Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Allows for successive refinements of requirements; design and coding; requires change control mechanism;prototyping initial concept; desing and implement initial prototype; refine prototype; complete and release

2. exploits flaw in DNS software-no validation of source;provides data to DNS that is not authentication;redirects traffic to an alternate server without victims knowledge

3. Assures that no individuals or objects (such as programs that make requests of databases) have excessive functions on a system.

4. The most effective defense against a buffer overflow attack.

5. one command at a time

6. CMM process unpredictable; poorly ontrolled

7. Open Databaes Connectivity

8. A process of viewing an application from its highest-level functions which makes all lower-level functions into abstractions

9. There is no inherent difference between data and programming instructions representations in memory.

10. Database in one table

11. Virtual table

12. Object Request Broker

13. An application that consists of components on separate and networked systems.

14. A program that claims to be something but turns out to be malicious

15. The packaging of an object. Everything inside the object is hidden

16. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity

17. computer Aided Software Engineering Tools using computers and computer utilities to support software engineering tasks and activities in the process fo developing software-compilers; assemblers; linkers; translators; loaders; debuggers; program edito

18. This component enforces access controls on a system

19. refers to an application's ability to record every auditable event by describing the event: who made the change and what the change was and when the change was made.

20. Combines information from sources to acquire knowledge whe there is a lack of clearance

21. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.

22. A method used to crack computer account passwords by using common words found in a dictionary

23. Enterprise JavaBean

24. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...

25. Refers to the process of combining low-sensitivity data items together resulting in high-sensitivity data.

26. formal processes in place and repeatable


28. Programming based on the concept that after an object is written it can be reused

29. A program that claims to be something but turns out to be malicious

30. Memory management involves allocating memory to a process; reallocating it upon process completion; then re-allocating to a new process- can result in residual information

31. The process that captures actual changes to software code and end-user documentation and operations documentation and disaster recovery planning documentation and anything else that's affected by the change request.

32. A malicious program that spreads by attacking known weaknesses on computer systems.

33. Ensures seperation of duties by ensuring programmers do not have access to production code.

34. A malicious program that's designed to hide itself on the target system in order to evade detection

35. Names of tables; space definitions; views; indexe; clusters; synonyms; user names haing access to the DB;rights and privaleges that have been granted

36. A template that defines the methods and variables to be included in a particular type of object

37. Ideal for web development; allows for basic functionality to be deployed in a quick time frame; maintenance phase begins after deployment; application evolves as the environment changes

38. Attacker sends multiple IP ping requests to a receiving device-likely via a router

39. An object-orientation term that refers to the practice of encapsulating an object within another inorder to hide the first object's functioning details

40. A database whose components exist in multiple physical locations. It is so named because of its location not its design. This type of database can be hierarchical or network or relational or object or any other design.

41. ntentionally implanted loopholes in a syste to detect hackers

42. Similar to a smurf attack; tricks DNS servers to send unwanted traffic to third pary; flooding network connectoin

43. Common Object Reqquest Broker

44. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.

45. Review of certification information; official authorization to place the system in operational use.

46. The steps required to develop a system from conception through implementation; support; and ultimately retirement.

47. Knowledge base comprising modeled human experience.

48. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client

49. Database structure

50. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke