Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Names of tables; space definitions; views; indexe; clusters; synonyms; user names haing access to the DB;rights and privaleges that have been granted

2. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai

3. The most effective defense against a buffer overflow attack.

4. The system is approved to be put into production

5. identifies hosts that are alive

6. Knowledge base comprising modeled human experience.

7. spiral method; nested version of waterfall method; estimated costs and schedules are revised at the end of the assessment Decision to proceed/cancel project is revisited after each risk assessment

8. one command at a time

9. Access to data at the same time; both denied

10. occurs when all the components of the entire system have been assembled and the entire system is tested from end to end.

11. Virtual table

12. Data input errors

13. Allows one change at a time

14. Assembly to machine

15. A database of databases

16. is a high-level description of a system--typically containing no details.

17. mimic the biological function of the brain

18. A security architecture concept wherein multiple separate mechanisms form protective layers around assets that require protection.

19. Virtual machine;restricts the applets access to system resources

20. The process of starting an instance

21. The ability to hide implementation details behind a common message interface

22. A malicious program that's designed to hide itself on the target system in order to evade detection

23. Combines information from sources to acquire knowledge whe there is a lack of clearance

24. Not trained or bound by sys dev practices; no proper app design no change control no support; apps lack security

25. Two dimensional tables

26. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.

27. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?

28. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai

29. reconfigures a system to use the IP of a trusted system-correct with packet filtering techniques

30. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.

31. Creation of data as objects; for complex applications

32. Places system into high level of security

33. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna

34. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client

35. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.

36. A template that defines the methods and variables to be included in a particular type of object

37. Attribute related to another table

38. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...

39. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.

40. An object-orientation term that refers to the practice of encapsulating an object within another inorder to hide the first object's functioning details


42. software transmitted across the network to a local system and executed on that system Java applets; active X controls; Scripts/plug-ins

43. Data is arranged in a tree structure with parent records at the top of the database and a hierarchy of child records in successive layers

44. The tree structure of a collection of objects and classes

45. Ideal for web development; allows for basic functionality to be deployed in a quick time frame; maintenance phase begins after deployment; application evolves as the environment changes

46. The process of detecting certain anomalous behavior to prevent viruses

47. A part of the overall object-oriented application design - the objects in an object database include datarecords as well as their methods (application code).

48. Rapid Application Development- rapid prototyping with strict time limits

49. Attacker sends multiple IP ping requests to a receiving device-likely via a router

50. A particular object that's a member of a class