Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The process that captures actual changes to software code and end-user documentation and operations documentation and disaster recovery planning documentation and anything else that's affected by the change request.

2. used to keep application developers off of production systems. It can also keep different applications or environments from interfering with each other.

3. The tree structure of a collection of objects and classes

4. Attribute related to another table

5. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers

6. This component enforces access controls on a system

7. CMM process unpredictable; poorly ontrolled

8. A malicious program that spreads by attacking known weaknesses on computer systems.

9. Unique identifier

10. Technical evaluation of security compliance

11. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna

12. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.

13. A malicious program that spreads by attacking known weaknesses on computer systems.

14. Object Linking and Embedding; access to data no matter the location or format

15. A database whose components exist in multiple physical locations. It is so named because of its location not its design. This type of database can be hierarchical or network or relational or object or any other design.

16. Places system into high level of security

17. refers to an application's ability to record every auditable event by describing the event: who made the change and what the change was and when the change was made.

18. Online Analytical Processing

19. Attributes identifying a record

20. Enterprise JavaBean

21. An application that consists of components on separate and networked systems.

22. Ideal for web development; allows for basic functionality to be deployed in a quick time frame; maintenance phase begins after deployment; application evolves as the environment changes

23. Sends overlapping packet fragments in which TCP/IP cannot handle

24. The component of an expert system that produces a quantitative result based on uncertainties.

25. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null

26. Programming based on the concept that after an object is written it can be reused

27. Number of columns

28. Initiating- oultine business reasons for change; diagnosing analyze state of the organization; make recommendations for change; establishing- develop a plan of action to achieve change Acting-develop solutions; test refine;; implement Learning- analy

29. Common Object Reqquest Broker

30. The system is approved to be put into production

31. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.

32. Knowledge base comprising modeled human experience.

33. Training; explicit policies; do not double-click attachments;disable windows scrpit host; activeX; Vbscript; and javascript;do not send HTML formatted Email; use more than one scaner and scan everything

34. Combines data from multiple databases;data is extracted and transferred to central store;OLAP

35. Protect an objects private data from outside access

36. where the application is developed

37. Open Databaes Connectivity

38. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.

39. A database of databases

40. The results of an object having received a message

41. is a high-level description of a system--typically containing no details.

42. Current Software Environment ; open source; program

43. Ensures seperation of duties by ensuring programmers do not have access to production code.

44. An object-orientation term that refers to the practice of encapsulating an object within another inorder to hide the first object's functioning details

45. The process of developing one object from another object but with different values in the new object

46. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.

47. Suppress unnecessary details not needed to perform an activity

48. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).

49. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client

50. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...