Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).






2. Attributes identifying a record






3. A security architecture concept wherein multiple separate mechanisms form protective layers around assets that require protection.






4. OBDC; JDBC; XML; OLE; ADO






5. Extensible Mark-up language standard for marking data on the web






6. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.






7. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna






8. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.






9. An action that is performed on a database that results in the addition or alteration or removal of data.






10. The process of detecting certain anomalous behavior to prevent viruses






11. source/destination IP and Port set to same






12. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.






13. Ensures data does not exceed maximum values; manages data types; formats; and lengths






14. Low level computer language.






15. A process of viewing an application from its highest-level functions which makes all lower-level functions into abstractions






16. Lack of security labels/controls






17. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






18. Attacks employing specially crafted user input-unicode format for a browser URL that bypasses firewall rulessets ;structured query language queries in the borwser URL box






19. exploits flaw in DNS software-no validation of source;provides data to DNS that is not authentication;redirects traffic to an alternate server without victims knowledge






20. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.






21. A malicious program that's designed to hide itself on the target system in order to evade detection






22. There is no inherent difference between data and programming instructions representations in memory.






23. Object management architecture






24. Data is arranged in a tree structure - with parent records at the top of the database - and a hierarchy of child records in successive layers






25. The formal evaluation of the system.






26. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null






27. A database where records can be networked to other records through paths that are different from the hierarchy itself






28. Maintenance or programming hook; software entry point that is inserted by programmer; allows developers to bypass normal acces restrictions






29. An object that gets some of its characteristics from a class.






30. A malicious program that spreads by attacking known weaknesses on computer systems.






31. The part of access control that relates to how finely you can control who can see and manipulate data in which databases and tables and rows and fields.






32. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






33. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client






34. A method used to crack computer account passwords by using common words found in a dictionary






35. row






36. Current Software Environment ; open source; program






37. Sends overlapping packet fragments in which TCP/IP cannot handle






38. This component enforces access controls on a system






39. The last step in the design process in which a group of experts examine the detailed designs






40. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).






41. Combines information from sources to acquire knowledge whe there is a lack of clearance






42. The process of starting an instance






43. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






44. methodolgy Machine; assembler; high level; very high level; Artificial Intelligence Source code goes into compiler and Machine code is used on hardware






45. A program that claims to be something but turns out to be malicious






46. The tree structure of a collection of objects and classes






47. Enterprise JavaBean






48. Refers to a system that operates at the highest level of information classification






49. A malicious program that spreads by attacking known weaknesses on computer systems.






50. Technical evaluation of security compliance