Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. packets in excess of 65535 bytes sent targeted machine






2. Unique identifier






3. Rapid Application Development- rapid prototyping with strict time limits






4. Not trained or bound by sys dev practices; no proper app design no change control no support; apps lack security






5. Encrypt cookies; do not use sequential; calculable; or predictable cookies; session numbers or URL data; do not cache secure pages; do not automatically trust data use input validation






6. How objects communicate with one another






7. Access to data at the same time; both denied






8. A virtual table that consists of the rows and fields from one or more tables in the database






9. Virtual machine;restricts the applets access to system resources






10. The process that captures actual changes to software code and end-user documentation and operations documentation and disaster recovery planning documentation and anything else that's affected by the change request.






11. Distributed Component Object Model-allows apps to access objects on different parts of the network






12. Client Side program that is platform independent; runs inside another application






13. Sends overlapping packet fragments in which TCP/IP cannot handle






14. looking for unprotected modems






15. Two dimensional tables






16. A program designed to cause damage or execute an event when some computer/network event has occurred.






17. The formal evaluation of the system.






18. involves using standardized building blocks to assemble rather than develop application; may be security advantage as the components previously tested for security similar to OOP






19. formal processes in place and repeatable






20. Applets containing a digital signature and can run outside the virtual machine and be given access to system resources based on the trust






21. Allows for successive refinements of requirements; design and coding; requires change control mechanism;prototyping initial concept; desing and implement initial prototype; refine prototype; complete and release






22. refers to a system that operates at the highest level of information classification






23. freely available; more eyes on the code=more chance to ID bugs; no security through obscurity






24. This component enforces access controls on a system






25. exploits flaw in DNS software-no validation of source;provides data to DNS that is not authentication;redirects traffic to an alternate server without victims knowledge






26. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






27. mimic the biological function of the brain






28. Data Query Language(DQL) select; data Munipulation language(DML)insert/update/delete; Data Definition Language(DDL) Create/alter/drop; Data Control Language (DCL)grant/revoke






29. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






30. A database with relationships between data sets with the freedom of a network database - but without the constraints of a hierarchical database. The structure is defined by its schema.






31. Structured Query Language






32. Data in more thatn one DB






33. This component enforces access controls on a system






34. A program that claims to be something but turns out to be malicious






35. OBDC; JDBC; XML; OLE; ADO






36. one block at a time






37. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






38. The process of detecting certain anomalous behavior to prevent viruses






39. Allows user to bypass failed security controls






40. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






41. The process of developing one object from another object but with different values in the new object






42. Attacks employing specially crafted user input-unicode format for a browser URL that bypasses firewall rulessets ;structured query language queries in the borwser URL box






43. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.






44. Interface Definition Language






45. The most effective defense against a buffer overflow attack.






46. Assures that no individuals or objects (such as programs that make requests of databases) have excessive functions on a system.






47. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






48. Knowledge base comprising modeled human experience.






49. ntentionally implanted loopholes in a syste to detect hackers






50. The most effective defense against a buffer overflow attack.