Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Style of programming that promotes discipline; allows introspection; and providing controlled flexibility; requires refined processes and modular development; each phase subject to review and approval; allows for security to be added in a formalized






2. Inter Process Communications- mechanisms that facilitate communication between processes or threads






3. identifies open ports on a host






4. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!






5. looking for unprotected modems






6. identifies hosts that are alive






7. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.






8. exploits flaw in DNS software-no validation of source;provides data to DNS that is not authentication;redirects traffic to an alternate server without victims knowledge






9. packets in excess of 65535 bytes sent targeted machine






10. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna






11. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






12. looking for Wireless Access points






13. is a high-level description of a system--typically containing no details.






14. spiral method; nested version of waterfall method; estimated costs and schedules are revised at the end of the assessment Decision to proceed/cancel project is revisited after each risk assessment






15. Conceal a lower level processes from higher level processes






16. Virtual machine;restricts the applets access to system resources






17. Memory management involves allocating memory to a process; reallocating it upon process completion; then re-allocating to a new process- can result in residual information






18. The act of limiting running processes ability to view or modify memory and cache that's assigned to another process.






19. The tree structure of a collection of objects and classes






20. An action that is performed on a database that results in the addition or alteration or removal of data.






21. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






22. Maintenance or programming hook; software entry point that is inserted by programmer; allows developers to bypass normal acces restrictions






23. A software development methodology that focuses on Defect prevention rather than defect removal. The goal is to write the code correctly the first time!






24. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.






25. Combines data from multiple databases;data is extracted and transferred to central store;OLAP






26. A process of viewing an application from its highest-level functions which makes all lower-level functions into abstractions






27. A software component in a distributed system that performs a particular service or function. (e.g. Patch management or Host-based intrusion detection systems (HIDS) and performance and capacity monitoring.






28. Not trained or bound by sys dev practices; no proper app design no change control no support; apps lack security






29. Channel allowing two cooperating processes to transfer info in a way it violated sec policy; either storage; one process writes; another process reads or timing one process relays info to another by modulating its use of sys resources






30. Joint Application Development- management process that allows developers to work directly with users






31. Ensures seperation of duties by ensuring programmers do not have access to production code.






32. Online Analytical Processing






33. Access to data at the same time; both denied






34. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






35. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






36. Allows for successive refinements of requirements; design and coding; requires change control mechanism;prototyping initial concept; desing and implement initial prototype; refine prototype; complete and release






37. A template that defines the methods and variables to be included in a particular type of object






38. Each process has its own memory space






39. The process of developing one object from another object but with different values in the new object






40. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null






41. A malicious program that spreads by attacking known weaknesses on computer systems.






42. Database structure






43. Ensures seperation of duties by ensuring programmers do not have access to production code.






44. Attribute related to another table






45. Training; explicit policies; do not double-click attachments;disable windows scrpit host; activeX; Vbscript; and javascript;do not send HTML formatted Email; use more than one scaner and scan everything






46. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables






47. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust






48. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai






49. formal processes in place and repeatable






50. reconfigures a system to use the IP of a trusted system-correct with packet filtering techniques