Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers to obvious but it re-enforces your understanding as you take the test each time.
1. The process of detecting certain anomalous behavior to prevent viruses






2. looking for unprotected modems






3. one block at a time






4. An object-orientation term that refers to the practice of encapsulating an object within another inorder to hide the first object's functioning details






5. Data in more thatn one DB






6. The act of limiting running processes ability to view or modify memory and cache that's assigned to another process.






7. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






8. Attribute related to another table






9. looking for Wireless Access points






10. Places system into high level of security






11. Attacks employing specially crafted user input-unicode format for a browser URL that bypasses firewall rulessets ;structured query language queries in the borwser URL box






12. Java Database connectivity-allows Java apps to communicate to DB






13. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).






14. Current Software Environment ; open source; program






15. Similar to a smurf attack; tricks DNS servers to send unwanted traffic to third pary; flooding network connectoin






16. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null






17. should be required procedures for changing; accepting; and testing software-management approval-change management; config management






18. The packaging of an object. Everything inside the object is hidden






19. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






20. Maintenance or programming hook; software entry point that is inserted by programmer; allows developers to bypass normal acces restrictions






21. Signature based detection; heuristic based detection;hoaxes;logic bomb;trojan horse;worm;agents/bots;spyware






22. The steps required to develop a system from conception through implementation; support; and ultimately retirement.






23. where the application is developed






24. A database whose components exist in multiple physical locations. This type of database can be hierarchical or network or relational or object or any other design.






25. source/destination IP and Port set to same






26. A list of required characteristics of the system...a collection of things the system must do or desired features






27. Refers to the process of combining low-sensitivity data items together resulting in high-sensitivity data.






28. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






29. Open Databaes Connectivity






30. Review of certification information; official authorization to place the system in operational use.






31. A method used to crack computer account passwords by using common words found in a dictionary






32. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






33. A mechanism used to define and store and manipulate data. It contains data used by one or more applications as well as a programming and command interface used to create and manage and administer data.






34. Attacker sends multiple IP ping requests to a receiving device-likely via a router






35. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






36. Knowledge base comprising modeled human experience.






37. Data is arranged in a tree structure with parent records at the top of the database and a hierarchy of child records in successive layers






38. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






39. Channel allowing two cooperating processes to transfer info in a way it violated sec policy; either storage; one process writes; another process reads or timing one process relays info to another by modulating its use of sys resources






40. A malicious program that's designed to hide itself on the target system in order to evade detection






41. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables






42. Technical evaluation of security compliance






43. reconfigures a system to use the IP of a trusted system-correct with packet filtering techniques






44. OBDC; JDBC; XML; OLE; ADO






45. Oligomorphic-code similar to polymorphic; but has decryptor that does not show up on signature list; metamorphic; reprograms itself; carries various versions for itself; translates itself into temporary representations and then back to normal code; z






46. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






47. Object Linking and Embedding; access to data no matter the location or format






48. A malicious program that spreads by attacking known weaknesses on computer systems.






49. A program that claims to be something but turns out to be malicious






50. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.