Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Refers to the process of combining low-sensitivity data items together resulting in high-sensitivity data.






2. This component enforces access controls on a system






3. Object Request Broker






4. Ensures seperation of duties by ensuring programmers do not have access to production code.






5. A virtual table that consists of the rows and fields from one or more tables in the database






6. A process used to avoid collisions in which two or more programs may be trying to update the same table or row at the same time.






7. The component of an expert system that produces a quantitative result based on uncertainties.






8. Assembly to machine






9. An application that consists of components on separate and networked systems.






10. ntentionally implanted loopholes in a syste to detect hackers






11. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.






12. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






13. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






14. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






15. A program that claims to be something but turns out to be malicious






16. Training; explicit policies; do not double-click attachments;disable windows scrpit host; activeX; Vbscript; and javascript;do not send HTML formatted Email; use more than one scaner and scan everything






17. Open Databaes Connectivity






18. involves using standardized building blocks to assemble rather than develop application; may be security advantage as the components previously tested for security similar to OOP






19. where the application is developed






20. The formal evaluation of the system.






21. form of asynchronous attack; occurs when a program checks access permission too far in advance of a resuource request; attack gets in between steps and makes modifications; how to mitigate have software lock the items it will use while carrying out i






22. mimic the biological function of the brain






23. Conceal a lower level processes from higher level processes






24. steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance






25. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






26. Allows user to bypass failed security controls






27. Component Object Model-microsoft framework for developing and supporting components allows other applications of components to access their features.






28. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






29. The packaging of an object. Everything inside the object is hidden






30. Suppress unnecessary details not needed to perform an activity






31. An object-orientation term that refers to the practice of encapsulating an object within another inorder to hide the first object's functioning details






32. Virtual machine;restricts the applets access to system resources






33. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust






34. An object that gets some of its characteristics from a class.






35. Programming based on the concept that after an object is written it can be reused






36. Protect an objects private data from outside access






37. An application that consists of components on separate and networked systems.






38. is a high-level description of a system--typically containing no details.






39. A database whose components exist in multiple physical locations. This type of database can be hierarchical or network or relational or object or any other design.






40. A program designed to cause damage or execute an event when some computer/network event has occurred.






41. The most effective defense against a buffer overflow attack.






42. How objects communicate with one another






43. Rapid Application Development- rapid prototyping with strict time limits






44. Level 0 Security Kernel; reference monitor;level 1 and 2; device drivers; level 3 user mode






45. The process of developing highest-detail designs






46. A database whose components exist in multiple physical locations. It is so named because of its location not its design. This type of database can be hierarchical or network or relational or object or any other design.






47. Names of tables; space definitions; views; indexe; clusters; synonyms; user names haing access to the DB;rights and privaleges that have been granted






48. Data input errors






49. Knowledge base comprising modeled human experience.






50. The procedure (code) contained in an object