Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The most effective defense against a buffer overflow attack.






2. Combines information from sources to acquire knowledge whe there is a lack of clearance






3. Training; explicit policies; do not double-click attachments;disable windows scrpit host; activeX; Vbscript; and javascript;do not send HTML formatted Email; use more than one scaner and scan everything






4. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






5. A software component in a distributed system that performs a particular service or function. (e.g. Patch management or Host-based intrusion detection systems (HIDS) and performance and capacity monitoring.






6. A program designed to cause damage or execute an event when some computer/network event has occurred.






7. Database in one table






8. Attacker sends multiple IP ping requests to a receiving device-likely via a router






9. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.






10. A malicious program that spreads by attacking known weaknesses on computer systems.






11. should be required procedures for changing; accepting; and testing software-management approval-change management; config management






12. Allows user to bypass failed security controls






13. Programming based on the concept that after an object is written it can be reused






14. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust






15. Client Side program that is platform independent; runs inside another application






16. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.






17. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke






18. Not trained or bound by sys dev practices; no proper app design no change control no support; apps lack security






19. A process of viewing an application from its highest-level functions which makes all lower-level functions into abstractions






20. Knowledge base comprising modeled human experience.






21. Open Databaes Connectivity






22. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






23. Virus types stealth: hides by tampering with OS to fool Antiirus software; encryption/compression helps hide virus; polymorphic-mutates by modifying its own code as it travels form system ot system while still keeping the original algorithm intact; m






24. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






25. Channel allowing two cooperating processes to transfer info in a way it violated sec policy; either storage; one process writes; another process reads or timing one process relays info to another by modulating its use of sys resources






26. identifies hosts that are alive






27. Object management architecture






28. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null






29. Similar to a smurf attack; tricks DNS servers to send unwanted traffic to third pary; flooding network connectoin






30. Suppress unnecessary details not needed to perform an activity






31. formal documents in place and pro-active






32. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






33. form of asynchronous attack; occurs when a program checks access permission too far in advance of a resuource request; attack gets in between steps and makes modifications; how to mitigate have software lock the items it will use while carrying out i






34. Level 0 Security Kernel; reference monitor;level 1 and 2; device drivers; level 3 user mode






35. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity






36. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client






37. Number of columns






38. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






39. The procedure (code) contained in an object






40. Object Request Broker






41. Style of programming that promotes discipline; allows introspection; and providing controlled flexibility; requires refined processes and modular development; each phase subject to review and approval; allows for security to be added in a formalized






42. Ensures data does not exceed maximum values; manages data types; formats; and lengths






43. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






44. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.






45. An object that gets some of its characteristics from a class.






46. The component of an expert system that produces a quantitative result based on uncertainties.






47. Initiating- oultine business reasons for change; diagnosing analyze state of the organization; make recommendations for change; establishing- develop a plan of action to achieve change Acting-develop solutions; test refine;; implement Learning- analy






48. A database where records can be networked to other records through paths that are different from the hierarchy itself






49. A particular object that's a member of a class






50. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.