Dependability & Security Mcqs for Software Engineering - Set 1

1)   Static Analysis involves executing a program ?

a. True
b. False
Answer  Explanation 

ANSWER: False

Explanation:
Static analysis techniques are system verification techniques that don’t involve executing a program.


2)   Which of the following is a technique covered in Static Analysis ?

a. Formal verification
b. Model checking
c. Automated program analysis
d. All of the mentioned
Answer  Explanation 

ANSWER: All of the mentioned

Explanation:
No explanation is available for this question!


3)   Which of the following is incorrect with respect to Model Checking ?

a. Model checking is particularly valuable for verifying concurrent systems
b. Model checking is computationally very inexpensive
c. The model checker explores all possible paths through the model
d. All of the mentioned
Answer  Explanation 

ANSWER: Model checking is computationally very inexpensive

Explanation:
Model checking is very expensive.It is only practical to use it in the verification of small to medium sized critical systems.


4)   The records of each patient that is receiving or has received treatment resembles which security concept ?

a. Asset
b. Threat
c. Vulnerability
d. Control
Answer  Explanation 

ANSWER: Asset

Explanation:
Asset is a system resource that has a value and has to be protected.


5)   Select the disadvantage of using Formal methods ___________________?

a. Concurrent systems can be analysed to discover race conditions that might lead to deadlock
b. Producing a mathematical specification requires a detailed analysis of the requirements
c. They require the use of specialised notations that cannot be understood by domain experts
d. All of the mentioned
Answer  Explanation 

ANSWER: They require the use of specialised notations that cannot be understood by domain experts

Explanation:
No explanation is available for this question!


6)   Choose the fault class in which the following automated static analysis check would fall:”Variables declared but never used”?

a. Control Faults
b. Data Faults
c. Input/Output Faults
d. Interface faults
Answer  Explanation 

ANSWER: Data Faults

Explanation:
No explanation is available for this question!


7)   Choose the fault class in which the following automated static analysis check would fall:”Non-usage of the results of functions”?

a. Storage management faults
b. Data Faults
c. Input/Output Faults
d. Interface faults
Answer  Explanation 

ANSWER: Interface faults

Explanation:
No explanation is available for this question!


8)   Which level of Static Analysis allows specific rules that apply to a program to be checked ?

a. Characteristic error checking
b. User-defined error checking
c. Assertion checking
d. All of the mentioned
Answer  Explanation 

ANSWER: User-defined error checking

Explanation:
Users of a programming language define error patterns, thus extending the types of error that can be detected.


9)   Choose the fault class in which the following automated static analysis check would fall: “Unreachable code”?

a. Control Faults
b. Data Faults
c. Input/Output Faults
d. Interface faults
Answer  Explanation 

ANSWER: Control Faults

Explanation:
No explanation is available for this question!


10)   Static analysis is now routinely used in the development of many safety and security critical systems?

a. True
b. False
Answer  Explanation 

ANSWER: True

Explanation:
The static analyzer can discover areas of vulnerability such as buffer overflows or unchecked inputs