Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. There is no inherent difference between data and programming instructions representations in memory.






2. The process of passing a requested method that the object doesn't have to an object that does contain the requested method.






3. The part of access control that relates to how finely you can control who can see and manipulate data in which databases and tables and rows and fields.






4. reconfigures a system to use the IP of a trusted system-correct with packet filtering techniques






5. An application that consists of components on separate and networked systems.






6. Interface Definition Language






7. The process of detecting certain anomalous behavior to prevent viruses






8. The process of detecting certain anomalous behavior to prevent viruses






9. looking for Wireless Access points






10. The procedure (code) contained in an object






11. The component of an expert system that produces a quantitative result based on uncertainties.






12. Assembly to machine






13. One of the 3 concepts for securing distributed systems other than software integrity and data integrity.






14. Online Transaction Processing- records all business transactions as they occur;acts as monitor; detects process aborts;restarts aborted processes;backs out failed transaction;allows distribution of multiple copies of application servers;performs dyna






15. looking for unprotected modems






16. should be required procedures for changing; accepting; and testing software-management approval-change management; config management






17. Memory management involves allocating memory to a process; reallocating it upon process completion; then re-allocating to a new process- can result in residual information






18. Combines data from multiple databases;data is extracted and transferred to central store;OLAP






19. identifies open ports on a host






20. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






21. Places system into high level of security






22. An attack that is a special form of social engineering in which an attacker posing as a system or security administrator or vendor tells unsuspecting users that a security flaw has been discovered on their system and that they should install a certai






23. Object Request Broker






24. A program designed to cause damage or execute an event when some computer/network event has occurred.






25. identifies hosts that are alive






26. This component enforces access controls on a system






27. Extensible Mark-up language standard for marking data on the web






28. A method used to crack computer account passwords by using common words found in a dictionary






29. Combines information from sources to acquire knowledge whe there is a lack of clearance






30. A template that defines the methods and variables to be included in a particular type of object






31. A special-purpose database that's used for business research and decision support and planning; typical databases support daily business operations. This type of database is also used for decision support.






32. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






33. The packaging of an object. Everything inside the object is hidden






34. A feature which allows virtual tables in a database.Role ased access control to protect confidentiality of data in databases can be achieved by what? A view can be set up for each user on the system so that the user can only view those virtual tables






35. exploits flaw in DNS software-no validation of source;provides data to DNS that is not authentication;redirects traffic to an alternate server without victims knowledge






36. Conceal a lower level processes from higher level processes






37. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null






38. steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance






39. Records structured in heirarchy






40. The concept refers to the ability of someone to deduce something about sensitive information that's beyond normal reach because of its sensitivity level.






41. The ability to hide implementation details behind a common message interface






42. Database structure






43. process quantitatively measured and controlled






44. A software component in a distributed system that performs a particular service or function. (e.g. Patch management or Host-based intrusion detection systems (HIDS) and performance and capacity monitoring.






45. An object that gets some of its characteristics from a class.






46. methodolgy Machine; assembler; high level; very high level; Artificial Intelligence Source code goes into compiler and Machine code is used on hardware






47. form of asynchronous attack; occurs when a program checks access permission too far in advance of a resuource request; attack gets in between steps and makes modifications; how to mitigate have software lock the items it will use while carrying out i






48. Initiating- oultine business reasons for change; diagnosing analyze state of the organization; make recommendations for change; establishing- develop a plan of action to achieve change Acting-develop solutions; test refine;; implement Learning- analy






49. Suppress unnecessary details not needed to perform an activity






50. Distributed Component Object Model-allows apps to access objects on different parts of the network