Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






2. A method used to crack computer account passwords by using common words found in a dictionary






3. source/destination IP and Port set to same






4. ntentionally implanted loopholes in a syste to detect hackers






5. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity






6. The ability to hide implementation details behind a common message interface






7. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.






8. An object that gets some of its characteristics from a class.






9. Access to data at the same time; both denied






10. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.






11. Interface Definition Language






12. identifies open ports on a host






13. A method used to crack computer account passwords by using common words found in a dictionary






14. There is no inherent difference between data and programming instructions representations in memory.






15. Data is arranged in a tree structure with parent records at the top of the database and a hierarchy of child records in successive layers






16. The component of an expert system that produces a quantitative result based on uncertainties.






17. A security architecture concept wherein multiple separate mechanisms form protective layers around assets that require protection.






18. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.






19. Open Databaes Connectivity






20. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke






21. Virtual table






22. A database whose components exist in multiple physical locations. This type of database can be hierarchical or network or relational or object or any other design.






23. A list of required characteristics of the system...a collection of things the system must do or desired features






24. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.






25. form of asynchronous attack; occurs when a program checks access permission too far in advance of a resuource request; attack gets in between steps and makes modifications; how to mitigate have software lock the items it will use while carrying out i






26. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






27. A database where records can be networked to other records through paths that are different from the hierarchy itself






28. Attacks employing specially crafted user input-unicode format for a browser URL that bypasses firewall rulessets ;structured query language queries in the borwser URL box






29. where the application is developed






30. packets in excess of 65535 bytes sent targeted machine






31. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables






32. Technical evaluation of security compliance






33. requirements authorization; tested; components:request control; change control; release control






34. Level 0 Security Kernel; reference monitor;level 1 and 2; device drivers; level 3 user mode






35. This component enforces access controls on a system






36. Each process has its own memory space






37. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!






38. Combines data from multiple databases;data is extracted and transferred to central store;OLAP






39. Object Management group






40. Ensures seperation of duties by ensuring programmers do not have access to production code.






41. focused on continuous process improvement






42. Two dimensional tables






43. methodolgy Machine; assembler; high level; very high level; Artificial Intelligence Source code goes into compiler and Machine code is used on hardware






44. The act of limiting running processes ability to view or modify memory and cache that's assigned to another process.






45. A particular object that's a member of a class






46. There is no inherent difference between data and programming instructions representations in memory.






47. The part of access control that relates to how finely you can control who can see and manipulate data in which databases and tables and rows and fields.






48. formal documents in place and pro-active






49. Suppress unnecessary details not needed to perform an activity






50. Knowledge base comprising modeled human experience.