Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The process of developing one object from another object but with different values in the new object






2. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






3. A program that claims to be something but turns out to be malicious






4. The process that captures actual changes to software code and end-user documentation and operations documentation and disaster recovery planning documentation and anything else that's affected by the change request.






5. The process of detecting certain anomalous behavior to prevent viruses






6. Allows one change at a time






7. exploits flaw in DNS software-no validation of source;provides data to DNS that is not authentication;redirects traffic to an alternate server without victims knowledge






8. OBDC; JDBC; XML; OLE; ADO






9. The process of detecting certain anomalous behavior to prevent viruses






10. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.






11. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.






12. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






13. A software component in a distributed system that performs a particular service or function. (e.g. Patch management or Host-based intrusion detection systems (HIDS) and performance and capacity monitoring.






14. An action that is performed on a database that results in the addition or alteration or removal of data.






15. This component enforces access controls on a system






16. Component Object Model-microsoft framework for developing and supporting components allows other applications of components to access their features.






17. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






18. The system is approved to be put into production






19. A malicious program that spreads by attacking known weaknesses on computer systems.






20. Joint Application Development- management process that allows developers to work directly with users






21. Virus types stealth: hides by tampering with OS to fool Antiirus software; encryption/compression helps hide virus; polymorphic-mutates by modifying its own code as it travels form system ot system while still keeping the original algorithm intact; m






22. one command at a time






23. Allows user to bypass failed security controls






24. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust






25. A security architecture concept wherein multiple separate mechanisms form protective layers around assets that require protection.






26. This component enforces access controls on a system






27. ntentionally implanted loopholes in a syste to detect hackers






28. Database structure






29. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke






30. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna






31. The process of passing a requested method that the object doesn't have to an object that does contain the requested method.






32. looking for Wireless Access points






33. Two dimensional tables






34. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null






35. Active-X Data Objects-allows apps to access back-end DB systems






36. Protect an objects private data from outside access






37. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai






38. Distributed Component Object Model-allows apps to access objects on different parts of the network






39. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






40. Enterprise JavaBean






41. where the application is developed






42. formal processes in place and repeatable






43. packets in excess of 65535 bytes sent targeted machine






44. Oligomorphic-code similar to polymorphic; but has decryptor that does not show up on signature list; metamorphic; reprograms itself; carries various versions for itself; translates itself into temporary representations and then back to normal code; z






45. A database where records can be networked to other records through paths that are different from the hierarchy itself






46. Suppress unnecessary details not needed to perform an activity






47. A database of databases






48. Unique identifier






49. Client Side program that is platform independent; runs inside another application






50. The last step in the design process in which a group of experts examine the detailed designs