CISSP - Software Development Security Mock Questions

In database normalization, in which form would we move data that is partially dependent on the primary key to another table?

Options are :

  • 1st normal form.
  • 3rd normal form.
  • 4th normal form.
  • 2nd normal form. (Correct)

Answer : 2nd normal form.

Explanation Database normalization: Used to clean up the data in a database table to make it logically concise, organized, and consistent. Removes redundant data, and improves the integrity and availability of the database. Normalization has three forms (rules): First Normal Form: Divides the base data into tables, primary key is assigned to most or all tables. Second Normal Form: Move data that is partially dependent on the primary key to another table. Third normal Form: Remove data that is not dependent on the primary key.

CISSP Security Engineering Certification Practice Exam Set 8

At a meeting with project stakeholders and sponsors, Bob gets asked how a relational database is structured. From these choices, what should Bob answer?

Options are :

  • A hierarchy model.
  • An object model..
  • Star schema model.
  • Tables with rows and columns. (Correct)

Answer : Tables with rows and columns.

Explanation Relational model: Organizes data into one or more tables (or relations) of columns and rows, with a unique key identifying each row. Rows are also called records or tuples. Generally, each table/relation represents one entity type. The rows represent instances of that type of entity and the columns representing values attributed to that instance.

Which software project management methodology is based on 4 phases we go through over and over?

Options are :

  • Agile.
  • Sashimi.
  • Spiral. (Correct)
  • Waterfall

Answer : Spiral.

Explanation The spiral model: A risk-driven process model generator for software projects. The spiral model has four phases: Planning, Risk Analysis, Engineering and Evaluation. A software project repeatedly passes through these phases in iterations (called Spirals in this model). The baseline spiral, starting in the planning phase, requirements are gathered and risk is assessed. Each subsequent spirals builds on the baseline spiral.

Which project management methodology is better geared towards yearlong project, with very clearly defined software requirements that should NOT change?

Options are :

  • Rapid prototyping.
  • XP.
  • Agile.
  • Waterfall. (Correct)

Answer : Waterfall.

Explanation Waterfall methodology is well suited for long, very clearly defined projects.

CISSP Security Engineering Certification Practice Exam Set 3

Which programming language is executed directly by the CPU?

Options are :

  • Assembler language.
  • Source code.
  • Compiler language.
  • Machine code. (Correct)

Answer : Machine code.

Explanation Machine Code: Software executed directly by the CPU, 0's and 1's understood by the CPU.

When is it appropriate to install and use backdoors and maintenance hooks?

Options are :

  • When it makes it easier for the administrators to use the software.
  • Never.
  • When the code is still in development. (Correct)
  • When it is easier for the users to use the software.

Answer : When the code is still in development.

Explanation Backdoors: Often installed by attackers during an attack to allow them access to the systems after the initial attack is over, to continue exfiltrating data over time, or to come back and compromise other systems. Bypassing normal authentication or encryption in a computer system, a product, or an embedded device, etc. Backdoors are often used for securing remote access to a computer, or obtaining access to plaintext in cryptographic systems.

As programming has progressed we get newer generations of programming languages. Which of these sets are all 4th generation programming languages?

Options are :

  • Cobol, SQL, Perl, C++.
  • C++, Java, Cobol, C#.
  • ColdFusion, SQL, C++, Perl.
  • ColdFusion, SQL, Perl, PHP. (Correct)

Answer : ColdFusion, SQL, Perl, PHP.

Explanation 4th Generation languages (4GL) include ColdFusion, Progress 4GL, SQL, PHP and Perl. Fourth-generation languages are designed to reduce programming effort and the time it takes to develop software, resulting in a reduction in the cost of software development. Increases the efficiency by automating the creation of machine code. Often uses a GUI, drag and drop, and then generates the code. Often used for websites, databases, and reports.

CISSP Security Engineering Certification Practical Exam Set 1

Under which of these open source software license agreements, is it allowed to alter the original software and sell the altered software?

Options are :

  • CKR.
  • BSD. (Correct)
  • GNU.
  • Apache.

Answer : BSD.

Explanation BSD (Berkeley Software Distribution): A family of permissive free software licenses, imposing minimal restrictions on the use and redistribution of covered software. This is different than copyleft licenses, which have reciprocity share-alike requirements.

