Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






2. The process of starting an instance






3. A program designed to cause damage or execute an event when some computer/network event has occurred.






4. Write good code the first time; controls defects in software; quality achieved through design versus testing and remediation;






5. Data in more thatn one DB






6. There is no inherent difference between data and programming instructions representations in memory.






7. source/destination IP and Port set to same






8. Allows user to bypass failed security controls






9. Rapid Application Development- rapid prototyping with strict time limits






10. Maintenance or programming hook; software entry point that is inserted by programmer; allows developers to bypass normal acces restrictions






11. steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance






12. Style of programming that promotes discipline; allows introspection; and providing controlled flexibility; requires refined processes and modular development; each phase subject to review and approval; allows for security to be added in a formalized






13. A malicious program that's designed to hide itself on the target system in order to evade detection






14. Creation of data as objects; for complex applications






15. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






16. identifies open ports on a host






17. row






18. looking for unprotected modems






19. Refers to not being able to place code in a string and then executing it;arrays stay in bounds;pointers are always valid; code cannot violate variable timing






20. form of asynchronous attack; occurs when a program checks access permission too far in advance of a resuource request; attack gets in between steps and makes modifications; how to mitigate have software lock the items it will use while carrying out i






21. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna






22. is a high-level description of a system--typically containing no details.






23. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.






24. Ensures data does not exceed maximum values; manages data types; formats; and lengths






25. Combines data from multiple databases;data is extracted and transferred to central store;OLAP






26. Attacks employing specially crafted user input-unicode format for a browser URL that bypasses firewall rulessets ;structured query language queries in the borwser URL box






27. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






28. This component enforces access controls on a system






29. formal documents in place and pro-active






30. Database structure






31. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null






32. The process of passing a requested method that the object doesn't have to an object that does contain the requested method.






33. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).






34. Knowledge base comprising modeled human experience.






35. Programming based on the concept that after an object is written it can be reused






36. Records structured in heirarchy






37. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






38. A security architecture concept wherein multiple separate mechanisms form protective layers around assets that require protection.






39. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke






40. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity






41. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






42. Client Side program that is platform independent; runs inside another application






43. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






44. mimic the biological function of the brain






45. Virtual machine;restricts the applets access to system resources






46. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.






47. A malicious program that's designed to hide itself on the target system in order to evade detection






48. The process of developing one object from another object but with different values in the new object






49. Requirements built on what is available; built on assumptions on how system might work; consists of planning and trying different designs before development -not cost effective- results in less than optimal systems






50. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.