Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Assembly to machine






2. Inter Process Communications- mechanisms that facilitate communication between processes or threads






3. Access to data at the same time; both denied






4. The process that captures actual changes to software code and end-user documentation and operations documentation and disaster recovery planning documentation and anything else that's affected by the change request.






5. Virtual table






6. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!






7. formal documents in place and pro-active






8. Knowledge base comprising modeled human experience.






9. Ensures seperation of duties by ensuring programmers do not have access to production code.






10. A template that defines the methods and variables to be included in a particular type of object






11. focused on continuous process improvement






12. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






13. A database of databases






14. Creation of data as objects; for complex applications






15. The most effective defense against a buffer overflow attack.






16. mimic the biological function of the brain






17. Combines data from multiple databases;data is extracted and transferred to central store;OLAP






18. An application that consists of components on separate and networked systems.






19. A mechanism used to define and store and manipulate data. It contains data used by one or more applications as well as a programming and command interface used to create and manage and administer data.






20. spiral method; nested version of waterfall method; estimated costs and schedules are revised at the end of the assessment Decision to proceed/cancel project is revisited after each risk assessment






21. The process of starting an instance






22. Enterprise JavaBean






23. Style of programming that promotes discipline; allows introspection; and providing controlled flexibility; requires refined processes and modular development; each phase subject to review and approval; allows for security to be added in a formalized






24. This component enforces access controls on a system






25. A list of characteristics that can be created in the real world.






26. Component Object Model-microsoft framework for developing and supporting components allows other applications of components to access their features.






27. Channel allowing two cooperating processes to transfer info in a way it violated sec policy; either storage; one process writes; another process reads or timing one process relays info to another by modulating its use of sys resources






28. An object that gets some of its characteristics from a class.






29. A malicious program that spreads by attacking known weaknesses on computer systems.






30. Joint Application Development- management process that allows developers to work directly with users






31. This component enforces access controls on a system






32. Write good code the first time; controls defects in software; quality achieved through design versus testing and remediation;






33. Signature based detection; heuristic based detection;hoaxes;logic bomb;trojan horse;worm;agents/bots;spyware






34. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust






35. row






36. The most effective defense against a buffer overflow attack.






37. A database whose components exist in multiple physical locations. This type of database can be hierarchical or network or relational or object or any other design.






38. Interface Definition Language






39. occurs when all the components of the entire system have been assembled and the entire system is tested from end to end.






40. Attacker sends multiple IP ping requests to a receiving device-likely via a router






41. computer Aided Software Engineering Tools using computers and computer utilities to support software engineering tasks and activities in the process fo developing software-compilers; assemblers; linkers; translators; loaders; debuggers; program edito






42. The formal evaluation of the system.






43. The process of detecting certain anomalous behavior to prevent viruses






44. Data is arranged in a tree structure - with parent records at the top of the database - and a hierarchy of child records in successive layers






45. A database where records can be networked to other records through paths that are different from the hierarchy itself






46. A program that claims to be something but turns out to be malicious






47. A program that claims to be something but turns out to be malicious






48. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






49. Two dimensional tables






50. Rapid Application Development- rapid prototyping with strict time limits