Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.






2. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!






3. The most effective defense against a buffer overflow attack.






4. The concept refers to the ability of someone to deduce something about sensitive information that's beyond normal reach because of its sensitivity level.






5. An object that gets some of its characteristics from a class.






6. Attacks employing specially crafted user input-unicode format for a browser URL that bypasses firewall rulessets ;structured query language queries in the borwser URL box






7. Open Databaes Connectivity






8. Signature based detection; heuristic based detection;hoaxes;logic bomb;trojan horse;worm;agents/bots;spyware






9. Inter Process Communications- mechanisms that facilitate communication between processes or threads






10. A malicious program that's designed to hide itself on the target system in order to evade detection






11. Current Software Environment ; open source; program






12. refers to an application's ability to record every auditable event by describing the event: who made the change and what the change was and when the change was made.






13. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client






14. A program designed to cause damage or execute an event when some computer/network event has occurred.






15. The component of an expert system that produces a quantitative result based on uncertainties.






16. A list of characteristics that can be created in the real world.






17. Allows one change at a time






18. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity






19. Oligomorphic-code similar to polymorphic; but has decryptor that does not show up on signature list; metamorphic; reprograms itself; carries various versions for itself; translates itself into temporary representations and then back to normal code; z






20. software transmitted across the network to a local system and executed on that system Java applets; active X controls; Scripts/plug-ins






21. Suppress unnecessary details not needed to perform an activity






22. Records structured in heirarchy






23. Technical evaluation of security compliance






24. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null






25. where the application is developed






26. A program designed to cause damage or execute an event when some computer/network event has occurred.






27. Bypass front end controls






28. Virus types stealth: hides by tampering with OS to fool Antiirus software; encryption/compression helps hide virus; polymorphic-mutates by modifying its own code as it travels form system ot system while still keeping the original algorithm intact; m






29. Joint Application Development- management process that allows developers to work directly with users






30. Channel allowing two cooperating processes to transfer info in a way it violated sec policy; either storage; one process writes; another process reads or timing one process relays info to another by modulating its use of sys resources






31. Java Database connectivity-allows Java apps to communicate to DB






32. Refers to not being able to place code in a string and then executing it;arrays stay in bounds;pointers are always valid; code cannot violate variable timing






33. one block at a time






34. A program that claims to be something but turns out to be malicious






35. Database in one table






36. An application that consists of components on separate and networked systems.






37. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke






38. Ensures seperation of duties by ensuring programmers do not have access to production code.






39. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.






40. Knowledge base comprising modeled human experience.






41. The steps required to develop a system from conception through implementation; support; and ultimately retirement.






42. The packaging of an object. Everything inside the object is hidden






43. Level 0 Security Kernel; reference monitor;level 1 and 2; device drivers; level 3 user mode






44. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






45. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables






46. Common Object Reqquest Broker






47. identifies hosts that are alive






48. mimic the biological function of the brain






49. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






50. Data input errors