation

Option C: Hazard detection

Option D: Hazard detection and removal

Correct Answer: Hazard detection


Click for More Details
46

An aircraft engine normally includes automatic fire extinguishers.What kind of dependability and security issue the example states ?

Option A: Hazard avoidance

Option B: Damage limitation

Option C: Hazard detection

Option D: Hazard detection and removal

Correct Answer: Damage limitation


Click for More Details
47

A characteristic of a software system that can lead to a system error is known as __________ ?

Option A: Human error or mistake

Option B: System fault

Option C: System error

Option D: System failure

Correct Answer: System fault


Click for More Details
48

Which of the following terms is a measure of the probability that the system will cause an accident ?

Option A: Risk

Option B: Hazard probability

Option C: Accident

Option D: Damage

Correct Answer: Risk


Click for More Details