Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.

2. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!

3. The most effective defense against a buffer overflow attack.

4. The concept refers to the ability of someone to deduce something about sensitive information that's beyond normal reach because of its sensitivity level.

5. An object that gets some of its characteristics from a class.

6. Attacks employing specially crafted user input-unicode format for a browser URL that bypasses firewall rulessets ;structured query language queries in the borwser URL box

7. Open Databaes Connectivity

8. Signature based detection; heuristic based detection;hoaxes;logic bomb;trojan horse;worm;agents/bots;spyware

9. Inter Process Communications- mechanisms that facilitate communication between processes or threads

10. A malicious program that's designed to hide itself on the target system in order to evade detection

11. Current Software Environment ; open source; program

12. refers to an application's ability to record every auditable event by describing the event: who made the change and what the change was and when the change was made.

13. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client

14. A program designed to cause damage or execute an event when some computer/network event has occurred.

15. The component of an expert system that produces a quantitative result based on uncertainties.

16. A list of characteristics that can be created in the real world.

17. Allows one change at a time

18. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity

19. Oligomorphic-code similar to polymorphic; but has decryptor that does not show up on signature list; metamorphic; reprograms itself; carries various versions for itself; translates itself into temporary representations and then back to normal code; z

20. software transmitted across the network to a local system and executed on that system Java applets; active X controls; Scripts/plug-ins

21. Suppress unnecessary details not needed to perform an activity

22. Records structured in heirarchy

23. Technical evaluation of security compliance

24. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null

25. where the application is developed

26. A program designed to cause damage or execute an event when some computer/network event has occurred.

27. Bypass front end controls

28. Virus types stealth: hides by tampering with OS to fool Antiirus software; encryption/compression helps hide virus; polymorphic-mutates by modifying its own code as it travels form system ot system while still keeping the original algorithm intact; m

29. Joint Application Development- management process that allows developers to work directly with users

30. Channel allowing two cooperating processes to transfer info in a way it violated sec policy; either storage; one process writes; another process reads or timing one process relays info to another by modulating its use of sys resources

31. Java Database connectivity-allows Java apps to communicate to DB

32. Refers to not being able to place code in a string and then executing it;arrays stay in bounds;pointers are always valid; code cannot violate variable timing

33. one block at a time

34. A program that claims to be something but turns out to be malicious

35. Database in one table

36. An application that consists of components on separate and networked systems.

37. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke

38. Ensures seperation of duties by ensuring programmers do not have access to production code.

39. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.

40. Knowledge base comprising modeled human experience.

41. The steps required to develop a system from conception through implementation; support; and ultimately retirement.

42. The packaging of an object. Everything inside the object is hidden

43. Level 0 Security Kernel; reference monitor;level 1 and 2; device drivers; level 3 user mode

44. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.

45. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables

46. Common Object Reqquest Broker

47. identifies hosts that are alive

48. mimic the biological function of the brain

49. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?

50. Data input errors