Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ntentionally implanted loopholes in a syste to detect hackers






2. A program that claims to be something but turns out to be malicious






3. A security architecture concept wherein multiple separate mechanisms form protective layers around assets that require protection.






4. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.






5. How objects communicate with one another






6. The process of developing highest-detail designs






7. Data is arranged in a tree structure - with parent records at the top of the database - and a hierarchy of child records in successive layers






8. Conceal a lower level processes from higher level processes






9. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust






10. Bypass front end controls






11. Object Management group






12. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai






13. steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance






14. Ensures seperation of duties by ensuring programmers do not have access to production code.






15. The process of passing a requested method that the object doesn't have to an object that does contain the requested method.






16. Two dimensional tables






17. one command at a time






18. spiral method; nested version of waterfall method; estimated costs and schedules are revised at the end of the assessment Decision to proceed/cancel project is revisited after each risk assessment






19. Common Object Reqquest Broker






20. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






21. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables






22. Combines information from sources to acquire knowledge whe there is a lack of clearance






23. Combines data from multiple databases;data is extracted and transferred to central store;OLAP






24. A process of viewing an application from its highest-level functions which makes all lower-level functions into abstractions






25. Similar to a smurf attack; tricks DNS servers to send unwanted traffic to third pary; flooding network connectoin






26. Current Software Environment ; open source; program






27. Component Object Model-microsoft framework for developing and supporting components allows other applications of components to access their features.






28. Initiating- oultine business reasons for change; diagnosing analyze state of the organization; make recommendations for change; establishing- develop a plan of action to achieve change Acting-develop solutions; test refine;; implement Learning- analy






29. The process that captures actual changes to software code and end-user documentation and operations documentation and disaster recovery planning documentation and anything else that's affected by the change request.






30. A malicious program that spreads by attacking known weaknesses on computer systems.






31. Extensible Mark-up language standard for marking data on the web






32. form of asynchronous attack; occurs when a program checks access permission too far in advance of a resuource request; attack gets in between steps and makes modifications; how to mitigate have software lock the items it will use while carrying out i






33. An application that consists of components on separate and networked systems.






34. A virtual table that consists of the rows and fields from one or more tables in the database






35. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.






36. Style of programming that promotes discipline; allows introspection; and providing controlled flexibility; requires refined processes and modular development; each phase subject to review and approval; allows for security to be added in a formalized






37. Channel allowing two cooperating processes to transfer info in a way it violated sec policy; either storage; one process writes; another process reads or timing one process relays info to another by modulating its use of sys resources






38. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client






39. Joint Application Development- management process that allows developers to work directly with users






40. Protect an objects private data from outside access






41. should be required procedures for changing; accepting; and testing software-management approval-change management; config management






42. Enterprise JavaBean






43. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.






44. mimic the biological function of the brain






45. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client






46. A program that claims to be something but turns out to be malicious






47. Rapid Application Development- rapid prototyping with strict time limits






48. Technical evaluation of security compliance






49. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke






50. refers to a system that operates at the highest level of information classification