SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISSP Secure Software Development
Start Test
Study First
Subjects
:
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The most effective defense against a buffer overflow attack.
Coding process
Bounds Checking
OLAP
DB threat Compromising data views
2. Combines information from sources to acquire knowledge whe there is a lack of clearance
Dictionary attack
DB Threat Aggregation
Heuristics
Hardware segmentation
3. Training; explicit policies; do not double-click attachments;disable windows scrpit host; activeX; Vbscript; and javascript;do not send HTML formatted Email; use more than one scaner and scan everything
Malware Protections
View
Conceptual definition
Class
4. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.
Inference engine
Class hierarchy
Rootkit
Cross-site scripting?
5. A software component in a distributed system that performs a particular service or function. (e.g. Patch management or Host-based intrusion detection systems (HIDS) and performance and capacity monitoring.
Relational database
Agent
Waterfall method
XML
6. A program designed to cause damage or execute an event when some computer/network event has occurred.
View
Locking
Logic bomb
Instance
7. Database in one table
Flat file
OMG
Dictionary attack
Distributed application
8. Attacker sends multiple IP ping requests to a receiving device-likely via a router
SMURF/Fraggle
Data hiding
Cross-site scripting?
Agent
9. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.
Waterfall method
Certification
Rootkit
War Dialing
10. A malicious program that spreads by attacking known weaknesses on computer systems.
Worms
Expert systems
Ping of death
XML
11. should be required procedures for changing; accepting; and testing software-management approval-change management; config management
Information Protection Management
Salami Scam
War Dialing
IP spoofing
12. Allows user to bypass failed security controls
Inheritance
Fail-open
Pseudoflaws
Distributed application
13. Programming based on the concept that after an object is written it can be reused
Configuration management
Encapsulation
Object-oriented programming
Hierarchial
14. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust
Digital Signatures
Certification
SDLC
COM
15. Client Side program that is platform independent; runs inside another application
Network database
CMM level 3
Java Applet
EJB
16. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.
User Acceptance Testing
Data dictionary
Data hiding
Relational database
17. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke
Design review
Malware Protections
Worms
SQL Types
18. Not trained or bound by sys dev practices; no proper app design no change control no support; apps lack security
Rootkit
CORBA
Malformed Input attack
Citizen programmers
19. A process of viewing an application from its highest-level functions which makes all lower-level functions into abstractions
Abstraction
Unique and random id
Waterfall method
View
20. Knowledge base comprising modeled human experience.
Expert systems
Relational
Malware
Teardrop
21. Open Databaes Connectivity
XML
CASE
Malformed Input attack
OBDC
22. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.
Applet
Rootkit
Instance
Unique and random id
23. Virus types stealth: hides by tampering with OS to fool Antiirus software; encryption/compression helps hide virus; polymorphic-mutates by modifying its own code as it travels form system ot system while still keeping the original algorithm intact; m
Malware
Degree
Inference engine
Applet
24. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?
Malformed Input attack
Abstraction
Social Engineering
Compiler
25. Channel allowing two cooperating processes to transfer info in a way it violated sec policy; either storage; one process writes; another process reads or timing one process relays info to another by modulating its use of sys resources
Methods
XML
DNS amplification
Covert channels
26. identifies hosts that are alive
View
Conceptual definition
SQL Types
IP Probes/Ping sweeps
27. Object management architecture
OBDC
View
Data warehouse
OMA
28. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null
Instance
Data hiding
Network database
DB Integrity
29. Similar to a smurf attack; tricks DNS servers to send unwanted traffic to third pary; flooding network connectoin
Port Scans
DNS amplification
Distributed application
Coding process
30. Suppress unnecessary details not needed to perform an activity
Abstraction
Heuristics
Object-oriented programming
Waterfall method
31. formal documents in place and pro-active
CMM level 3
Coding process
Pseudoflaws
War Dialing
32. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?
Hierarchial
Social Engineering
Conceptual definition
Virus
33. form of asynchronous attack; occurs when a program checks access permission too far in advance of a resuource request; attack gets in between steps and makes modifications; how to mitigate have software lock the items it will use while carrying out i
Von Neumann architecture fundamentals?
Behavior
OLTP
Time of Check/Time of use
34. Level 0 Security Kernel; reference monitor;level 1 and 2; device drivers; level 3 user mode
Relational
Protection rings
Reference monitor
View
35. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity
Open source Code
Distributed application
Database Interface Languages
Distributed database
36. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client
ADO
Applet
Distributed database
View
37. Number of columns
Degree
Encapsulation
DB threat bypass
OMG
38. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...
Ahange management
Granularity
Salami Scam
Agent
39. The procedure (code) contained in an object
RAD
Methods
Aggregation
Flat file
40. Object Request Broker
ORB
IP spoofing
Expert systems
Delegation
41. Style of programming that promotes discipline; allows introspection; and providing controlled flexibility; requires refined processes and modular development; each phase subject to review and approval; allows for security to be added in a formalized
Iterative Development
Structured Programming development
Polymorphism
Agent
42. Ensures data does not exceed maximum values; manages data types; formats; and lengths
Pseudo flaw
Component based development
Limit checks
Ahange management
43. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers
Land
Distributed application
Fuzzy logic
Virus
44. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.
Hardware segmentation
Trojan horse
Hierarchical database
Change management
45. An object that gets some of its characteristics from a class.
Inheritance
Design review
Executable content/mobile code
Protection rings
46. The component of an expert system that produces a quantitative result based on uncertainties.
Fuzzy logic
Distributed application
Port Scans
Delegation
47. Initiating- oultine business reasons for change; diagnosing analyze state of the organization; make recommendations for change; establishing- develop a plan of action to achieve change Acting-develop solutions; test refine;; implement Learning- analy
Malformed Input attack
Locking
IDEAL
ORB
48. A database where records can be networked to other records through paths that are different from the hierarchy itself
Network database
CASE
Dictionary attack
Relational database
49. A particular object that's a member of a class
Instance
CMM level 4
Object oriented
DB threat bypass
50. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.
Access control
Class
Relational database
Change Management
