Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






2. The process of developing one object from another object but with different values in the new object






3. Allows one change at a time






4. Signature based detection; heuristic based detection;hoaxes;logic bomb;trojan horse;worm;agents/bots;spyware






5. A program designed to cause damage or execute an event when some computer/network event has occurred.






6. one command at a time






7. mimic the biological function of the brain






8. reconfigures a system to use the IP of a trusted system-correct with packet filtering techniques






9. ntentionally implanted loopholes in a syste to detect hackers






10. process quantitatively measured and controlled






11. formal processes in place and repeatable






12. source/destination IP and Port set to same






13. Refers to the process of combining low-sensitivity data items together resulting in high-sensitivity data.






14. Data is arranged in a tree structure with parent records at the top of the database and a hierarchy of child records in successive layers






15. Refers to not being able to place code in a string and then executing it;arrays stay in bounds;pointers are always valid; code cannot violate variable timing






16. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






17. Assures that no individuals or objects (such as programs that make requests of databases) have excessive functions on a system.






18. The process of detecting certain anomalous behavior to prevent viruses






19. Attacker sends multiple IP ping requests to a receiving device-likely via a router






20. methodolgy Machine; assembler; high level; very high level; Artificial Intelligence Source code goes into compiler and Machine code is used on hardware






21. A malicious program that's designed to hide itself on the target system in order to evade detection






22. A method used to crack computer account passwords by using common words found in a dictionary






23. The packaging of an object. Everything inside the object is hidden






24. Encrypt cookies; do not use sequential; calculable; or predictable cookies; session numbers or URL data; do not cache secure pages; do not automatically trust data use input validation






25. White box logical testing line by line; black box; examines input and output without access to program/gray box examines input and output of a program having access to the code; but not anaylzing the internal logic






26. Style of programming that promotes discipline; allows introspection; and providing controlled flexibility; requires refined processes and modular development; each phase subject to review and approval; allows for security to be added in a formalized






27. Current Software Environment ; open source; program






28. Write good code the first time; controls defects in software; quality achieved through design versus testing and remediation;






29. The results of an object having received a message






30. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!






31. Object Management group






32. A process of viewing an application from its highest-level functions which makes all lower-level functions into abstractions






33. A program that claims to be something but turns out to be malicious






34. Ensures seperation of duties by ensuring programmers do not have access to production code.






35. The process of passing a requested method that the object doesn't have to an object that does contain the requested method.






36. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.






37. packets in excess of 65535 bytes sent targeted machine






38. A template that defines the methods and variables to be included in a particular type of object






39. Data input errors






40. Suppress unnecessary details not needed to perform an activity






41. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






42. There is no inherent difference between data and programming instructions representations in memory.






43. An object that gets some of its characteristics from a class.






44. The formal evaluation of the system.






45. The procedure (code) contained in an object






46. Bypass front end controls






47. A process used to avoid collisions in which two or more programs may be trying to update the same table or row at the same time.






48. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






49. Training; explicit policies; do not double-click attachments;disable windows scrpit host; activeX; Vbscript; and javascript;do not send HTML formatted Email; use more than one scaner and scan everything






50. A mechanism used to define and store and manipulate data. It contains data used by one or more applications as well as a programming and command interface used to create and manage and administer data.