Each row in a relational database is called a/an:

Options are :

  • Relation.
  • Tuple. (Correct)
  • Schema.
  • Attribute.

Answer : Tuple.

Explanation Relational model: Rows are also called records or tuples. Generally, each table/relation represents one entity type. The rows represent instances of that type of entity and the columns representing values attributed to that instance.

We have asked a vendor to use a source code escrow What could be a reason we would do that?

Options are :

  • So we can get the source code if they fail to maintain and update the code. (Correct)
  • So we can get the source code if we have software errors.
  • So we can get the source code if we want to break the contract we have with them, because we have found a cheaper alternative.
  • So we can view the source code when we want to.

Answer : So we can get the source code if they fail to maintain and update the code.

Explanation Source code escrow: The deposit of the source code of software with a third party escrow agent. Escrow is typically requested by a party licensing software (the licensee), to ensure maintenance of the software instead of abandonment or orphaning. The software source code is released to the licensee if the licensor files for bankruptcy or otherwise fails to maintain and update the software as promised in the software license agreement.

CISSP Security Engineering Certification Practice Exam Set 6

When an attacker can guess a URL they don't know about, from another similar logical URL, what is that called?

Options are :

  • Unvalidated redirects.
  • Under protected API's
  • CSRF.
  • Insecure direct object reference. (Correct)

Answer : Insecure direct object reference.

Explanation 2013 A4 Insecure direct object reference. Users can access resources they shouldn't, by guessing the URL or path, often if it is logical. If you have access to a report names ending in financials_may2017.pdf on your organization's network, you can try guessing other file names you should not have access to financials_August.pdf or financials_2017.pdf Mitigated by proper access control, using non-sequential names or monitoring file usage.

What could be something we could implement to mitigate broken authentication and session management (OWASP A2)?

Options are :

  • Captcha.
  • Remove default passwords and usernames.
  • Data type limitations.
  • Random session IDs (Correct)

Answer : Random session IDs

Explanation A2 Broken Authentication and Session Management. Sessions do not expire or they take too long to expire. Session IDs are predictable. 001, 002, 003, 004, etc. Tokens, Session ID's, Passwords, etc. are kept in plaintext.

In software acceptance testing, what is the purpose of compliance acceptance testing?

Options are :

  • To ensure the software is as secure or more secure than the rules, laws and regulations of our industry. (Correct)
  • To ensure the software is functional for and tested by the end user and the application manager.
  • To ensure the software perform as expected in our live environment vs. our development environment.
  • To ensure the backups are in place, we have a DR plan, how patching is handled and that the software is tested for vulnerabilities.

Answer : To ensure the software is as secure or more secure than the rules, laws and regulations of our industry.

Explanation Compliance acceptance testing: Is the software compliant with the rules, regulations and laws of our industry?

CISSP Security Engineering Certification Practical Exam Set 2

We are in the process of developing some new software. On some of our previous releases of different software we have had security problems. We are considering releasing the source code for the new software, what would that make our software?

Options are :

  • Closed source.
  • Prevented software.
  • Proprietary software.
  • Open source. (Correct)

Answer : Open source.

Explanation Open source: We release the code publicly, where it can be tested, improved and corrected, but it also allows attackers to find the flaws in the code.

We are using the Scrum methodology on one of our projects. Who would be responsible for being the voice of the customer?

Options are :

  • The scrum master.
  • The product owner. (Correct)
  • All of these.
  • The development team.

Answer : The product owner.

Explanation The product owner: Representing the product's stakeholders, the voice of the customer, and is accountable for ensuring that the team delivers value to the business.

After a security audit we need to mitigate Security misconfiguration (OWASP A5). What could be something we would implement?

Options are :

  • Implement all websites to be HTTPS.
  • Random session IDs
  • Centralized implementation.
  • Remove default passwords and usernames. (Correct)

Answer : Remove default passwords and usernames.

Explanation A5 Security Misconfiguration. Databases configured wrong. Not removing out of the box default access and settings. Keeping default usernames and passwords. OS, Webserver, DBMS, applications. etc. not patched and up to date. Unnecessary features are enabled or installed; this could be open ports, services, pages, accounts, privileges, etc.

CISSP Security Engineering Certification Practice Exam Set 9

Jane is explaining how using AI can help predict healthcare issues for patients. What is AI?

