Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The process that captures actual changes to software code and end-user documentation and operations documentation and disaster recovery planning documentation and anything else that's affected by the change request.






2. used to keep application developers off of production systems. It can also keep different applications or environments from interfering with each other.






3. The tree structure of a collection of objects and classes






4. Attribute related to another table






5. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






6. This component enforces access controls on a system






7. CMM process unpredictable; poorly ontrolled






8. A malicious program that spreads by attacking known weaknesses on computer systems.






9. Unique identifier






10. Technical evaluation of security compliance






11. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna






12. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.






13. A malicious program that spreads by attacking known weaknesses on computer systems.






14. Object Linking and Embedding; access to data no matter the location or format






15. A database whose components exist in multiple physical locations. It is so named because of its location not its design. This type of database can be hierarchical or network or relational or object or any other design.






16. Places system into high level of security






17. refers to an application's ability to record every auditable event by describing the event: who made the change and what the change was and when the change was made.






18. Online Analytical Processing






19. Attributes identifying a record






20. Enterprise JavaBean






21. An application that consists of components on separate and networked systems.






22. Ideal for web development; allows for basic functionality to be deployed in a quick time frame; maintenance phase begins after deployment; application evolves as the environment changes






23. Sends overlapping packet fragments in which TCP/IP cannot handle






24. The component of an expert system that produces a quantitative result based on uncertainties.






25. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null






26. Programming based on the concept that after an object is written it can be reused






27. Number of columns






28. Initiating- oultine business reasons for change; diagnosing analyze state of the organization; make recommendations for change; establishing- develop a plan of action to achieve change Acting-develop solutions; test refine;; implement Learning- analy






29. Common Object Reqquest Broker






30. The system is approved to be put into production






31. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.






32. Knowledge base comprising modeled human experience.






33. Training; explicit policies; do not double-click attachments;disable windows scrpit host; activeX; Vbscript; and javascript;do not send HTML formatted Email; use more than one scaner and scan everything






34. Combines data from multiple databases;data is extracted and transferred to central store;OLAP






35. Protect an objects private data from outside access






36. where the application is developed






37. Open Databaes Connectivity






38. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






39. A database of databases






40. The results of an object having received a message






41. is a high-level description of a system--typically containing no details.






42. Current Software Environment ; open source; program






43. Ensures seperation of duties by ensuring programmers do not have access to production code.






44. An object-orientation term that refers to the practice of encapsulating an object within another inorder to hide the first object's functioning details






45. The process of developing one object from another object but with different values in the new object






46. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.






47. Suppress unnecessary details not needed to perform an activity






48. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).






49. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client






50. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...