Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






2. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






3. Object Linking and Embedding; access to data no matter the location or format






4. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables






5. Ensures seperation of duties by ensuring programmers do not have access to production code.






6. An object that gets some of its characteristics from a class.






7. The tree structure of a collection of objects and classes






8. Object Request Broker






9. computer Aided Software Engineering Tools using computers and computer utilities to support software engineering tasks and activities in the process fo developing software-compilers; assemblers; linkers; translators; loaders; debuggers; program edito






10. Maintenance or programming hook; software entry point that is inserted by programmer; allows developers to bypass normal acces restrictions






11. The results of an object having received a message






12. A malicious program that's designed to hide itself on the target system in order to evade detection






13. Enterprise JavaBean






14. Refers to the process of combining low-sensitivity data items together resulting in high-sensitivity data.






15. A process used to avoid collisions in which two or more programs may be trying to update the same table or row at the same time.






16. Refers to not being able to place code in a string and then executing it;arrays stay in bounds;pointers are always valid; code cannot violate variable timing






17. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.






18. A database where records can be networked to other records through paths that are different from the hierarchy itself






19. Requirements built on what is available; built on assumptions on how system might work; consists of planning and trying different designs before development -not cost effective- results in less than optimal systems






20. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






21. Oligomorphic-code similar to polymorphic; but has decryptor that does not show up on signature list; metamorphic; reprograms itself; carries various versions for itself; translates itself into temporary representations and then back to normal code; z






22. Unique identifier






23. The concept refers to the ability of someone to deduce something about sensitive information that's beyond normal reach because of its sensitivity level.






24. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust






25. The process of developing one object from another object but with different values in the new object






26. Data in more thatn one DB






27. A program designed to cause damage or execute an event when some computer/network event has occurred.






28. Data is arranged in a tree structure - with parent records at the top of the database - and a hierarchy of child records in successive layers






29. refers to a system that operates at the highest level of information classification






30. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






31. Level 0 Security Kernel; reference monitor;level 1 and 2; device drivers; level 3 user mode






32. Allows user to bypass failed security controls






33. A database whose components exist in multiple physical locations. This type of database can be hierarchical or network or relational or object or any other design.






34. Bypass front end controls






35. Two dimensional tables






36. Attribute related to another table






37. A method used to crack computer account passwords by using common words found in a dictionary






38. Style of programming that promotes discipline; allows introspection; and providing controlled flexibility; requires refined processes and modular development; each phase subject to review and approval; allows for security to be added in a formalized






39. Ensures seperation of duties by ensuring programmers do not have access to production code.






40. A common attack on databases. It includes combining unclassed data from seperate sources to create secret info.






41. The most effective defense against a buffer overflow attack.






42. The last step in the design process in which a group of experts examine the detailed designs






43. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity






44. Online Analytical Processing






45. Inter Process Communications- mechanisms that facilitate communication between processes or threads






46. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.






47. process quantitatively measured and controlled






48. Data is arranged in a tree structure with parent records at the top of the database and a hierarchy of child records in successive layers






49. Open Databaes Connectivity






50. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?