Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai






2. packets in excess of 65535 bytes sent targeted machine






3. row






4. looking for unprotected modems






5. mimic the biological function of the brain






6. How objects communicate with one another






7. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






8. The act of limiting running processes ability to view or modify memory and cache that's assigned to another process.






9. There is no inherent difference between data and programming instructions representations in memory.






10. Joint Application Development- management process that allows developers to work directly with users






11. The packaging of an object. Everything inside the object is hidden






12. A database whose components exist in multiple physical locations. This type of database can be hierarchical or network or relational or object or any other design.






13. The concept refers to the ability of someone to deduce something about sensitive information that's beyond normal reach because of its sensitivity level.






14. A malicious program that's designed to hide itself on the target system in order to evade detection






15. Current Software Environment ; open source; program






16. A program designed to cause damage or execute an event when some computer/network event has occurred.






17. Active-X Data Objects-allows apps to access back-end DB systems






18. A mechanism used to define and store and manipulate data. It contains data used by one or more applications as well as a programming and command interface used to create and manage and administer data.






19. An object that gets some of its characteristics from a class.






20. Distributed Component Object Model-allows apps to access objects on different parts of the network






21. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






22. Database structure






23. The results of an object having received a message






24. A malicious program that spreads by attacking known weaknesses on computer systems.






25. Ensures seperation of duties by ensuring programmers do not have access to production code.






26. Rapid Application Development- rapid prototyping with strict time limits






27. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity






28. used to keep application developers off of production systems. It can also keep different applications or environments from interfering with each other.






29. Maintenance or programming hook; software entry point that is inserted by programmer; allows developers to bypass normal acces restrictions






30. A process of viewing an application from its highest-level functions which makes all lower-level functions into abstractions






31. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.






32. Enterprise JavaBean






33. Ensures seperation of duties by ensuring programmers do not have access to production code.






34. refers to an application's ability to record every auditable event by describing the event: who made the change and what the change was and when the change was made.






35. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






36. Ideal for web development; allows for basic functionality to be deployed in a quick time frame; maintenance phase begins after deployment; application evolves as the environment changes






37. Open Databaes Connectivity






38. formal documents in place and pro-active






39. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






40. reconfigures a system to use the IP of a trusted system-correct with packet filtering techniques






41. Attacker sends multiple IP ping requests to a receiving device-likely via a router






42. Allows one change at a time






43. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!






44. Combines information from sources to acquire knowledge whe there is a lack of clearance






45. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).






46. This component enforces access controls on a system






47. Attribute related to another table






48. Object management architecture






49. comms intercepted etween a authorized user and resource;attacker takes oer the session and assumes the identify of the authorized user






50. Each process has its own memory space