Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!

2. Requirements built on what is available; built on assumptions on how system might work; consists of planning and trying different designs before development -not cost effective- results in less than optimal systems

3. Open Databaes Connectivity

4. where the application is developed

5. formal processes in place and repeatable

6. Object Linking and Embedding; access to data no matter the location or format

7. A database where records can be networked to other records through paths that are different from the hierarchy itself

8. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.

9. is a high-level description of a system--typically containing no details.

10. Refers to not being able to place code in a string and then executing it;arrays stay in bounds;pointers are always valid; code cannot violate variable timing

11. Technical evaluation of security compliance

12. The results of an object having received a message

13. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers

14. Common Object Reqquest Broker

15. Names of tables; space definitions; views; indexe; clusters; synonyms; user names haing access to the DB;rights and privaleges that have been granted

16. The process of detecting certain anomalous behavior to prevent viruses

17. Active-X Data Objects-allows apps to access back-end DB systems

18. Database in one table

19. Ensures data does not exceed maximum values; manages data types; formats; and lengths

20. An object that gets some of its characteristics from a class.

21. Java Database connectivity-allows Java apps to communicate to DB

22. Programming based on the concept that after an object is written it can be reused

23. Data is arranged in a tree structure with parent records at the top of the database and a hierarchy of child records in successive layers

24. Data is arranged in a tree structure - with parent records at the top of the database - and a hierarchy of child records in successive layers

25. Signature based detection; heuristic based detection;hoaxes;logic bomb;trojan horse;worm;agents/bots;spyware

26. A security architecture concept wherein multiple separate mechanisms form protective layers around assets that require protection.

27. Ensures seperation of duties by ensuring programmers do not have access to production code.

28. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.

29. Systems Development Life Cycle- project management framework; used to plan execute and control a software development project

30. A method used to crack computer account passwords by using common words found in a dictionary

31. involves using standardized building blocks to assemble rather than develop application; may be security advantage as the components previously tested for security similar to OOP

32. one block at a time

33. A malicious program that's designed to hide itself on the target system in order to evade detection

34. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke

35. Data in more thatn one DB

36. An application that consists of components on separate and networked systems.

37. A program designed to cause damage or execute an event when some computer/network event has occurred.

38. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.

39. The last step in the design process in which a group of experts examine the detailed designs

40. software transmitted across the network to a local system and executed on that system Java applets; active X controls; Scripts/plug-ins

41. Assures that no individuals or objects (such as programs that make requests of databases) have excessive functions on a system.

42. An object-orientation term that refers to the practice of encapsulating an object within another inorder to hide the first object's functioning details

43. Attributes identifying a record

44. This component enforces access controls on a system

45. A mechanism used to define and store and manipulate data. It contains data used by one or more applications as well as a programming and command interface used to create and manage and administer data.

46. Maintenance or programming hook; software entry point that is inserted by programmer; allows developers to bypass normal acces restrictions

47. looking for unprotected modems

48. Write good code the first time; controls defects in software; quality achieved through design versus testing and remediation;

49. The process of starting an instance

50. Refers to the process of combining low-sensitivity data items together resulting in high-sensitivity data.