2013 second half of the Software evaluator Exam Analysis-2

Real Title 65: During the test, the correct test sequence should be ()
(1) Unit Test (2) integration Test (3) system test
A. (1) (2) (3)
B. (3) (1) (2)
C. (2) (3) (1)
D. (3) (2) (1)

Analysis: The test process should be for a single module unit test start, and then gradually integrated into the various units, and finally system testing, so the answer to choose a.

Real Title 66: The following is the static test method is ()
A. Branch coverage testing
B. Complexity analysis
C. System pressure test
D. Path Coverage Analysis
Analytical Solution: The test method of software static testing. Static testing does not actually run the software being tested, it mainly evaluates the programming format and structure of the software. The branch coverage analysis, System stress test and path coverage analysis in this subject need to be actually run by the test software to obtain, only the complexity analysis can be achieved through the static Analysis program code, so the answer to choose B.

Real Title 67: The following description of integration testing is incorrect ()
A. After completing the outline design of the software, the integration test plan is started
B. When implementing the integration test, you need to design the required drivers and piles
C. The pile function is the main program of the measured function, which receives the test data and transmits the data to the test function
D. Common test methods for integration include top-down, bottom-up, Big-bang, etc.
Analytic answer: The subject is the integration of testing integration knowledge. The drive module is used to simulate the upper module of the module being tested, and the pile module is used to simulate the module (Next level module) that is called in the working process of the test module, which confuses the concept of the driving module and the pile module, so the answer of the question chooses C.

Real Topic 68: Generating a message digest for a piece of information is the basic method to prevent the information from being tampered with in the network transmission and stored process, () is not the basic algorithm of generating the message digest.
A.md5
B.rsa
C.sha-1
d.sha-256
Analytic solution: The basic algorithm of generating message digest is examined. MD5,SHA-1,SHA-256 is a typical algorithm for generating message digests, and RSA is a common public key encryption algorithm, and the data generated by encryption can be restored, so it is not a method to generate message digests, so the answer to this question is select B.

Real Title 69: The security of software system is an important part of information security, the security test and evaluation of program and data is the important content of software security test, () is not the basic content of the evaluation of security test.
A. user authentication mechanism
B. Encryption mechanism
C. The amount of concurrent users the system can withstand
D. Means of data backup and recovery
Analysis: Security testing and evaluation is an important part of software security testing, its testing and evaluation of the basic content including user authentication mechanism, encryption mechanism, security protection strategy, data backup and recovery means, anti-virus system, and the system can withstand the amount of concurrent users is the basic application load stress test content, So the correct answer to the question is to choose c.

Real Topic 70: Simulation attack experiment is a basic software security testing method, the following description of the simulation attack experiment is correct ().
A. Simulated attack experiments must be done with the aid of a specific vulnerability scanner
B. For the safety test, the simulation attack experiment is a special set of white box test cases, it is necessary to fully understand the system security mechanism of the software composition, in order to carry out the corresponding attack experiment design and experiment
C. Buffer overflow attacks are a common simulation attack experiment in which an attacker typically repeats a message by intercepting a valid message containing identity information or authorization request
D. Service denial of attack is a common simulation attack experiment in which the server function does not perform normally by sending a large number of spurious requests to the server
Analytical solution: The basic principle of simulating attack experiment. Simulation attack experiment is a special case of cartridge test, because it is a cartridge test, it is usually done without the use of the vulnerability scanner, so the selection of A and B is wrong, and the choice of C described should be the basic principle of the simulated replay attack, and therefore is wrong; option D describes the rationale for a denial of service attack , so choose D for the correct answer to the question.

2013 second half of the Software evaluator Exam Analysis-2