Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.

2. Creation of data as objects; for complex applications

3. Open Databaes Connectivity

4. The process of passing a requested method that the object doesn't have to an object that does contain the requested method.

5. used to keep application developers off of production systems. It can also keep different applications or environments from interfering with each other.

6. Low level computer language.

7. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers

8. formal documents in place and pro-active

9. An application that consists of components on separate and networked systems.

10. Inter Process Communications- mechanisms that facilitate communication between processes or threads

11. Knowledge base comprising modeled human experience.

12. The formal evaluation of the system.

13. A list of characteristics that can be created in the real world.

14. Current Software Environment ; open source; program

15. Virtual machine;restricts the applets access to system resources

16. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client

17. one block at a time

18. methodolgy Machine; assembler; high level; very high level; Artificial Intelligence Source code goes into compiler and Machine code is used on hardware

19. Distributed Component Object Model-allows apps to access objects on different parts of the network

20. Maintenance or programming hook; software entry point that is inserted by programmer; allows developers to bypass normal acces restrictions

21. There is no inherent difference between data and programming instructions representations in memory.

22. Assures that no individuals or objects (such as programs that make requests of databases) have excessive functions on a system.

23. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.

24. The packaging of an object. Everything inside the object is hidden

25. Combines data from multiple databases;data is extracted and transferred to central store;OLAP

26. The steps required to develop a system from conception through implementation; support; and ultimately retirement.

27. Knowledge base comprising modeled human experience.

28. A program designed to cause damage or execute an event when some computer/network event has occurred.

29. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.

30. focused on continuous process improvement

31. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.

32. Database structure

33. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers

34. Data in more thatn one DB

35. Client Side program that is platform independent; runs inside another application

36. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna

37. A template that defines the methods and variables to be included in a particular type of object

38. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.

39. The procedure (code) contained in an object

40. Refers to a system that operates at the highest level of information classification

41. identifies open ports on a host

42. A program designed to cause damage or execute an event when some computer/network event has occurred.

43. A method used to crack computer account passwords by using common words found in a dictionary

44. A list of required characteristics of the system...a collection of things the system must do or desired features

45. A database whose components exist in multiple physical locations. It is so named because of its location not its design. This type of database can be hierarchical or network or relational or object or any other design.

46. Database in one table

47. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity

48. Attacks employing specially crafted user input-unicode format for a browser URL that bypasses firewall rulessets ;structured query language queries in the borwser URL box

49. Suppress unnecessary details not needed to perform an activity

50. A database of databases