Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A database where records can be networked to other records through paths that are different from the hierarchy itself






2. The process of detecting certain anomalous behavior to prevent viruses






3. Virtual machine;restricts the applets access to system resources






4. Attacker sends multiple IP ping requests to a receiving device-likely via a router






5. Each process has its own memory space






6. Ensures seperation of duties by ensuring programmers do not have access to production code.






7. Interface Definition Language






8. Protect an objects private data from outside access






9. Number of columns






10. Conceal a lower level processes from higher level processes






11. The procedure (code) contained in an object






12. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna






13. A database whose components exist in multiple physical locations. This type of database can be hierarchical or network or relational or object or any other design.






14. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).






15. Data is arranged in a tree structure with parent records at the top of the database and a hierarchy of child records in successive layers






16. The concept refers to the ability of someone to deduce something about sensitive information that's beyond normal reach because of its sensitivity level.






17. is a high-level description of a system--typically containing no details.






18. Assures that no individuals or objects (such as programs that make requests of databases) have excessive functions on a system.






19. Records structured in heirarchy






20. one command at a time






21. spiral method; nested version of waterfall method; estimated costs and schedules are revised at the end of the assessment Decision to proceed/cancel project is revisited after each risk assessment






22. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






23. formal documents in place and pro-active






24. The act of limiting running processes ability to view or modify memory and cache that's assigned to another process.






25. A special-purpose database that's used for business research and decision support and planning; typical databases support daily business operations. This type of database is also used for decision support.






26. process quantitatively measured and controlled






27. one block at a time






28. An object that gets some of its characteristics from a class.






29. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables






30. Online Analytical Processing






31. Attribute related to another table






32. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.






33. comms intercepted etween a authorized user and resource;attacker takes oer the session and assumes the identify of the authorized user






34. Channel allowing two cooperating processes to transfer info in a way it violated sec policy; either storage; one process writes; another process reads or timing one process relays info to another by modulating its use of sys resources






35. software transmitted across the network to a local system and executed on that system Java applets; active X controls; Scripts/plug-ins






36. An application that consists of components on separate and networked systems.






37. Attributes identifying a record






38. Write good code the first time; controls defects in software; quality achieved through design versus testing and remediation;






39. The tree structure of a collection of objects and classes






40. A software component in a distributed system that performs a particular service or function. (e.g. Patch management or Host-based intrusion detection systems (HIDS) and performance and capacity monitoring.






41. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai






42. A method used to crack computer account passwords by using common words found in a dictionary






43. focused on continuous process improvement






44. The process of developing one object from another object but with different values in the new object






45. Inter Process Communications- mechanisms that facilitate communication between processes or threads






46. A software component in a distributed system that performs a particular service or function. (e.g. Patch management or Host-based intrusion detection systems (HIDS) and performance and capacity monitoring.






47. The system is approved to be put into production






48. An action that is performed on a database that results in the addition or alteration or removal of data.






49. The part of access control that relates to how finely you can control who can see and manipulate data in which databases and tables and rows and fields.






50. Bypass front end controls