Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. source/destination IP and Port set to same






2. An object that gets some of its characteristics from a class.






3. Oligomorphic-code similar to polymorphic; but has decryptor that does not show up on signature list; metamorphic; reprograms itself; carries various versions for itself; translates itself into temporary representations and then back to normal code; z






4. A program that claims to be something but turns out to be malicious






5. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






6. Two dimensional tables






7. The component of an expert system that produces a quantitative result based on uncertainties.






8. row






9. Access to data at the same time; both denied






10. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables






11. Current Software Environment ; open source; program






12. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust






13. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke






14. The process of passing a requested method that the object doesn't have to an object that does contain the requested method.






15. identifies hosts that are alive






16. OBDC; JDBC; XML; OLE; ADO






17. Knowledge base comprising modeled human experience.






18. used to keep application developers off of production systems. It can also keep different applications or environments from interfering with each other.






19. A software component in a distributed system that performs a particular service or function. (e.g. Patch management or Host-based intrusion detection systems (HIDS) and performance and capacity monitoring.






20. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






21. Extensible Mark-up language standard for marking data on the web






22. This component enforces access controls on a system






23. Inter Process Communications- mechanisms that facilitate communication between processes or threads






24. Online Analytical Processing






25. A particular object that's a member of a class






26. Unique identifier






27. The tree structure of a collection of objects and classes






28. Object Management group






29. Joint Application Development- management process that allows developers to work directly with users






30. Object Request Broker






31. The part of access control that relates to how finely you can control who can see and manipulate data in which databases and tables and rows and fields.






32. Active-X Data Objects-allows apps to access back-end DB systems






33. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai






34. refers to an application's ability to record every auditable event by describing the event: who made the change and what the change was and when the change was made.






35. Low level computer language.






36. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






37. packets in excess of 65535 bytes sent targeted machine






38. The procedure (code) contained in an object






39. Data is arranged in a tree structure with parent records at the top of the database and a hierarchy of child records in successive layers






40. The process of developing highest-detail designs






41. where the application is developed






42. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.






43. Open Databaes Connectivity






44. A database where records can be networked to other records through paths that are different from the hierarchy itself






45. Virtual machine;restricts the applets access to system resources






46. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






47. Maintenance or programming hook; software entry point that is inserted by programmer; allows developers to bypass normal acces restrictions






48. This component enforces access controls on a system






49. The most effective defense against a buffer overflow attack.






50. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.