Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. source/destination IP and Port set to same

2. An object that gets some of its characteristics from a class.

3. Oligomorphic-code similar to polymorphic; but has decryptor that does not show up on signature list; metamorphic; reprograms itself; carries various versions for itself; translates itself into temporary representations and then back to normal code; z

4. A program that claims to be something but turns out to be malicious

5. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...

6. Two dimensional tables

7. The component of an expert system that produces a quantitative result based on uncertainties.

8. row

9. Access to data at the same time; both denied

10. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables

11. Current Software Environment ; open source; program

12. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust

13. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke

14. The process of passing a requested method that the object doesn't have to an object that does contain the requested method.

15. identifies hosts that are alive


17. Knowledge base comprising modeled human experience.

18. used to keep application developers off of production systems. It can also keep different applications or environments from interfering with each other.

19. A software component in a distributed system that performs a particular service or function. (e.g. Patch management or Host-based intrusion detection systems (HIDS) and performance and capacity monitoring.

20. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers

21. Extensible Mark-up language standard for marking data on the web

22. This component enforces access controls on a system

23. Inter Process Communications- mechanisms that facilitate communication between processes or threads

24. Online Analytical Processing

25. A particular object that's a member of a class

26. Unique identifier

27. The tree structure of a collection of objects and classes

28. Object Management group

29. Joint Application Development- management process that allows developers to work directly with users

30. Object Request Broker

31. The part of access control that relates to how finely you can control who can see and manipulate data in which databases and tables and rows and fields.

32. Active-X Data Objects-allows apps to access back-end DB systems

33. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai

34. refers to an application's ability to record every auditable event by describing the event: who made the change and what the change was and when the change was made.

35. Low level computer language.

36. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.

37. packets in excess of 65535 bytes sent targeted machine

38. The procedure (code) contained in an object

39. Data is arranged in a tree structure with parent records at the top of the database and a hierarchy of child records in successive layers

40. The process of developing highest-detail designs

41. where the application is developed

42. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.

43. Open Databaes Connectivity

44. A database where records can be networked to other records through paths that are different from the hierarchy itself

45. Virtual machine;restricts the applets access to system resources

46. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?

47. Maintenance or programming hook; software entry point that is inserted by programmer; allows developers to bypass normal acces restrictions

48. This component enforces access controls on a system

49. The most effective defense against a buffer overflow attack.

50. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.