SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISSP Secure Software Development
Start Test
Study First
Subjects
:
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!
CMM level 2
Process Isolation
Malware Protections
Cleanroom
2. Client Side program that is platform independent; runs inside another application
RAD
SDLC
DB Integrity
Java Applet
3. A method used to crack computer account passwords by using common words found in a dictionary
Network database
Database Interface Languages
Citizen programmers
Dictionary attack
4. The act of limiting running processes ability to view or modify memory and cache that's assigned to another process.
Process isolation
Component based development
Structured Programming development
Dictionary attack
5. A program that claims to be something but turns out to be malicious
Design review
Certification
Inference engine
Trojan horse
6. Oligomorphic-code similar to polymorphic; but has decryptor that does not show up on signature list; metamorphic; reprograms itself; carries various versions for itself; translates itself into temporary representations and then back to normal code; z
Citizen programmers
Worms
Virus types
Class
7. The formal evaluation of the system.
Expert systems
Web Protection
Certification
Social Engineering
8. Combines data from multiple databases;data is extracted and transferred to central store;OLAP
Pseudo flaw
Cleanroom
Data Warehousing
Ahange management
9. Names of tables; space definitions; views; indexe; clusters; synonyms; user names haing access to the DB;rights and privaleges that have been granted
CMM level 3
Database Interface Languages
Certification
Data Dictionary elements
10. process quantitatively measured and controlled
OLAP
Bounds Checking
Defense in Depth (layering)
CMM level 4
11. Refers to the process of combining low-sensitivity data items together resulting in high-sensitivity data.
Aggregation
Heuristics
Methods
Agent
12. Database structure
Assembly Language
View
Application Development
Schema
13. occurs when all the components of the entire system have been assembled and the entire system is tested from end to end.
System test
Instantiation
IDEAL
Aggregation
14. Attributes identifying a record
War Dialing
Candidate key
Database
Object oriented
15. A security architecture concept wherein multiple separate mechanisms form protective layers around assets that require protection.
Defense in Depth (layering)
Object database
Relational
DB threat data contamination
16. one block at a time
View
Rootkit
Session hijacking
Compiler
17. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!
CMM Level 1
CORBA
Cleanroom
Heuristics
18. Requirements built on what is available; built on assumptions on how system might work; consists of planning and trying different designs before development -not cost effective- results in less than optimal systems
Exploratory model
Bounds Checking
Time of Check/Time of use
Application Development
19. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust
Cleanroom
Digital Signatures
Social Engineering
Dictionary attack
20. Ideal for web development; allows for basic functionality to be deployed in a quick time frame; maintenance phase begins after deployment; application evolves as the environment changes
Trojan horse
Data hiding
Modified Prototype Model
Heuristics
21. A database where records can be networked to other records through paths that are different from the hierarchy itself
Network database
Protection rings
Virus
Locking
22. Training; explicit policies; do not double-click attachments;disable windows scrpit host; activeX; Vbscript; and javascript;do not send HTML formatted Email; use more than one scaner and scan everything
Network database
Malware Protections
Covert channels
Distributed application
23. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...
DB Threat Aggregation
War Dialing
Certification
Salami Scam
24. identifies open ports on a host
Port Scans
Malware
Inference engine
IDEAL
25. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...
Aggregation
Limit checks
Assembler
Salami Scam
26. Not trained or bound by sys dev practices; no proper app design no change control no support; apps lack security
Polymorphism
Citizen programmers
OBDC
Fuzzy logic
27. Review of certification information; official authorization to place the system in operational use.
Process Isolation
Coding process
Foreign key
Accreditation
28. The tree structure of a collection of objects and classes
Time of Check/Time of use
Data Warehousing
Object database
Class hierarchy
29. The process of passing a requested method that the object doesn't have to an object that does contain the requested method.
Agent
Delegation
Modified Prototype Model
Pseudo flaw
30. Conceal a lower level processes from higher level processes
Time of Check/Time of use
Data hiding
View
Assembly Language
31. The part of access control that relates to how finely you can control who can see and manipulate data in which databases and tables and rows and fields.
Data Warehousing
Granularity
Cleanroom
Distributed database
32. The process of starting an instance
Distributed application
Encapsulation
Instantiation
Methods
33. White box logical testing line by line; black box; examines input and output without access to program/gray box examines input and output of a program having access to the code; but not anaylzing the internal logic
User Acceptance Testing
Degree
Assembler
Cross-site scripting?
34. A database where records can be networked to other records through paths that are different from the hierarchy itself
Virus types
Network database
Instantiation
Degree
35. Attacker sends multiple IP ping requests to a receiving device-likely via a router
Information Protection Management
SMURF/Fraggle
War Dialing
Malware Protections
36. The procedure (code) contained in an object
Methods
Fail-open
Coding process
Data warehouse
37. Refers to a system that operates at the highest level of information classification
Aggregation
System high mode
Malware
Cleanroom
38. one command at a time
Ping of death
Defense in Depth (layering)
Foreign key
Interpreter
39. Common Object Reqquest Broker
Component based development
CORBA
Design
Interpreter
40. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna
OLTP
Social Engineering
Waterfall method
Structured Programming development
41. The most effective defense against a buffer overflow attack.
Bounds Checking
Dictionary attack
IP spoofing
Executable content/mobile code
42. Systems Development Life Cycle- project management framework; used to plan execute and control a software development project
Compiler
Relational database
SDLC
Hierarchial
43. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.
Compiler
Access control
Instance
Data hiding
44. Virtual table
Change Management
Coding process
Functional specifications
View
45. Inter Process Communications- mechanisms that facilitate communication between processes or threads
Malware Protections
IPC
Inference engine
EJB
46. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?
Network database
Data Warehousing
Salami Scam
Social Engineering
47. formal documents in place and pro-active
Cleanroom
CMM level 3
Network database
Class hierarchy
48. This component enforces access controls on a system
Tuple/record
Foreign key
Distributed application
Reference monitor
49. A component in a distributed environment that's downloaded and executed by a web browser. Also known as mobile code because they're downloaded from a server and run on a client
Applet
Methods
COM
IP Probes/Ping sweeps
50. A list of required characteristics of the system...a collection of things the system must do or desired features
Abstraction
View
Data hiding
Functional requirements