Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.






2. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.






3. occurs when all the components of the entire system have been assembled and the entire system is tested from end to end.






4. Style of programming that promotes discipline; allows introspection; and providing controlled flexibility; requires refined processes and modular development; each phase subject to review and approval; allows for security to be added in a formalized






5. exploits flaw in DNS software-no validation of source;provides data to DNS that is not authentication;redirects traffic to an alternate server without victims knowledge






6. Maintenance or programming hook; software entry point that is inserted by programmer; allows developers to bypass normal acces restrictions






7. computer Aided Software Engineering Tools using computers and computer utilities to support software engineering tasks and activities in the process fo developing software-compilers; assemblers; linkers; translators; loaders; debuggers; program edito






8. spiral method; nested version of waterfall method; estimated costs and schedules are revised at the end of the assessment Decision to proceed/cancel project is revisited after each risk assessment






9. Data in more thatn one DB






10. The process of passing a requested method that the object doesn't have to an object that does contain the requested method.






11. form of asynchronous attack; occurs when a program checks access permission too far in advance of a resuource request; attack gets in between steps and makes modifications; how to mitigate have software lock the items it will use while carrying out i






12. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






13. Channel allowing two cooperating processes to transfer info in a way it violated sec policy; either storage; one process writes; another process reads or timing one process relays info to another by modulating its use of sys resources






14. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity






15. A malicious program that's designed to hide itself on the target system in order to evade detection






16. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






17. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






18. A program designed to cause damage or execute an event when some computer/network event has occurred.






19. Component Object Model-microsoft framework for developing and supporting components allows other applications of components to access their features.






20. steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance






21. software transmitted across the network to a local system and executed on that system Java applets; active X controls; Scripts/plug-ins






22. The tree structure of a collection of objects and classes






23. A security architecture concept wherein multiple separate mechanisms form protective layers around assets that require protection.






24. Write good code the first time; controls defects in software; quality achieved through design versus testing and remediation;






25. used to keep application developers off of production systems. It can also keep different applications or environments from interfering with each other.






26. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables






27. A malicious program that spreads by attacking known weaknesses on computer systems.






28. The most effective defense against a buffer overflow attack.






29. Joint Application Development- management process that allows developers to work directly with users






30. A mechanism used to define and store and manipulate data. It contains data used by one or more applications as well as a programming and command interface used to create and manage and administer data.






31. Sends overlapping packet fragments in which TCP/IP cannot handle






32. The formal evaluation of the system.






33. Names of tables; space definitions; views; indexe; clusters; synonyms; user names haing access to the DB;rights and privaleges that have been granted






34. Common Object Reqquest Broker






35. The process of developing one object from another object but with different values in the new object






36. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables






37. Low level computer language.






38. Assures that no individuals or objects (such as programs that make requests of databases) have excessive functions on a system.






39. should be required procedures for changing; accepting; and testing software-management approval-change management; config management






40. Assembly to machine






41. A virtual table that consists of the rows and fields from one or more tables in the database






42. identifies open ports on a host






43. Attacker sends multiple IP ping requests to a receiving device-likely via a router






44. Attributes identifying a record






45. Virus types stealth: hides by tampering with OS to fool Antiirus software; encryption/compression helps hide virus; polymorphic-mutates by modifying its own code as it travels form system ot system while still keeping the original algorithm intact; m






46. Encrypt cookies; do not use sequential; calculable; or predictable cookies; session numbers or URL data; do not cache secure pages; do not automatically trust data use input validation






47. OBDC; JDBC; XML; OLE; ADO






48. Distributed Component Object Model-allows apps to access objects on different parts of the network






49. Combines information from sources to acquire knowledge whe there is a lack of clearance






50. Each process has its own memory space