Options are :

  • Artifact Incidents.
  • Artificial Intelligence. (Correct)
  • Arithmetic Interference.
  • Artificial Integrity.

Answer : Artificial Intelligence.

Explanation AI (Artificial Intelligence): Intelligence exhibited by machines, rather than humans or other animals. True AI is a topic of discussion; what was considered AI years ago has been achieved, and once the goal is reached, the AI definition is tweaked a little.

Having a single, well-controlled, defined data integrity system increases all of these EXCEPT which?

Options are :

  • Performance.
  • Maintainability.
  • Redundant data. (Correct)
  • Stability.

Answer : Redundant data.

Explanation Having a single, well controlled, and well defined data-integrity system increases: Stability: One centralized system performs all data integrity operations. Performance: All data integrity operations are performed in the same tier as the consistency model. Re-usability: All applications benefit from a single centralized data integrity system. Maintainability: One centralized system for all data integrity administration.

In which order would you use the Software Development Life Cycle (SDLC)?

Options are :

  • Investigation, analysis, design, build, implement, test, maintenance and support.
  • Analysis, investigation, design, build, implement, test, maintenance and support.
  • Investigation, analysis, design, build, test, implement, maintenance and support. (Correct)
  • Investigation, design, analysis, build, implement, test, maintenance and support.

Answer : Investigation, analysis, design, build, test, implement, maintenance and support.

Explanation SDLC (Software Development Life Cycle): The SDLC is not really a methodology, but a description of the phases in the life cycle of software development. These phases are (in general), investigation, analysis, design, build, test, implement, maintenance and support (and disposal). Can have security built into each step of the process, for the exam it always does.

CISSP Security and Risk Management Certified Practice Exam Set 1

When we talk about referential databases, what does referential integrity mean?

Options are :

  • When the database has errors.
  • Each tuple has a unique primary value that is not null.
  • Each attribute value is consistent with the attribute data type.
  • When every foreign key in a secondary table matches the primary key in the parent table. (Correct)

Answer : When every foreign key in a secondary table matches the primary key in the parent table.

Explanation Referential integrity: When every foreign key in a secondary table matches a primary key in the parent table. It is broken if not all foreign keys match the primary key.

If we are using object-oriented analysis and design (OOAD), when would we apply the constraints to the conceptual model?

Options are :

  • OOD. (Correct)
  • OOM.
  • OOA.
  • OOR.

Answer : OOD.

Explanation OOD (Object-oriented design):The developer applies the constraints to the conceptual model produced in object-oriented analysis. Such constraints could include the hardware and software platforms, the performance requirements, persistent storage and transaction, usability of the system, and limitations imposed by budgets and time. Concepts in the analysis model which is technology independent, are mapped onto implementing classes and interfaces resulting in a model of the how the system is to be built on specific technologies. Important topics during OOD also include the design of software architectures by applying architectural patterns and design patterns with object-oriented design principles.

Computer-aided software engineering (CASE) is classified into 3 categories. Which of these have the correct 3?

Options are :

  • Tools, workbenches and environments. (Correct)
  • Workbenches, environments and scenarios.
  • Workbenches, use cases and tools.
  • Tools, environments and scenarios.

Answer : Tools, workbenches and environments.

Explanation CASE (Computer-Aided Software Engineering) software is classified into 3 categories: Tools support specific tasks in the software life-cycle. Workbenches combine two or more tools focused on a specific part of the software life-cycle. Environments combine two or more tools or workbenches and support the complete software life-cycle. Used for developing high-quality, defect-free, and maintainable software. Often associated with methods for the development of information systems together with automated tools that can be used in the software development process.

CISSP - Security and Risk Management Pratice Questions

Under which of these open source software license agreements does derivative work have to be distributed under the same software licensing terms?

Options are :

  • CKR.
  • Apache.
  • BSD.
  • GNU. (Correct)

Answer : GNU.

Explanation GNU (General Public License): Also called GPL or GPL. Guarantees end users the freedom to run, study, share and modify the software. A copyleft license, which means that derivative work can only be distributed under the same license terms.

Which programming language uses short mnemonics like ADD and SUB, which is then matched to its full length binary code?

