Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Names of tables; space definitions; views; indexe; clusters; synonyms; user names haing access to the DB;rights and privaleges that have been granted






2. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai






3. The most effective defense against a buffer overflow attack.






4. The system is approved to be put into production






5. identifies hosts that are alive






6. Knowledge base comprising modeled human experience.






7. spiral method; nested version of waterfall method; estimated costs and schedules are revised at the end of the assessment Decision to proceed/cancel project is revisited after each risk assessment






8. one command at a time






9. Access to data at the same time; both denied






10. occurs when all the components of the entire system have been assembled and the entire system is tested from end to end.






11. Virtual table






12. Data input errors






13. Allows one change at a time






14. Assembly to machine






15. A database of databases






16. is a high-level description of a system--typically containing no details.






17. mimic the biological function of the brain






18. A security architecture concept wherein multiple separate mechanisms form protective layers around assets that require protection.






19. Virtual machine;restricts the applets access to system resources






20. The process of starting an instance






21. The ability to hide implementation details behind a common message interface






22. A malicious program that's designed to hide itself on the target system in order to evade detection






23. Combines information from sources to acquire knowledge whe there is a lack of clearance






24. Not trained or bound by sys dev practices; no proper app design no change control no support; apps lack security






25. Two dimensional tables






26. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.






27. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






28. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai






29. reconfigures a system to use the IP of a trusted system-correct with packet filtering techniques






30. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






31. Creation of data as objects; for complex applications






32. Places system into high level of security






33. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna






34. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client






35. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.






36. A template that defines the methods and variables to be included in a particular type of object






37. Attribute related to another table






38. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






39. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.






40. An object-orientation term that refers to the practice of encapsulating an object within another inorder to hide the first object's functioning details






41. OBDC; JDBC; XML; OLE; ADO






42. software transmitted across the network to a local system and executed on that system Java applets; active X controls; Scripts/plug-ins






43. Data is arranged in a tree structure with parent records at the top of the database and a hierarchy of child records in successive layers






44. The tree structure of a collection of objects and classes






45. Ideal for web development; allows for basic functionality to be deployed in a quick time frame; maintenance phase begins after deployment; application evolves as the environment changes






46. The process of detecting certain anomalous behavior to prevent viruses






47. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).






48. Rapid Application Development- rapid prototyping with strict time limits






49. Attacker sends multiple IP ping requests to a receiving device-likely via a router






50. A particular object that's a member of a class