Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!






2. Requirements built on what is available; built on assumptions on how system might work; consists of planning and trying different designs before development -not cost effective- results in less than optimal systems






3. Open Databaes Connectivity






4. where the application is developed






5. formal processes in place and repeatable






6. Object Linking and Embedding; access to data no matter the location or format






7. A database where records can be networked to other records through paths that are different from the hierarchy itself






8. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






9. is a high-level description of a system--typically containing no details.






10. Refers to not being able to place code in a string and then executing it;arrays stay in bounds;pointers are always valid; code cannot violate variable timing






11. Technical evaluation of security compliance






12. The results of an object having received a message






13. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






14. Common Object Reqquest Broker






15. Names of tables; space definitions; views; indexe; clusters; synonyms; user names haing access to the DB;rights and privaleges that have been granted






16. The process of detecting certain anomalous behavior to prevent viruses






17. Active-X Data Objects-allows apps to access back-end DB systems






18. Database in one table






19. Ensures data does not exceed maximum values; manages data types; formats; and lengths






20. An object that gets some of its characteristics from a class.






21. Java Database connectivity-allows Java apps to communicate to DB






22. Programming based on the concept that after an object is written it can be reused






23. Data is arranged in a tree structure with parent records at the top of the database and a hierarchy of child records in successive layers






24. Data is arranged in a tree structure - with parent records at the top of the database - and a hierarchy of child records in successive layers






25. Signature based detection; heuristic based detection;hoaxes;logic bomb;trojan horse;worm;agents/bots;spyware






26. A security architecture concept wherein multiple separate mechanisms form protective layers around assets that require protection.






27. Ensures seperation of duties by ensuring programmers do not have access to production code.






28. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.






29. Systems Development Life Cycle- project management framework; used to plan execute and control a software development project






30. A method used to crack computer account passwords by using common words found in a dictionary






31. involves using standardized building blocks to assemble rather than develop application; may be security advantage as the components previously tested for security similar to OOP






32. one block at a time






33. A malicious program that's designed to hide itself on the target system in order to evade detection






34. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke






35. Data in more thatn one DB






36. An application that consists of components on separate and networked systems.






37. A program designed to cause damage or execute an event when some computer/network event has occurred.






38. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






39. The last step in the design process in which a group of experts examine the detailed designs






40. software transmitted across the network to a local system and executed on that system Java applets; active X controls; Scripts/plug-ins






41. Assures that no individuals or objects (such as programs that make requests of databases) have excessive functions on a system.






42. An object-orientation term that refers to the practice of encapsulating an object within another inorder to hide the first object's functioning details






43. Attributes identifying a record






44. This component enforces access controls on a system






45. A mechanism used to define and store and manipulate data. It contains data used by one or more applications as well as a programming and command interface used to create and manage and administer data.






46. Maintenance or programming hook; software entry point that is inserted by programmer; allows developers to bypass normal acces restrictions






47. looking for unprotected modems






48. Write good code the first time; controls defects in software; quality achieved through design versus testing and remediation;






49. The process of starting an instance






50. Refers to the process of combining low-sensitivity data items together resulting in high-sensitivity data.