SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISSP Secure Software Development
Start Test
Study First
Subjects
:
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. packets in excess of 65535 bytes sent targeted machine
Schema
Agent
Ping of death
Database
2. Unique identifier
Polymorphism
Primary key
Protection rings
Data Dictionary elements
3. Rapid Application Development- rapid prototyping with strict time limits
DNS Cache poisoning
CASE
RAD
Locking
4. Not trained or bound by sys dev practices; no proper app design no change control no support; apps lack security
Agent
Relational
OMA
Citizen programmers
5. Encrypt cookies; do not use sequential; calculable; or predictable cookies; session numbers or URL data; do not cache secure pages; do not automatically trust data use input validation
Cleanroom
Exploratory model
Web Protection
IDL
6. How objects communicate with one another
ADO
Salami Scam
Logic bomb
Message
7. Access to data at the same time; both denied
Schema
DB threat deadlocking
User Acceptance Testing
Granularity
8. A virtual table that consists of the rows and fields from one or more tables in the database
View
Application Development
SQL
Compiler
9. Virtual machine;restricts the applets access to system resources
Functional specifications
Sandbox
Change Management
Social Engineering
10. The process that captures actual changes to software code and end-user documentation and operations documentation and disaster recovery planning documentation and anything else that's affected by the change request.
User Acceptance Testing
Configuration management
OLTP
System high mode
11. Distributed Component Object Model-allows apps to access objects on different parts of the network
Salami Scam
DCOM
Change Management
CMM level 4
12. Client Side program that is platform independent; runs inside another application
Trapdoor/backdoor
DB threat data contamination
Java Applet
Exploratory model
13. Sends overlapping packet fragments in which TCP/IP cannot handle
CMM level 4
IP Probes/Ping sweeps
Message
Teardrop
14. looking for unprotected modems
Salami Scam
Waterfall method
DB threat bypass
War Dialing
15. Two dimensional tables
War driving
JDBC
Accreditation
Relational
16. A program designed to cause damage or execute an event when some computer/network event has occurred.
Sandbox
Data hiding
Von Neumann architecture fundamentals?
Logic bomb
17. The formal evaluation of the system.
Certification
Instance
Database Interface Languages
Pseudo flaw
18. involves using standardized building blocks to assemble rather than develop application; may be security advantage as the components previously tested for security similar to OOP
DB threat data contamination
Cross-site scripting?
Accreditation
Component based development
19. formal processes in place and repeatable
Rootkit
Covert channels
CMM level 2
Candidate key
20. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust
System test
Digital Signatures
Agent
Logic bomb
21. Allows for successive refinements of requirements; design and coding; requires change control mechanism;prototyping initial concept; desing and implement initial prototype; refine prototype; complete and release
Data warehouse
Iterative Development
DB threat bypass
JDBC
22. refers to a system that operates at the highest level of information classification
System high mode
Reference monitor
Abstraction
COM
23. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity
Hardware segmentation
Clean room
Open source Code
View
24. This component enforces access controls on a system
Change management
JDBC
OLTP
Reference monitor
25. exploits flaw in DNS software-no validation of source;provides data to DNS that is not authentication;redirects traffic to an alternate server without victims knowledge
Pseudo flaw
Trapdoor/backdoor
DNS Cache poisoning
Hardware segmentation
26. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.
Cross-site scripting?
Distributed database
Logic bomb
Web Protection
27. mimic the biological function of the brain
User Acceptance Testing
Hardware segmentation
CMM level 2
Neural networks
28. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke
Spiral Development
Web Protection
SQL Types
Inference engine
29. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...
Object oriented
Design
Salami Scam
Structured Programming development
30. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.
Iterative Development
Hierarchical database
System test
Relational database
31. Structured Query Language
Primary key
SQL Types
SQL
Accreditation
32. Data in more thatn one DB
Accreditation
Distributed database
Object database
Accreditation
33. This component enforces access controls on a system
Port Scans
Reference monitor
Compiler
Encapsulation
34. A program that claims to be something but turns out to be malicious
Configuration management
Social Engineering
IDL
Trojan horse
35. OBDC; JDBC; XML; OLE; ADO
Web Protection
DB threat bypass
Database Interface Languages
Salami Scam
36. one block at a time
Compiler
SQL Types
Functional specifications
Cleanroom
37. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...
Dictionary attack
View
Salami Scam
Pseudoflaws
38. The process of detecting certain anomalous behavior to prevent viruses
Compiler
Salami Scam
Bounds Checking
Heuristics
39. Allows user to bypass failed security controls
Pseudo flaw
Fail-open
Certification
Salami Scam
40. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.
Abstraction
DB threat Compromising data views
Relational
Cross-site scripting
41. The process of developing one object from another object but with different values in the new object
Class
Polyinstantiation
Neural networks
DCOM
42. Attacks employing specially crafted user input-unicode format for a browser URL that bypasses firewall rulessets ;structured query language queries in the borwser URL box
Hardware segmentation
CMM level 5
Malformed Input attack
OLAP
43. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.
System high mode
Relational database
Covert channels
Certification
44. Interface Definition Language
IDL
Foreign key
Access control
OBDC
45. The most effective defense against a buffer overflow attack.
Sandbox
Social Engineering
Bounds Checking
DCOM
46. Assures that no individuals or objects (such as programs that make requests of databases) have excessive functions on a system.
CORBA
Separation of privilege (least privilege)
Bounds Checking
Object database
47. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers
Trojan horse
Compiler
Social Engineering
Virus
48. Knowledge base comprising modeled human experience.
Expert systems
Java Applet
Clean room
Delegation
49. ntentionally implanted loopholes in a syste to detect hackers
Worms
Cross-site scripting?
Pseudoflaws
OBDC
50. The most effective defense against a buffer overflow attack.
Bounds Checking
RAD
Pseudo flaw
Data hiding