Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Each process has its own memory space






2. An object-orientation term that refers to the practice of encapsulating an object within another inorder to hide the first object's functioning details






3. Suppress unnecessary details not needed to perform an activity






4. refers to an application's ability to record every auditable event by describing the event: who made the change and what the change was and when the change was made.






5. looking for unprotected modems






6. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.






7. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).






8. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.






9. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null






10. Two dimensional tables






11. one command at a time






12. Training; explicit policies; do not double-click attachments;disable windows scrpit host; activeX; Vbscript; and javascript;do not send HTML formatted Email; use more than one scaner and scan everything






13. Data is arranged in a tree structure - with parent records at the top of the database - and a hierarchy of child records in successive layers






14. An action that is performed on a database that results in the addition or alteration or removal of data.






15. Data is arranged in a tree structure with parent records at the top of the database and a hierarchy of child records in successive layers






16. is a high-level description of a system--typically containing no details.






17. occurs when all the components of the entire system have been assembled and the entire system is tested from end to end.






18. Database structure






19. The process of developing highest-detail designs






20. Sends overlapping packet fragments in which TCP/IP cannot handle






21. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






22. A program designed to cause damage or execute an event when some computer/network event has occurred.






23. Ensures seperation of duties by ensuring programmers do not have access to production code.






24. The last step in the design process in which a group of experts examine the detailed designs






25. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






26. Memory management involves allocating memory to a process; reallocating it upon process completion; then re-allocating to a new process- can result in residual information






27. White box logical testing line by line; black box; examines input and output without access to program/gray box examines input and output of a program having access to the code; but not anaylzing the internal logic






28. A malicious program that spreads by attacking known weaknesses on computer systems.






29. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).






30. A database of databases






31. A program that claims to be something but turns out to be malicious






32. spiral method; nested version of waterfall method; estimated costs and schedules are revised at the end of the assessment Decision to proceed/cancel project is revisited after each risk assessment






33. Attribute related to another table






34. Places system into high level of security






35. The process of passing a requested method that the object doesn't have to an object that does contain the requested method.






36. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






37. An application that consists of components on separate and networked systems.






38. Programming based on the concept that after an object is written it can be reused






39. OBDC; JDBC; XML; OLE; ADO






40. The packaging of an object. Everything inside the object is hidden






41. The steps required to develop a system from conception through implementation; support; and ultimately retirement.






42. Not trained or bound by sys dev practices; no proper app design no change control no support; apps lack security






43. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke






44. A malicious program that spreads by attacking known weaknesses on computer systems.






45. comms intercepted etween a authorized user and resource;attacker takes oer the session and assumes the identify of the authorized user






46. A program that claims to be something but turns out to be malicious






47. Records structured in heirarchy






48. Technical evaluation of security compliance






49. Extensible Mark-up language standard for marking data on the web






50. source/destination IP and Port set to same