Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Allows for successive refinements of requirements; design and coding; requires change control mechanism;prototyping initial concept; desing and implement initial prototype; refine prototype; complete and release






2. exploits flaw in DNS software-no validation of source;provides data to DNS that is not authentication;redirects traffic to an alternate server without victims knowledge






3. Assures that no individuals or objects (such as programs that make requests of databases) have excessive functions on a system.






4. The most effective defense against a buffer overflow attack.






5. one command at a time






6. CMM process unpredictable; poorly ontrolled






7. Open Databaes Connectivity






8. A process of viewing an application from its highest-level functions which makes all lower-level functions into abstractions






9. There is no inherent difference between data and programming instructions representations in memory.






10. Database in one table






11. Virtual table






12. Object Request Broker






13. An application that consists of components on separate and networked systems.






14. A program that claims to be something but turns out to be malicious






15. The packaging of an object. Everything inside the object is hidden






16. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity






17. computer Aided Software Engineering Tools using computers and computer utilities to support software engineering tasks and activities in the process fo developing software-compilers; assemblers; linkers; translators; loaders; debuggers; program edito






18. This component enforces access controls on a system






19. refers to an application's ability to record every auditable event by describing the event: who made the change and what the change was and when the change was made.






20. Combines information from sources to acquire knowledge whe there is a lack of clearance






21. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.






22. A method used to crack computer account passwords by using common words found in a dictionary






23. Enterprise JavaBean






24. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






25. Refers to the process of combining low-sensitivity data items together resulting in high-sensitivity data.






26. formal processes in place and repeatable






27. OBDC; JDBC; XML; OLE; ADO






28. Programming based on the concept that after an object is written it can be reused






29. A program that claims to be something but turns out to be malicious






30. Memory management involves allocating memory to a process; reallocating it upon process completion; then re-allocating to a new process- can result in residual information






31. The process that captures actual changes to software code and end-user documentation and operations documentation and disaster recovery planning documentation and anything else that's affected by the change request.






32. A malicious program that spreads by attacking known weaknesses on computer systems.






33. Ensures seperation of duties by ensuring programmers do not have access to production code.






34. A malicious program that's designed to hide itself on the target system in order to evade detection






35. Names of tables; space definitions; views; indexe; clusters; synonyms; user names haing access to the DB;rights and privaleges that have been granted






36. A template that defines the methods and variables to be included in a particular type of object






37. Ideal for web development; allows for basic functionality to be deployed in a quick time frame; maintenance phase begins after deployment; application evolves as the environment changes






38. Attacker sends multiple IP ping requests to a receiving device-likely via a router






39. An object-orientation term that refers to the practice of encapsulating an object within another inorder to hide the first object's functioning details






40. A database whose components exist in multiple physical locations. It is so named because of its location not its design. This type of database can be hierarchical or network or relational or object or any other design.






41. ntentionally implanted loopholes in a syste to detect hackers






42. Similar to a smurf attack; tricks DNS servers to send unwanted traffic to third pary; flooding network connectoin






43. Common Object Reqquest Broker






44. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.






45. Review of certification information; official authorization to place the system in operational use.






46. The steps required to develop a system from conception through implementation; support; and ultimately retirement.






47. Knowledge base comprising modeled human experience.






48. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client






49. Database structure






50. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke