Test your basic knowledge |

CISSP Secure Software Development

Subjects : it-skills, cissp
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Interface Definition Language






2. ntentionally implanted loopholes in a syste to detect hackers






3. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






4. requirements authorization; tested; components:request control; change control; release control






5. Oligomorphic-code similar to polymorphic; but has decryptor that does not show up on signature list; metamorphic; reprograms itself; carries various versions for itself; translates itself into temporary representations and then back to normal code; z






6. Level 0 Security Kernel; reference monitor;level 1 and 2; device drivers; level 3 user mode






7. A program that claims to be something but turns out to be malicious






8. The component of an expert system that produces a quantitative result based on uncertainties.






9. The best defense against a session hijacking and MITM attacks which should be incorporated in the development of software? Use randomized and unique ids to id sessions between two communicating targets.






10. A database of databases






11. one command at a time






12. The art of getting people to divulge sensitive information to others in a friendly manner or through intimidation?






13. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






14. A program that claims to be something but turns out to be malicious






15. CMM process unpredictable; poorly ontrolled






16. refers to an application's ability to record every auditable event by describing the event: who made the change and what the change was and when the change was made.






17. Names of tables; space definitions; views; indexe; clusters; synonyms; user names haing access to the DB;rights and privaleges that have been granted






18. Attribute related to another table






19. should be required procedures for changing; accepting; and testing software-management approval-change management; config management






20. Data in more thatn one DB






21. steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance






22. Steps of this process are conceptual definition; functional requirements; functional specifications; design; design review; coding; code review; system test; certification & accreditation; maintenance.






23. Assembly to machine






24. A malicious program that spreads by making identical copies of itself on files that are likely to be transported to other computers






25. Protect an objects private data from outside access






26. Extensible Mark-up language standard for marking data on the web






27. Creation of data as objects; for complex applications






28. Encrypt cookies; do not use sequential; calculable; or predictable cookies; session numbers or URL data; do not cache secure pages; do not automatically trust data use input validation






29. Allows for successive refinements of requirements; design and coding; requires change control mechanism;prototyping initial concept; desing and implement initial prototype; refine prototype; complete and release






30. Ensures seperation of duties by ensuring programmers do not have access to production code.






31. A database with relationships between data sets with the freedom of a network database but without the constraints of a hierarchical database. The structure is defined by its schema.






32. Places system into high level of security






33. An attack that invloves sending a user to a different webpage they did not click on. It can lead to DOS attacks.






34. Training; explicit policies; do not double-click attachments;disable windows scrpit host; activeX; Vbscript; and javascript;do not send HTML formatted Email; use more than one scaner and scan everything






35. Initiating- oultine business reasons for change; diagnosing analyze state of the organization; make recommendations for change; establishing- develop a plan of action to achieve change Acting-develop solutions; test refine;; implement Learning- analy






36. Virtual machine;restricts the applets access to system resources






37. Each process has its own memory space






38. involves using standardized building blocks to assemble rather than develop application; may be security advantage as the components previously tested for security similar to OOP






39. The formal business process that ensures all changes made to a system receive formal review and approval from all stakeholders before implementation.






40. Ensures seperation of duties by ensuring programmers do not have access to production code.






41. computer Aided Software Engineering Tools using computers and computer utilities to support software engineering tasks and activities in the process fo developing software-compilers; assemblers; linkers; translators; loaders; debuggers; program edito






42. Component Object Model-microsoft framework for developing and supporting components allows other applications of components to access their features.






43. Object management architecture






44. The concept refers to the ability of someone to deduce something about sensitive information that's beyond normal reach because of its sensitivity level.






45. The ability to hide implementation details behind a common message interface






46. This is a system of algorithms or rules that infer new facts about knowledge and incoming data.






47. A varient of logic bombs. A plot that takes insignificant pennies from a user's bank account and move them to an attacker's bank account is an example of...






48. A mechanism used to define and store and manipulate data. It contains data used by one or more applications as well as a programming and command interface used to create and manage and administer data.






49. The act of limiting running processes ability to view or modify memory and cache that's assigned to another process.






50. checks Semantic-structural enforcement;referential; cascading update/delete;entity tables must have Primary Key; Primary columns must be unique and not null