登录　| 注册　| 充值

试卷名称:CISSP认证考试（软件开发安全）模拟试卷1

首页 > 计算机 > CISSP认证

上一题： There are several different types o...

下一题： ______ provides a machine-readable ...

单项选择题

The following scenario will be used for questions 26, 27, and 28. Trent is the new manager of his company’s internal software development department. He has been told by his management that the group needs to be compliant with the international standard that provides guidance to organizations in integrating security into the processes used for managing their applications. His new boss told him that he should join and get familiar with the Web Application Security Consortium, and Trent just received an e-mail stating that one of the company’s currently deployed applications has a zero day vulnerability.

Which of the following is most likely the standard Trent’s company wants to comply with?

A．ISO/IEC 27005

B．ISO/IEC 27001

C．ISO/IEC 27034

D．BS 7799

查看答案需要1币进入试题列表

Which of the following best describes the consortium Trent’s boss wants him to join?

A．Nonprofit organization that produces open-source software and follows widely agreed upon best-practice security standards for the World Wide Web.

B．U.S. DHS group that provides best practices, tools, guidelines, rules, principles, and other resources for software developers, architects, and security practitioners to use.

C．Group of experts who create proprietary software tools used to help improve the security of software worldwide.

D．Group of experts and organizations who certify products based on an agreed-upon security criteria.

查看答案需要1币进入试题列表

Which of the following best describes the type of vulnerability mentioned in this scenario?

A．Dynamic vulnerability that is polymorphic

B．Static vulnerability that is exploited by server-side injection parameters

C．Vulnerability that does not currently have an associated solution

D．Database vulnerability that directly affects concurrency

查看答案需要1币进入试题列表

您可能感兴趣的题目

Data marts, databases, and data warehouses have distinct characteristics. Which of the following does not correctly describe a data warehouse? It could increase the risk of privacy violations. It is developed to carry out analysis. It contains data from several different sources. It is created and used for project-based tactical reasons.

Lisa has learned that most databases implement concurrency controls. What is concurrency, and why must it be controlled? Processes running at different levels, which can negatively affect the integrity of the database if not properly controlled. The ability to deduce new information from reviewing accessible data, which can allow an inference attack to take place. Processes running simultaneously, which can negatively affect the integrity of the database if not properly controlled. Storing data in more than one place within a database, which can negatively affect the integrity of the database if not properly controlled.

Fred has been told he needs to test a component of the new content management application under development to validate its data structure, logic, and boundary conditions. What type of testing should he carry out? Acceptance testing Regression testing Integration testing Unit testing

When an organization is unsure of the final nature of the product, what type of system development method is most appropriate for them? Cleanroom Exploratory Model Modified Prototype Method Iterative Development

Computer programs that are based on human logic by using “if/then“ statements and inference engines are called______. Expert systems Artificial neural networks Distributed Computing Environment Enterprise JavaBeans

Which of the following is considered the second generation of programming languages? Machine Very high-level High-level Assembly

Of the following steps that describe the development of a botnet, which best describes the step that comes first? Infected server sends attack commands to the botnet. Spammer pays a hacker for use of a botnet. Controller server instructs infected systems to send spam to mail servers. Malicious code is sent out that has bot software as its payload.

Which of the following describes object-oriented programming deferred commitment? Autonomous objects, with cooperate through exchanges of messages The internal components of an object can be refined without changing other parts of the system Object-oriented analysis, design, and modeling maps to business needs and solutions Other programs using same objects

What object-oriented programming term, or concept, is illustrated in the graphic that follows? [*] Methods Messages Abstraction Data hiding

Protection methods can be integrated into software programs. What type of protection method is illustrated in the graphic that follows? [*] Polymorphism Polyinstantiation Cohesiveness Object classes

Database software should meet the requirements of what is known as the ACID test. Why should database software carry out atomic transactions, which is one requirement of the ACID test, when OLTP is used? So that the rules for database integrity can be established So that the database performs transactions as a single unit without interruption To ensure that rollbacks cannot take place To prevent concurrent processes from interacting with each other

Which of the following is the best description of a component-based system development method? Components periodically revisit previous stages to update and verify design requirements Minimizes the use of arbitrary transfer control statements between components Uses independent and standardized modules that are assembled into serviceable programs Implemented in module-based scenarios requiring rapid adaptations to changing client requirements

There are many types of viruses that hackers can use to damage systems. Which of the following is not a correct description of a polymorphic virus? Intercepts antivirus’s call to the operating system for file and system information Varies the sequence of its instructions using noise, a mutation engine, or random-number generator Can use different encryption schemes requiring different decryption routines Produces multiple, varied copies of itself

Which of the following best describes the role of the Java Virtual Machine in the execution of Java applets? Converts the source code into bytecode and blocks the sandbox Converts the bytecode into machine-level code Operates only on specific processors within specific operating systems Develops the applets, which run in a user’s browser

Which of the following is a correct description of the pros and cons associated with third-generation programming languages? The use of heuristics reduced programming effort, but the amount of manual coding for a specific task is usually more than the preceding generation. The use of syntax similar to human language reduced development time, but the language is resource intensive. The use of binary was extremely time consuming but resulted in fewer errors. The use of symbols reduced programming time, but the language required knowledge of machine architecture.

There are several types of attacks that programmers need to be aware of. What attack does the graphic that follows illustrate? [*] Traffic analysis Race condition Covert storage Buffer overflow

There are several different types of databases. Which type does the graphic that follows illustrate? [*] Relational Hierarchical Network Object-oriented

Sally has found out that software programmers in her company are making changes to software components and uploading them to the main software repository without following version control or documenting their changes. This is causing a lot of confusion and has caused several teams to use the older versions. Which of the following would be the best solution for this situation? Software change control management Software escrow Software configuration management Software configuration management escrow

Robert has been asked to increase the overall efficiency of the sales database by implementing a procedure that structures data to minimize duplication and inconsistencies. What procedure is this? Polymorphism Normalization Implementation of database views Constructing schema

Which of the following correctly best describes an object-oriented database? When an application queries for data, it receives both the data and the procedure. It is structured similarly to a mesh network for redundancy and fast data retrieval. Subject must have knowledge of the well-defined access path in order to access data. The relationships between data entities provide the framework for organizing data.

相关试卷

CISSP认证考试模拟试卷4
CISSP认证考试模拟试卷3
CISSP认证考试模拟试卷2
CISSP认证考试模拟试卷1
CISSP认证考试（软件开发安全）模拟试卷1
CISSP认证考试（访问控制）模拟试卷1
CISSP认证考试（信息安全治理与风险管理）模拟试卷1
CISSP认证考试（通信安全与网络安全）模拟试卷1
CISSP认证考试（安全体系结构和设计）模拟试卷1
CISSP认证考试（密码学）模拟试卷1
CISSP认证考试（物理安全与环境安全）模拟试卷1
CISSP认证考试（法律、法规、调查与合规）模拟试卷1
CISSP认证考试（业务连续性和灾难恢复）模拟试卷1
CISSP认证考试（安全运营）模拟试卷1