Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The component of an expert system that produces a quantitative result based on uncertainties.

2. Virtual table

3. Inter Process Communications- mechanisms that facilitate communication between processes or threads

4. Java Database connectivity-allows Java apps to communicate to DB

5. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai

6. Number of columns

7. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.

8. Combines information from sources to acquire knowledge whe there is a lack of clearance

9. Encrypt cookies; do not use sequential; calculable; or predictable cookies; session numbers or URL data; do not cache secure pages; do not automatically trust data use input validation

10. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client

11. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables

12. Enterprise JavaBean

13. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.

14. A software component in a distributed system that performs a particular service or function. (e.g. Patch management or Host-based intrusion detection systems (HIDS) and performance and capacity monitoring.

15. identifies hosts that are alive

16. A malicious program that's designed to hide itself on the target system in order to evade detection

17. Oligomorphic-code similar to polymorphic; but has decryptor that does not show up on signature list; metamorphic; reprograms itself; carries various versions for itself; translates itself into temporary representations and then back to normal code; z

18. An object-orientation term that refers to the practice of encapsulating an object within another inorder to hide the first object's functioning details

19. A process of viewing an application from its highest-level functions which makes all lower-level functions into abstractions

20. Interface Definition Language

21. A program designed to cause damage or execute an event when some computer/network event has occurred.

22. Online Analytical Processing

23. reconfigures a system to use the IP of a trusted system-correct with packet filtering techniques

24. Initiating- oultine business reasons for change; diagnosing analyze state of the organization; make recommendations for change; establishing- develop a plan of action to achieve change Acting-develop solutions; test refine;; implement Learning- analy

25. involves using standardized building blocks to assemble rather than develop application; may be security advantage as the components previously tested for security similar to OOP

26. Assembly to machine

27. The formal evaluation of the system.

28. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.

29. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client

30. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.

31. mimic the biological function of the brain

32. Programming based on the concept that after an object is written it can be reused

33. Access to data at the same time; both denied

34. should be required procedures for changing; accepting; and testing software-management approval-change management; config management

35. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?

36. Bypass front end controls

37. Open Databaes Connectivity

38. The system is approved to be put into production

39. Joint Application Development- management process that allows developers to work directly with users

40. A list of characteristics that can be created in the real world.

41. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null

42. The process that captures actual changes to software code and end-user documentation and operations documentation and disaster recovery planning documentation and anything else that's affected by the change request.

43. Each process has its own memory space

44. A method used to crack computer account passwords by using common words found in a dictionary

45. The concept refers to the ability of someone to deduce something about sensitive information that's beyond normal reach because of its sensitivity level.

46. The last step in the design process in which a group of experts examine the detailed designs

47. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.

48. Data in more thatn one DB

49. software transmitted across the network to a local system and executed on that system Java applets; active X controls; Scripts/plug-ins

50. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.