Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > Domain 8 (Software Development Security) > Flashcards

Domain 8 (Software Development Security) Flashcards

1
Q

What is IPv6 secured by (i’ts built in)?

A

IPSec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the Waterfall Software Development Methodology?

A

Stage by stage phase approach focused on deliverables at the end of each phase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the four Software Development Methodologies?

A

Waterfall
Prototype
Spiral
Agile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the advantages to the Waterfall Software Development Methodology?

A

Each phase has a specific deliverable and review process. Best for small projects. Define before design.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the disadvantages to the Waterfall Software Development Methodology?

A

Can’t adjust scope during life cycle. High risk. Poor model for long term projects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the advantages of Prototyping Software Development Methodology?

A

Get client feedback early on in project.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the disadvantages of Prototyping Software Development Methodology?

A

Clients rarely understand impact of proposed changes. Developers may use shortcuts to create prototype.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the Spiral Software Development Methodology?

A

Combination of Waterfall and Prototyping.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the advantages of Spiral Software Development Methodology?

A

High amount of risk analysis. Software produced early in life cycle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the disadvantages of Spiral Software Development Methodology?

A

Can be costly. Highly dependent on risk analysis phase.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the five stages of Agile Software Development Methodology?

A 
Brainstorm
Design
Development
Quality Assurance
Deployment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the advantages of Agile Software Development Methodology?

A

Fewer defects, highly flexible, immediate feedback

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the disadvantages of Agile Software Development Methodology?

A

Less documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Service Orientated Architecture?

A

Services and functions should be modular and run independently from one another. Vendor neutral functionality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Aggregation and Inference?

A

Aggregation is collection data and Inference is making an assumption based on the aggregated data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Polyinstantiation?

A

Multiple instances of information. One version available lower clearance, higher clearance sees real data.

17
Q

What are the five elements of good monitoring?

A 
Consistency
Quantitative
Objective
Relevance
Inexpensive
18
Q

What is Insecure Direct Object Reference?

A

Data disclosure by changing parameters (user?acct=6065)

19
Q

What are the two types of Input Sanitation?

A

Stripping

Substitution

20
Q

What does Stripping Input Sanitation do?

A

Removes harmful characters from user supplied input

21
Q

What does Substitution Input Sanitation do?

A

Replaces user supplied input with safer alternatives

22
Q

What is Dynamic Code Analysis?

A

Looking a the program while its running in a debugger

23
Q

What is Verification?

A

Does the software meet the software requirements?

24
Q

What is Validation?

A

Does the software solve the problem that it was supposed to solve?

25
Q

What is Certification?

A

Technical evaluation of the security features

26
Q

What is Accreditation?

A

Managements acceptable of the product (includes risk acceptance)

27
Q

Name the four types of database models

A

Hierarchical
Distributed
Object-oriented
Relational

28
Q

Describe a Hierarchical Database model

A

Stores information in a tree-like manner. Predetermined access paths to data.

29
Q

Describe a Distributed Database model

A

More than one server over several locations

30
Q

Describe an object orientated database model

A

Designed for non-text data

31
Q

Describe a Relational Database Model

A

Tables, Rows and Columns. SQL, Oracle is an example

32
Q

What is a Primary Key?

A

A unique identifier for each record

33
Q

What is Normalization?

A

The process of removing duplicates and ensuring that each attribute only describes the primary key.

34
Q

What is Entity Integrity?

A

States that the primary key field cannot be null

35
Q

What is a foreign key?

A

When a Primary Key is referenced in another table

CISSP (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions