Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!






2. Client Side program that is platform independent; runs inside another application






3. A method used to crack computer account passwords by using common words found in a dictionary






4. The act of limiting running processes ability to view or modify memory and cache that's assigned to another process.






5. A program that claims to be something but turns out to be malicious






6. Oligomorphic-code similar to polymorphic; but has decryptor that does not show up on signature list; metamorphic; reprograms itself; carries various versions for itself; translates itself into temporary representations and then back to normal code; z






7. The formal evaluation of the system.






8. Combines data from multiple databases;data is extracted and transferred to central store;OLAP






9. Names of tables; space definitions; views; indexe; clusters; synonyms; user names haing access to the DB;rights and privaleges that have been granted






10. process quantitatively measured and controlled






11. Refers to the process of combining low-sensitivity data items together resulting in high-sensitivity data.






12. Database structure






13. occurs when all the components of the entire system have been assembled and the entire system is tested from end to end.






14. Attributes identifying a record






15. A security architecture concept wherein multiple separate mechanisms form protective layers around assets that require protection.






16. one block at a time






17. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!






18. Requirements built on what is available; built on assumptions on how system might work; consists of planning and trying different designs before development -not cost effective- results in less than optimal systems






19. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust






20. Ideal for web development; allows for basic functionality to be deployed in a quick time frame; maintenance phase begins after deployment; application evolves as the environment changes






21. A database where records can be networked to other records through paths that are different from the hierarchy itself






22. Training; explicit policies; do not double-click attachments;disable windows scrpit host; activeX; Vbscript; and javascript;do not send HTML formatted Email; use more than one scaner and scan everything






23. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






24. identifies open ports on a host






25. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






26. Not trained or bound by sys dev practices; no proper app design no change control no support; apps lack security






27. Review of certification information; official authorization to place the system in operational use.






28. The tree structure of a collection of objects and classes






29. The process of passing a requested method that the object doesn't have to an object that does contain the requested method.






30. Conceal a lower level processes from higher level processes






31. The part of access control that relates to how finely you can control who can see and manipulate data in which databases and tables and rows and fields.






32. The process of starting an instance






33. White box logical testing line by line; black box; examines input and output without access to program/gray box examines input and output of a program having access to the code; but not anaylzing the internal logic






34. A database where records can be networked to other records through paths that are different from the hierarchy itself






35. Attacker sends multiple IP ping requests to a receiving device-likely via a router






36. The procedure (code) contained in an object






37. Refers to a system that operates at the highest level of information classification






38. one command at a time






39. Common Object Reqquest Broker






40. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna






41. The most effective defense against a buffer overflow attack.






42. Systems Development Life Cycle- project management framework; used to plan execute and control a software development project






43. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.






44. Virtual table






45. Inter Process Communications- mechanisms that facilitate communication between processes or threads






46. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






47. formal documents in place and pro-active






48. This component enforces access controls on a system






49. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client






50. A list of required characteristics of the system...a collection of things the system must do or desired features