CISSP: Software Development Security Flashcards
- Viruses, rootkits, and Trojan horses are known as
A. Maniacal code
B. Fractured code
C. Infectious code
D. Malicious code
D. Malicious code
Malicious code is the generic term used to describe computer codes used to inflict damage on a computer system. Review “Malicious code.”
- Masquerading as another person in order to obtain information illicitly is known as
A. Hacking
B. Social engineering
C. Extortion
D. Exhumation
B. Social engineering
Social engineering is the process of obtaining information from people by tricking them into giving up an important piece of information, such as a modem access number. Review “System Attack Methods.”
- Antivirus software that detects viruses by watching for anomalous behavior uses what technique?
A. Signature matching
B. Fleuristics
C. Heroistics
D. Heuristics
D. Heuristics
Heuristics is the technique used to detect viruses by recognizing anomalous behavior. Review “Malicious code.”
- A developer, suspecting that he may be fired soon, modifies an important program that will corrupt payroll files long after he is gone. The developer has created a(n)
A Delayed virus
B Logic bomb
C Applet bomb
D Trojan horse
B. Logic bomb
A logic bomb is a type of malicious code that’s designed to cause damage at a predetermined date in the future. Review “Malicious code.”
- A SYN flood is an example of a
A. Dictionary attack
B. High Watermark attack
C. Buffer Overflow attack
D. Denial of Service attack
D. Denial of Service attack. These attacks are designed to incapacitate a system by flooding it with traffic. Review “Denial of Service.”
- The process of recording changes made to systems is known as
A. Change Review Board
B. System Maintenance
C. Change Management
D. Configuration Management
D. Configuration Management
This is the process used to record all configuration changes to hardware and software. Review “Configuration Management.”
- A system that accumulates knowledge by observing events’ inputs and outcomes is known as a(n)
A. Expert system
B. Neural network
C. Synaptic network
D. Neural array
B. Neural network
Neural networks become proficient at predicting outcomes by making large numbers of observations, noting the inputs and results of each. Review “Neural networks.”
- The logic present in an object is known as
A. Encapsulation
B. Personality
C. Behavior
D. Method
D. Method
A method is the formal name given to business logic — also known as code — present in an object. Review “Object-Oriented Environments.”
- The restricted environment that Java applets occupy is known as a
A. Sandbox
B. Workbox
C. Trusted Zone
D. Instantiation
A. Sandbox
This is the name given to the restricted environment in which Java applets reside. Review “Adding applets to the mix.”
- An attacker has placed a URL on a website that, if clicked, will cause malicious javascript to execute on victims’ browsers. This is known as a
A. Phishing attack
B. Script injection attack
C. Cross-site scripting attack
D. Cross-site request forgery attack
C. Cross-site scripting attack
In a cross-site scripting attack, the attacker places malicious script language in a URL that will be executed on a victim’s browser. Review “System Attack Methods.”
The software escrow is intended to mitigate which of the following risks?
a. In case the software vendor performs poorly
b. In case the software developer goes out of business
c. In case the original source code becomes infected or corrupted
d. In case a transaction fails, and the system must roll back to a known good state.
B. If the software developer goes out of business, the customer is provided with the source code from the software escrow.
Which of the following describes the preferred characteristics of an object in OOP?
a. Tight COM and loose CORBA
b. Loose acceptance testing and tight regression testing
c. Tight methods and loose messages
d. Loose coupling and tight cohesion
D. Loose coupling implies a low reliance on other objects to perform the methods of an object. Tight cohesion implies that the methods within an object work well together, are similar to one another, and naturally belong together. These are two beneficial characteristics of objects.
Which of the following is designed to support data sharing in Microsoft databases?
a. The ACID test
b. ADO
c. SAML
d. The IDEAL model
B. ActiveX Data Objects (ADOs) are Microsoft COM-based objects used to access data sources.
Dot dot slash is the syntax used to commit what type of attack?
a. A race condition attack
b. a DOM cross-site scripting attack
c. A directory traversal attack
d. A buffer overflow attack
C. The ../ (dot dot slash) syntax is used to traverse to the parent directory in a UNIX or Linux operation system. On a Windows system, the syntax is ..\ (dot dot backslash).
At which stage of the software development life cycle (SDLC) should security concerns first be analyzed?
a. System design
b. Function design
c. Testing
d. Project initiation
D. Project initiation is the first phase of the SDLC, and security concerns related to the project should be considered at this early phase.