Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. should be required procedures for changing; accepting; and testing software-management approval-change management; config management






2. Ensures data does not exceed maximum values; manages data types; formats; and lengths






3. Attributes identifying a record






4. Object Request Broker






5. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






6. Signature based detection; heuristic based detection;hoaxes;logic bomb;trojan horse;worm;agents/bots;spyware






7. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






8. Ensures seperation of duties by ensuring programmers do not have access to production code.






9. A list of characteristics that can be created in the real world.






10. OBDC; JDBC; XML; OLE; ADO






11. refers to an application's ability to record every auditable event by describing the event: who made the change and what the change was and when the change was made.






12. The packaging of an object. Everything inside the object is hidden






13. The ability to hide implementation details behind a common message interface






14. focused on continuous process improvement






15. Inter Process Communications- mechanisms that facilitate communication between processes or threads






16. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).






17. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






18. Records structured in heirarchy






19. Attribute related to another table






20. steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance






21. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






22. Distributed Component Object Model-allows apps to access objects on different parts of the network






23. identifies hosts that are alive






24. There is no inherent difference between data and programming instructions representations in memory.






25. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client






26. Database structure






27. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke






28. Data is arranged in a tree structure with parent records at the top of the database and a hierarchy of child records in successive layers






29. ntentionally implanted loopholes in a syste to detect hackers






30. How objects communicate with one another






31. source/destination IP and Port set to same






32. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.






33. A method used to crack computer account passwords by using common words found in a dictionary






34. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.






35. Combines information from sources to acquire knowledge whe there is a lack of clearance






36. where the application is developed






37. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.






38. Channel allowing two cooperating processes to transfer info in a way it violated sec policy; either storage; one process writes; another process reads or timing one process relays info to another by modulating its use of sys resources






39. Knowledge base comprising modeled human experience.






40. Virtual machine;restricts the applets access to system resources






41. Conceal a lower level processes from higher level processes






42. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.






43. Knowledge base comprising modeled human experience.






44. A mechanism used to define and store and manipulate data. It contains data used by one or more applications as well as a programming and command interface used to create and manage and administer data.






45. The steps required to develop a system from conception through implementation; support; and ultimately retirement.






46. The procedure (code) contained in an object






47. Two dimensional tables






48. software transmitted across the network to a local system and executed on that system Java applets; active X controls; Scripts/plug-ins






49. A malicious program that spreads by attacking known weaknesses on computer systems.






50. Unique identifier