Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. identifies open ports on a host






2. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






3. Object Management group






4. There is no inherent difference between data and programming instructions representations in memory.






5. steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance






6. A special-purpose database that's used for business research and decision support and planning; typical databases support daily business operations. This type of database is also used for decision support.






7. The act of limiting running processes ability to view or modify memory and cache that's assigned to another process.






8. The steps required to develop a system from conception through implementation; support; and ultimately retirement.






9. Client Side program that is platform independent; runs inside another application






10. is a high-level description of a system--typically containing no details.






11. Signature based detection; heuristic based detection;hoaxes;logic bomb;trojan horse;worm;agents/bots;spyware






12. A software component in a distributed system that performs a particular service or function. (e.g. Patch management or Host-based intrusion detection systems (HIDS) and performance and capacity monitoring.






13. A malicious program that's designed to hide itself on the target system in order to evade detection






14. A database of databases






15. Knowledge base comprising modeled human experience.






16. form of asynchronous attack; occurs when a program checks access permission too far in advance of a resuource request; attack gets in between steps and makes modifications; how to mitigate have software lock the items it will use while carrying out i






17. software transmitted across the network to a local system and executed on that system Java applets; active X controls; Scripts/plug-ins






18. The process that captures actual changes to software code and end-user documentation and operations documentation and disaster recovery planning documentation and anything else that's affected by the change request.






19. The process of developing one object from another object but with different values in the new object






20. refers to a system that operates at the highest level of information classification






21. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.






22. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke






23. Allows one change at a time






24. Creation of data as objects; for complex applications






25. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.






26. Memory management involves allocating memory to a process; reallocating it upon process completion; then re-allocating to a new process- can result in residual information






27. A list of required characteristics of the system...a collection of things the system must do or desired features






28. The formal evaluation of the system.






29. Ensures seperation of duties by ensuring programmers do not have access to production code.






30. An action that is performed on a database that results in the addition or alteration or removal of data.






31. Combines data from multiple databases;data is extracted and transferred to central store;OLAP






32. Maintenance or programming hook; software entry point that is inserted by programmer; allows developers to bypass normal acces restrictions






33. The process of detecting certain anomalous behavior to prevent viruses






34. The component of an expert system that produces a quantitative result based on uncertainties.






35. Review of certification information; official authorization to place the system in operational use.






36. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna






37. Active-X Data Objects-allows apps to access back-end DB systems






38. should be required procedures for changing; accepting; and testing software-management approval-change management; config management






39. Attacks employing specially crafted user input-unicode format for a browser URL that bypasses firewall rulessets ;structured query language queries in the borwser URL box






40. The procedure (code) contained in an object






41. Interface Definition Language






42. This component enforces access controls on a system






43. Database structure






44. formal processes in place and repeatable






45. Low level computer language.






46. Systems Development Life Cycle- project management framework; used to plan execute and control a software development project






47. Attribute related to another table






48. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!






49. Allows user to bypass failed security controls






50. A database whose components exist in multiple physical locations. This type of database can be hierarchical or network or relational or object or any other design.