Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The formal evaluation of the system.






2. A malicious program that spreads by attacking known weaknesses on computer systems.






3. Assembly to machine






4. Creation of data as objects; for complex applications






5. The last step in the design process in which a group of experts examine the detailed designs






6. A program that claims to be something but turns out to be malicious






7. form of asynchronous attack; occurs when a program checks access permission too far in advance of a resuource request; attack gets in between steps and makes modifications; how to mitigate have software lock the items it will use while carrying out i






8. spiral method; nested version of waterfall method; estimated costs and schedules are revised at the end of the assessment Decision to proceed/cancel project is revisited after each risk assessment






9. Names of tables; space definitions; views; indexe; clusters; synonyms; user names haing access to the DB;rights and privaleges that have been granted






10. Current Software Environment ; open source; program






11. Two dimensional tables






12. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai






13. Training; explicit policies; do not double-click attachments;disable windows scrpit host; activeX; Vbscript; and javascript;do not send HTML formatted Email; use more than one scaner and scan everything






14. Distributed Component Object Model-allows apps to access objects on different parts of the network






15. exploits flaw in DNS software-no validation of source;provides data to DNS that is not authentication;redirects traffic to an alternate server without victims knowledge






16. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).






17. Data in more thatn one DB






18. A malicious program that's designed to hide itself on the target system in order to evade detection






19. involves using standardized building blocks to assemble rather than develop application; may be security advantage as the components previously tested for security similar to OOP






20. A method used to crack computer account passwords by using common words found in a dictionary






21. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).






22. computer Aided Software Engineering Tools using computers and computer utilities to support software engineering tasks and activities in the process fo developing software-compilers; assemblers; linkers; translators; loaders; debuggers; program edito






23. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.






24. The process of developing one object from another object but with different values in the new object






25. The steps required to develop a system from conception through implementation; support; and ultimately retirement.






26. Records structured in heirarchy






27. Number of columns






28. Low level computer language.






29. Knowledge base comprising modeled human experience.






30. Similar to a smurf attack; tricks DNS servers to send unwanted traffic to third pary; flooding network connectoin






31. The act of limiting running processes ability to view or modify memory and cache that's assigned to another process.






32. Each process has its own memory space






33. The most effective defense against a buffer overflow attack.






34. Object Management group






35. A process used to avoid collisions in which two or more programs may be trying to update the same table or row at the same time.






36. Suppress unnecessary details not needed to perform an activity






37. Ensures seperation of duties by ensuring programmers do not have access to production code.






38. An application that consists of components on separate and networked systems.






39. steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance






40. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai






41. The process of developing highest-detail designs






42. Client Side program that is platform independent; runs inside another application






43. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna






44. Conceal a lower level processes from higher level processes






45. occurs when all the components of the entire system have been assembled and the entire system is tested from end to end.






46. Attribute related to another table






47. Allows one change at a time






48. Memory management involves allocating memory to a process; reallocating it upon process completion; then re-allocating to a new process- can result in residual information






49. methodolgy Machine; assembler; high level; very high level; Artificial Intelligence Source code goes into compiler and Machine code is used on hardware






50. A malicious program that's designed to hide itself on the target system in order to evade detection