SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Search
Test your basic knowledge |
CISSP Secure Software Development
Start Test
Study First
Subjects
:
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The formal evaluation of the system.
Certification
Data hiding
Protection rings
Software librarian
2. A malicious program that spreads by attacking known weaknesses on computer systems.
Neural networks
Inheritance
Worms
DB threat-concurrency
3. Assembly to machine
Neural networks
Applet
Assembler
Dictionary attack
4. Creation of data as objects; for complex applications
Virus
Instantiation
Neural networks
Object oriented
5. The last step in the design process in which a group of experts examine the detailed designs
DB threat Compromising data views
CASE
Instantiation
Design review
6. A program that claims to be something but turns out to be malicious
Rootkit
Foreign key
Trojan horse
Session hijacking
7. form of asynchronous attack; occurs when a program checks access permission too far in advance of a resuource request; attack gets in between steps and makes modifications; how to mitigate have software lock the items it will use while carrying out i
System test
Time of Check/Time of use
Rootkit
Application Development
8. spiral method; nested version of waterfall method; estimated costs and schedules are revised at the end of the assessment Decision to proceed/cancel project is revisited after each risk assessment
Spiral Development
Virus types
Data hiding
Trapdoor/backdoor
9. Names of tables; space definitions; views; indexe; clusters; synonyms; user names haing access to the DB;rights and privaleges that have been granted
Polymorphism
Data Dictionary elements
Design
Exploratory model
10. Current Software Environment ; open source; program
OBDC
Application Development
OLAP
Malware
11. Two dimensional tables
Relational
Social Engineering
Transaction
Instance
12. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai
Social Engineering
Aggregation
Pseudo flaw
Distributed application
13. Training; explicit policies; do not double-click attachments;disable windows scrpit host; activeX; Vbscript; and javascript;do not send HTML formatted Email; use more than one scaner and scan everything
Degree
Malware Protections
Applet
Object oriented
14. Distributed Component Object Model-allows apps to access objects on different parts of the network
DCOM
Abstraction
DB threat deadlocking
Rootkit
15. exploits flaw in DNS software-no validation of source;provides data to DNS that is not authentication;redirects traffic to an alternate server without victims knowledge
DNS Cache poisoning
Reference monitor
Hardware segmentation
Distributed database
16. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).
Object database
CORBA
Distributed database
Von Neumann architecture fundamentals?
17. Data in more thatn one DB
Distributed database
Applet
Abstraction
Candidate key
18. A malicious program that's designed to hide itself on the target system in order to evade detection
Change Management
Rootkit
Distributed application
Assembler
19. involves using standardized building blocks to assemble rather than develop application; may be security advantage as the components previously tested for security similar to OOP
ADO
JAD
Abstraction
Component based development
20. A method used to crack computer account passwords by using common words found in a dictionary
Dictionary attack
War Dialing
Defense in Depth (layering)
Certification
21. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).
Session hijacking
Object database
Type-safe programming
Flat file
22. computer Aided Software Engineering Tools using computers and computer utilities to support software engineering tasks and activities in the process fo developing software-compilers; assemblers; linkers; translators; loaders; debuggers; program edito
Covert channels
IPC
CASE
Time of Check/Time of use
23. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.
Rootkit
Ahange management
War Dialing
Malformed Input attack
24. The process of developing one object from another object but with different values in the new object
Aggregation
Polyinstantiation
Ahange management
DB threat bypass
25. The steps required to develop a system from conception through implementation; support; and ultimately retirement.
Systems development life cycle (SDLC)
Covert channels
Conceptual definition
Component based development
26. Records structured in heirarchy
Malformed Input attack
Change Management
OLE
Hierarchial
27. Number of columns
Transaction
Salami Scam
Degree
DB threat Compromising data views
28. Low level computer language.
Encapsulation
Assembly Language
Hardware segmentation
Virus
29. Knowledge base comprising modeled human experience.
Application Development
Session hijacking
Object database
Expert systems
30. Similar to a smurf attack; tricks DNS servers to send unwanted traffic to third pary; flooding network connectoin
Executable content/mobile code
Bounds Checking
DNS amplification
Primary key
31. The act of limiting running processes ability to view or modify memory and cache that's assigned to another process.
Hardware segmentation
Network database
Cleanroom
Process isolation
32. Each process has its own memory space
Land
Database Interface Languages
Process Isolation
Object-oriented programming
33. The most effective defense against a buffer overflow attack.
Bounds Checking
Fail-safe/fail secure
Transaction
Pseudo flaw
34. Object Management group
OMG
View
Primary key
Memory re-use
35. A process used to avoid collisions in which two or more programs may be trying to update the same table or row at the same time.
Cleanroom
Object-oriented programming
SQL
Locking
36. Suppress unnecessary details not needed to perform an activity
OLTP
Abstraction
Functional specifications
Heuristics
37. Ensures seperation of duties by ensuring programmers do not have access to production code.
Change management
Application Development
Software librarian
Object oriented
38. An application that consists of components on separate and networked systems.
Von Neumann architecture fundamentals?
Defense in Depth (layering)
Distributed application
Executable content/mobile code
39. steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance
Application Development
Message
Malware
Waterfall method
40. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai
Von Neumann architecture fundamentals?
Pseudo flaw
Access control
Transaction
41. The process of developing highest-detail designs
Aggregation
Data Warehousing
Conceptual definition
Design
42. Client Side program that is platform independent; runs inside another application
Malware Protections
Data hiding
Digital Signatures
Java Applet
43. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna
Assembler
Polymorphism
OLTP
Cross-site scripting?
44. Conceal a lower level processes from higher level processes
Access control
Data hiding
Dictionary attack
Virus
45. occurs when all the components of the entire system have been assembled and the entire system is tested from end to end.
Distributed database
Relational database
System test
Flat file
46. Attribute related to another table
Citizen programmers
Inference engine
Foreign key
Data dictionary
47. Allows one change at a time
DB threat-concurrency
Assembler
System high mode
Design review
48. Memory management involves allocating memory to a process; reallocating it upon process completion; then re-allocating to a new process- can result in residual information
War driving
Functional specifications
Iterative Development
Memory re-use
49. methodolgy Machine; assembler; high level; very high level; Artificial Intelligence Source code goes into compiler and Machine code is used on hardware
Application Development
Certification
Component based development
Cleanroom
50. A malicious program that's designed to hide itself on the target system in order to evade detection
Waterfall method
Distributed database
Rootkit
OMA
