SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISSP Secure Software Development
Start Test
Study First
Subjects
:
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The process that captures actual changes to software code and end-user documentation and operations documentation and disaster recovery planning documentation and anything else that's affected by the change request.
Configuration management
DB threat Compromising data views
CORBA
Malware Protections
2. used to keep application developers off of production systems. It can also keep different applications or environments from interfering with each other.
System test
Hardware segmentation
Virus
Access control
3. The tree structure of a collection of objects and classes
Worms
Data dictionary
Class hierarchy
Heuristics
4. Attribute related to another table
Spiral Development
Hierarchial
Foreign key
IP Probes/Ping sweeps
5. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers
Information Protection Management
Type-safe programming
Transaction
Virus
6. This component enforces access controls on a system
IDEAL
Reference monitor
SQL
Hierarchial
7. CMM process unpredictable; poorly ontrolled
Salami Scam
User Acceptance Testing
Information Protection Management
CMM Level 1
8. A malicious program that spreads by attacking known weaknesses on computer systems.
Data Warehousing
SDLC
Worms
Message
9. Unique identifier
OLAP
Primary key
OMA
Pseudo flaw
10. Technical evaluation of security compliance
CMM level 3
Malware Protections
Expert systems
Certification
11. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna
OLTP
Teardrop
Conceptual definition
CASE
12. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.
Spiral Development
Aggregation
XML
Dictionary attack
13. A malicious program that spreads by attacking known weaknesses on computer systems.
Degree
Worms
Abstraction
Unique and random id
14. Object Linking and Embedding; access to data no matter the location or format
JAD
Certification
Cleanroom
OLE
15. A database whose components exist in multiple physical locations. It is so named because of its location not its design. This type of database can be hierarchical or network or relational or object or any other design.
Fail-open
Distributed database
Certification
CASE
16. Places system into high level of security
Fail-safe/fail secure
Class hierarchy
Granularity
Component based development
17. refers to an application's ability to record every auditable event by describing the event: who made the change and what the change was and when the change was made.
Accountability
Fail-open
Cleanroom
Transaction
18. Online Analytical Processing
XML
Abstraction
Session hijacking
OLAP
19. Attributes identifying a record
Candidate key
Assembly Language
Logic bomb
SMURF/Fraggle
20. Enterprise JavaBean
EJB
SQL Types
Data dictionary
Agent
21. An application that consists of components on separate and networked systems.
Hierarchial
System test
Distributed application
User Acceptance Testing
22. Ideal for web development; allows for basic functionality to be deployed in a quick time frame; maintenance phase begins after deployment; application evolves as the environment changes
OLAP
Fail-safe/fail secure
Inference engine
Modified Prototype Model
23. Sends overlapping packet fragments in which TCP/IP cannot handle
War Dialing
Virus
Teardrop
Covert channels
24. The component of an expert system that produces a quantitative result based on uncertainties.
Fuzzy logic
Worms
IDL
View
25. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null
Salami Scam
Cleanroom
DB Integrity
Encapsulation
26. Programming based on the concept that after an object is written it can be reused
Object-oriented programming
Virus types
OMG
Agent
27. Number of columns
Degree
Fail-safe/fail secure
ORB
Database
28. Initiating- oultine business reasons for change; diagnosing analyze state of the organization; make recommendations for change; establishing- develop a plan of action to achieve change Acting-develop solutions; test refine;; implement Learning- analy
Applet
Trojan horse
IDEAL
War Dialing
29. Common Object Reqquest Broker
SQL
ORB
CORBA
Agent
30. The system is approved to be put into production
Accreditation
Instance
View
System high mode
31. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.
Waterfall method
Executable content/mobile code
Defense in Depth (layering)
Open source Code
32. Knowledge base comprising modeled human experience.
System test
Expert systems
Certification
Virus types
33. Training; explicit policies; do not double-click attachments;disable windows scrpit host; activeX; Vbscript; and javascript;do not send HTML formatted Email; use more than one scaner and scan everything
Malware Protections
Trojan horse
CASE
CMM Level 1
34. Combines data from multiple databases;data is extracted and transferred to central store;OLAP
Data Warehousing
Virus
Trojan horse
Structured Programming development
35. Protect an objects private data from outside access
Rootkit
Cleanroom
Ping of death
Encapsulation
36. where the application is developed
Coding process
Defense in Depth (layering)
Systems development life cycle (SDLC)
Certification
37. Open Databaes Connectivity
Applet
OBDC
Dictionary attack
OMA
38. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.
Software librarian
Unique and random id
Structured Programming development
DNS Cache poisoning
39. A database of databases
Limit checks
War Dialing
IP Probes/Ping sweeps
Data dictionary
40. The results of an object having received a message
Abstraction
Behavior
Certification
Database
41. is a high-level description of a system--typically containing no details.
User Acceptance Testing
Reference monitor
Rootkit
Conceptual definition
42. Current Software Environment ; open source; program
Virus
Application Development
Clean room
Functional specifications
43. Ensures seperation of duties by ensuring programmers do not have access to production code.
War Dialing
User Acceptance Testing
Software librarian
Applet
44. An object-orientation term that refers to the practice of encapsulating an object within another inorder to hide the first object's functioning details
Data hiding
DB threat Compromising data views
View
Rootkit
45. The process of developing one object from another object but with different values in the new object
Inference engine
Data warehouse
Distributed database
Polyinstantiation
46. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.
Aggregation
Aggregation
Relational database
Interpreter
47. Suppress unnecessary details not needed to perform an activity
Expert systems
Open source Code
Abstraction
Interpreter
48. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).
Object oriented
Object database
Primary key
Data hiding
49. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client
DB threat Compromising data views
Behavior
Applet
Data Dictionary elements
50. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...
Ahange management
CMM level 2
Assembler
Salami Scam