Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Ensures seperation of duties by ensuring programmers do not have access to production code.






2. computer Aided Software Engineering Tools using computers and computer utilities to support software engineering tasks and activities in the process fo developing software-compilers; assemblers; linkers; translators; loaders; debuggers; program edito






3. one block at a time






4. The procedure (code) contained in an object






5. looking for Wireless Access points






6. Memory management involves allocating memory to a process; reallocating it upon process completion; then re-allocating to a new process- can result in residual information






7. packets in excess of 65535 bytes sent targeted machine






8. The component of an expert system that produces a quantitative result based on uncertainties.






9. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






10. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.






11. Style of programming that promotes discipline; allows introspection; and providing controlled flexibility; requires refined processes and modular development; each phase subject to review and approval; allows for security to be added in a formalized






12. Object Linking and Embedding; access to data no matter the location or format






13. Protect an objects private data from outside access






14. Database structure






15. A security architecture concept wherein multiple separate mechanisms form protective layers around assets that require protection.






16. The concept refers to the ability of someone to deduce something about sensitive information that's beyond normal reach because of its sensitivity level.






17. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai






18. A database where records can be networked to other records through paths that are different from the hierarchy itself






19. Current Software Environment ; open source; program






20. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables






21. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust






22. The process of developing one object from another object but with different values in the new object






23. Inter Process Communications- mechanisms that facilitate communication between processes or threads






24. Distributed Component Object Model-allows apps to access objects on different parts of the network






25. A program designed to cause damage or execute an event when some computer/network event has occurred.






26. one command at a time






27. The process that captures actual changes to software code and end-user documentation and operations documentation and disaster recovery planning documentation and anything else that's affected by the change request.






28. An action that is performed on a database that results in the addition or alteration or removal of data.






29. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.






30. Two dimensional tables






31. focused on continuous process improvement






32. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity






33. The last step in the design process in which a group of experts examine the detailed designs






34. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.






35. A virtual table that consists of the rows and fields from one or more tables in the database






36. Virtual table






37. An object-orientation term that refers to the practice of encapsulating an object within another inorder to hide the first object's functioning details






38. OBDC; JDBC; XML; OLE; ADO






39. form of asynchronous attack; occurs when a program checks access permission too far in advance of a resuource request; attack gets in between steps and makes modifications; how to mitigate have software lock the items it will use while carrying out i






40. Combines data from multiple databases;data is extracted and transferred to central store;OLAP






41. Data input errors






42. Signature based detection; heuristic based detection;hoaxes;logic bomb;trojan horse;worm;agents/bots;spyware






43. Extensible Mark-up language standard for marking data on the web






44. source/destination IP and Port set to same






45. Suppress unnecessary details not needed to perform an activity






46. The packaging of an object. Everything inside the object is hidden






47. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.






48. looking for unprotected modems






49. The most effective defense against a buffer overflow attack.






50. Places system into high level of security