Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. There is no inherent difference between data and programming instructions representations in memory.






2. software transmitted across the network to a local system and executed on that system Java applets; active X controls; Scripts/plug-ins






3. Allows for successive refinements of requirements; design and coding; requires change control mechanism;prototyping initial concept; desing and implement initial prototype; refine prototype; complete and release






4. should be required procedures for changing; accepting; and testing software-management approval-change management; config management






5. Sends overlapping packet fragments in which TCP/IP cannot handle






6. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






7. methodolgy Machine; assembler; high level; very high level; Artificial Intelligence Source code goes into compiler and Machine code is used on hardware






8. A mechanism used to define and store and manipulate data. It contains data used by one or more applications as well as a programming and command interface used to create and manage and administer data.






9. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.






10. Database structure






11. A security architecture concept wherein multiple separate mechanisms form protective layers around assets that require protection.






12. Ensures seperation of duties by ensuring programmers do not have access to production code.






13. looking for Wireless Access points






14. A process of viewing an application from its highest-level functions which makes all lower-level functions into abstractions






15. involves using standardized building blocks to assemble rather than develop application; may be security advantage as the components previously tested for security similar to OOP






16. A malicious program that's designed to hide itself on the target system in order to evade detection






17. Component Object Model-microsoft framework for developing and supporting components allows other applications of components to access their features.






18. Systems Development Life Cycle- project management framework; used to plan execute and control a software development project






19. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity






20. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






21. Review of certification information; official authorization to place the system in operational use.






22. Names of tables; space definitions; views; indexe; clusters; synonyms; user names haing access to the DB;rights and privaleges that have been granted






23. The process of passing a requested method that the object doesn't have to an object that does contain the requested method.






24. A database whose components exist in multiple physical locations. This type of database can be hierarchical or network or relational or object or any other design.






25. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






26. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.






27. Enterprise JavaBean






28. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.






29. one block at a time






30. Virtual table






31. Current Software Environment ; open source; program






32. A list of required characteristics of the system...a collection of things the system must do or desired features






33. The act of limiting running processes ability to view or modify memory and cache that's assigned to another process.






34. The part of access control that relates to how finely you can control who can see and manipulate data in which databases and tables and rows and fields.






35. Initiating- oultine business reasons for change; diagnosing analyze state of the organization; make recommendations for change; establishing- develop a plan of action to achieve change Acting-develop solutions; test refine;; implement Learning- analy






36. Technical evaluation of security compliance






37. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null






38. Java Database connectivity-allows Java apps to communicate to DB






39. Similar to a smurf attack; tricks DNS servers to send unwanted traffic to third pary; flooding network connectoin






40. The formal evaluation of the system.






41. occurs when all the components of the entire system have been assembled and the entire system is tested from end to end.






42. Combines information from sources to acquire knowledge whe there is a lack of clearance






43. An object-orientation term that refers to the practice of encapsulating an object within another inorder to hide the first object's functioning details






44. Low level computer language.






45. Assembly to machine






46. A program designed to cause damage or execute an event when some computer/network event has occurred.






47. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna






48. Common Object Reqquest Broker






49. steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance






50. A special-purpose database that's used for business research and decision support and planning; typical databases support daily business operations. This type of database is also used for decision support.