Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Attacks employing specially crafted user input-unicode format for a browser URL that bypasses firewall rulessets ;structured query language queries in the borwser URL box






2. focused on continuous process improvement






3. packets in excess of 65535 bytes sent targeted machine






4. The most effective defense against a buffer overflow attack.






5. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






6. Unique identifier






7. The formal evaluation of the system.






8. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






9. A process used to avoid collisions in which two or more programs may be trying to update the same table or row at the same time.






10. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.






11. Review of certification information; official authorization to place the system in operational use.






12. Combines data from multiple databases;data is extracted and transferred to central store;OLAP






13. Database in one table






14. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.






15. Virtual table






16. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!






17. A database where records can be networked to other records through paths that are different from the hierarchy itself






18. A program that claims to be something but turns out to be malicious






19. An application that consists of components on separate and networked systems.






20. White box logical testing line by line; black box; examines input and output without access to program/gray box examines input and output of a program having access to the code; but not anaylzing the internal logic






21. There is no inherent difference between data and programming instructions representations in memory.






22. Ideal for web development; allows for basic functionality to be deployed in a quick time frame; maintenance phase begins after deployment; application evolves as the environment changes






23. The tree structure of a collection of objects and classes






24. An application that consists of components on separate and networked systems.






25. refers to an application's ability to record every auditable event by describing the event: who made the change and what the change was and when the change was made.






26. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust






27. Ensures data does not exceed maximum values; manages data types; formats; and lengths






28. Number of columns






29. Channel allowing two cooperating processes to transfer info in a way it violated sec policy; either storage; one process writes; another process reads or timing one process relays info to another by modulating its use of sys resources






30. A method used to crack computer account passwords by using common words found in a dictionary






31. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






32. A malicious program that's designed to hide itself on the target system in order to evade detection






33. Open Databaes Connectivity






34. Active-X Data Objects-allows apps to access back-end DB systems






35. The steps required to develop a system from conception through implementation; support; and ultimately retirement.






36. methodolgy Machine; assembler; high level; very high level; Artificial Intelligence Source code goes into compiler and Machine code is used on hardware






37. Knowledge base comprising modeled human experience.






38. comms intercepted etween a authorized user and resource;attacker takes oer the session and assumes the identify of the authorized user






39. looking for unprotected modems






40. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






41. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables






42. A process of viewing an application from its highest-level functions which makes all lower-level functions into abstractions






43. Object management architecture






44. Attribute related to another table






45. The last step in the design process in which a group of experts examine the detailed designs






46. is a high-level description of a system--typically containing no details.






47. A software component in a distributed system that performs a particular service or function. (e.g. Patch management or Host-based intrusion detection systems (HIDS) and performance and capacity monitoring.






48. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null






49. Refers to not being able to place code in a string and then executing it;arrays stay in bounds;pointers are always valid; code cannot violate variable timing






50. Data is arranged in a tree structure - with parent records at the top of the database - and a hierarchy of child records in successive layers