Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!






2. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).






3. A database whose components exist in multiple physical locations. This type of database can be hierarchical or network or relational or object or any other design.






4. Maintenance or programming hook; software entry point that is inserted by programmer; allows developers to bypass normal acces restrictions






5. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.






6. Client Side program that is platform independent; runs inside another application






7. Distributed Component Object Model-allows apps to access objects on different parts of the network






8. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.






9. The ability to hide implementation details behind a common message interface






10. The most effective defense against a buffer overflow attack.






11. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke






12. Database structure






13. Attribute related to another table






14. A malicious program that spreads by attacking known weaknesses on computer systems.






15. Similar to a smurf attack; tricks DNS servers to send unwanted traffic to third pary; flooding network connectoin






16. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.






17. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai






18. The formal evaluation of the system.






19. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






20. occurs when all the components of the entire system have been assembled and the entire system is tested from end to end.






21. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.






22. The most effective defense against a buffer overflow attack.






23. Memory management involves allocating memory to a process; reallocating it upon process completion; then re-allocating to a new process- can result in residual information






24. A particular object that's a member of a class






25. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.






26. The system is approved to be put into production






27. Object management architecture






28. The process of starting an instance






29. Protect an objects private data from outside access






30. where the application is developed






31. Ensures seperation of duties by ensuring programmers do not have access to production code.






32. A malicious program that spreads by attacking known weaknesses on computer systems.






33. The procedure (code) contained in an object






34. The process of developing highest-detail designs






35. The part of access control that relates to how finely you can control who can see and manipulate data in which databases and tables and rows and fields.






36. Allows for successive refinements of requirements; design and coding; requires change control mechanism;prototyping initial concept; desing and implement initial prototype; refine prototype; complete and release






37. Level 0 Security Kernel; reference monitor;level 1 and 2; device drivers; level 3 user mode






38. A program designed to cause damage or execute an event when some computer/network event has occurred.






39. Requirements built on what is available; built on assumptions on how system might work; consists of planning and trying different designs before development -not cost effective- results in less than optimal systems






40. Joint Application Development- management process that allows developers to work directly with users






41. formal processes in place and repeatable






42. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client






43. focused on continuous process improvement






44. Common Object Reqquest Broker






45. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables






46. The packaging of an object. Everything inside the object is hidden






47. Unique identifier






48. involves using standardized building blocks to assemble rather than develop application; may be security advantage as the components previously tested for security similar to OOP






49. Encrypt cookies; do not use sequential; calculable; or predictable cookies; session numbers or URL data; do not cache secure pages; do not automatically trust data use input validation






50. source/destination IP and Port set to same