Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > Software Development Security > Flashcards

Software Development Security Flashcards

1
Q

Capability Maturity Model Integration (CMMI) Levels

A 
Level 1 (Initial) - ad-hoc/chaotic - beginning level
Level 2 (Managed) - "basic" PM process established to track cost, schedule and functionality
Level 3 (Defined) - management and engineering activities is "documented, standardized and integrated" into standard software process
Level 4 (Quantitatively Managed) - detailed measures in the software process and product are measured
Level 5 Optimizing - continuous process improvement is enabled by quantitative feedback
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Capability Maturity Model Integration (CMMI)

A

focus on quality management

basis for evaluation development process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Software Development Lifecycle (SDLC)

A

Methodologies for software development to improve the process and end product

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Software Development Methodology Types

A 
Waterfall
Spiral
Prototyping
Rapid Application Development (RAD)
Agile
Extreme Programming (XP)
Scrum
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Waterfall

A

Phases occur in succession, once complete not revisited

No customer involvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Spiral

A

Managing “risk”
phases occur in order
Phases are repeated over and over

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Prototyping

A

Mock something up, get feedback from client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Agile

A

Pair programming, continuous integration and continuous deployment
Don’t wait to fix problems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Extreme Programming (XP)

A 
Pair programming
one programs while the other assists and verifies if it's within spec
may swap places
High level customer involvement
detailed test procedures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SCRUM

A

relay race - hand off work to other team members
small developments team
Scrum master is senior member of the organization who act as a coach for the team
Product Owner represents business unit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Computer Aided Software Engineering (CASE) tools

A

Generates code for you

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

DevOps

A

Development directly supports Operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Security Development Cycle

A

Discover bugs sooner, shift left

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

SD3+C

A

Secure by Design
Secure by Default
Secure by Deployment
Secure by Communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Secure by Default

A 
Least privilege
Defense in Depth
Conservative default settings
avoid risky changes
less commonly used services off by default
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Secure by Deployment

A

Deployment guidelines
Analysis and management tools
Patch development tools

17
Q

Remote Procedure Protocol (RPC)

A

client to send input to a process running on remote system

18
Q

Privilege Escalation

A

Privilege Escalation attack increases a user/process to superuser

CISSP (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions