Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ntentionally implanted loopholes in a syste to detect hackers

2. A program that claims to be something but turns out to be malicious

3. A security architecture concept wherein multiple separate mechanisms form protective layers around assets that require protection.

4. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.

5. How objects communicate with one another

6. The process of developing highest-detail designs

7. Data is arranged in a tree structure - with parent records at the top of the database - and a hierarchy of child records in successive layers

8. Conceal a lower level processes from higher level processes

9. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust

10. Bypass front end controls

11. Object Management group

12. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai

13. steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance

14. Ensures seperation of duties by ensuring programmers do not have access to production code.

15. The process of passing a requested method that the object doesn't have to an object that does contain the requested method.

16. Two dimensional tables

17. one command at a time

18. spiral method; nested version of waterfall method; estimated costs and schedules are revised at the end of the assessment Decision to proceed/cancel project is revisited after each risk assessment

19. Common Object Reqquest Broker

20. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...

21. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables

22. Combines information from sources to acquire knowledge whe there is a lack of clearance

23. Combines data from multiple databases;data is extracted and transferred to central store;OLAP

24. A process of viewing an application from its highest-level functions which makes all lower-level functions into abstractions

25. Similar to a smurf attack; tricks DNS servers to send unwanted traffic to third pary; flooding network connectoin

26. Current Software Environment ; open source; program

27. Component Object Model-microsoft framework for developing and supporting components allows other applications of components to access their features.

28. Initiating- oultine business reasons for change; diagnosing analyze state of the organization; make recommendations for change; establishing- develop a plan of action to achieve change Acting-develop solutions; test refine;; implement Learning- analy

29. The process that captures actual changes to software code and end-user documentation and operations documentation and disaster recovery planning documentation and anything else that's affected by the change request.

30. A malicious program that spreads by attacking known weaknesses on computer systems.

31. Extensible Mark-up language standard for marking data on the web

32. form of asynchronous attack; occurs when a program checks access permission too far in advance of a resuource request; attack gets in between steps and makes modifications; how to mitigate have software lock the items it will use while carrying out i

33. An application that consists of components on separate and networked systems.

34. A virtual table that consists of the rows and fields from one or more tables in the database

35. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.

36. Style of programming that promotes discipline; allows introspection; and providing controlled flexibility; requires refined processes and modular development; each phase subject to review and approval; allows for security to be added in a formalized

37. Channel allowing two cooperating processes to transfer info in a way it violated sec policy; either storage; one process writes; another process reads or timing one process relays info to another by modulating its use of sys resources

38. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client

39. Joint Application Development- management process that allows developers to work directly with users

40. Protect an objects private data from outside access

41. should be required procedures for changing; accepting; and testing software-management approval-change management; config management

42. Enterprise JavaBean

43. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.

44. mimic the biological function of the brain

45. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client

46. A program that claims to be something but turns out to be malicious

47. Rapid Application Development- rapid prototyping with strict time limits

48. Technical evaluation of security compliance

49. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke

50. refers to a system that operates at the highest level of information classification