Options are :

  • Source code.
  • Assembler language. (Correct)
  • Machine code.
  • Compiler language.

Answer : Assembler language.

Explanation Assembler Language: Short mnemonics like ADD/SUB/JMP which is matched with the full length binary machine code, an assembler converts assembly language into machine language, a disassembler does the reverse.

Which generation of programming languages often use a graphical user interfaces and drag and drops for generating the actual code?

Options are :

  • 4th generation. (Correct)
  • 1st generation.
  • 3rd generation.
  • 2nd generation.

Answer : 4th generation.

Explanation 4th Generation languages (4GL): Often uses a GUI, drag and drop, and then generating the code, often used for websites, databases and reports.

CISSP - Mock Questions with all domains

In software acceptance testing, what is the purpose of production acceptance testing?

Options are :

  • To ensure the software is functional for and tested by the end user and the application manager.
  • To ensure the software is as secure or more secure than the rules, laws and regulations of our industry.
  • To ensure the backups are in place, we have a DR plan, how patching is handled and that the software is tested for vulnerabilities.
  • To ensure the software perform as expected in our live environment vs. our development environment. (Correct)

Answer : To ensure the software perform as expected in our live environment vs. our development environment.

Explanation Compatibility/production testing: Does the software interface as expected with other applications or systems? Does the software perform as expected in our production environment vs. the development environment

Where would we define the attributes and values of the database tables?

Options are :

  • Database schema. (Correct)
  • Database query language.
  • Data dictionary.
  • Database views.

Answer : Database schema.

Explanation Database schema: Describes the attributes and values of the database tables. Names should only contain letters, in the US SSNs should only contain 8 numbers, …

In Scrum project management, what is the product owner’s role?

Options are :

  • Developing the code/product at the end of each sprint.
  • Representing the stakeholders/customers. (Correct)
  • Removing obstacles for the development team.
  • Being a traditional project manager.

Answer : Representing the stakeholders/customers.

Explanation The product owner: Representing the product's stakeholders, the voice of the customer, and is accountable for ensuring that the team delivers value to the business.

CISSP - Security Operations Mock Questions

Looking at our relational databases and the errors they can have, if we talk about semantic integrity, to what are we referring?

Options are :

  • Each tuple has a unique primary value that is not null.
  • When every foreign key in a secondary table matches the primary key in the parent table.
  • Each attribute value is consistent with the attribute data type. (Correct)
  • When the database has errors.

Answer : Each attribute value is consistent with the attribute data type.

Explanation Semantic integrity: Each attribute value is consistent with the attribute data type.

In our business improvement process we are using the CMM (Capability Maturity Model). In which stages of the CMM model are processes defined? (Select all that apply).

Options are :

  • Level 4. (Correct)
  • Level 5. (Correct)
  • Level 3. (Correct)
  • Level 2.
  • Level 1.

Answer : Level 4. Level 5. Level 3.

Explanation CMM (Capability Maturity Model): The maturity relates to the degree of formality and optimization of processes, from ad hoc practices, to formally defined repeatable steps, to managed result metrics, to active optimization of the processes. From level and upwards we have clearly defined processes. Level 1: Initial Processes at this level that they are normally undocumented and in a state of dynamic change, tending to be driven in an ad hoc, uncontrolled and reactive manner by users or events. Level 2: Repeatable. Process discipline is unlikely to be rigorous, but where it exists it may help to ensure that existing processes are maintained during times of stress.

As part of our checks on our SQL databases, we want to ensure we have database integrity. Which of these are COMMON integrity we can have on relational databases? (Select all that apply).

Options are :

  • Referential integrity. (Correct)
  • Semantic integrity. (Correct)
  • Foreign integrity.
  • Entity integrity. (Correct)
  • Parent integrity.

Answer : Referential integrity. Semantic integrity. Entity integrity.

Explanation Referential integrity: When every foreign key in a secondary table matches a primary key in the parent table. It is broken if not all foreign keys match the primary key.Semantic integrity: Each attribute value is consistent with the attribute data type. Entity integrity: Each tuple (row) has a unique primary value that is not null.

CISSP - Security and Risk Management Pratice Questions

In CASE programming, designers use these categories of tools, EXCEPT which?

Options are :

  • Tools.
  • Workbenches.
  • Objects. (Correct)
  • Environments.

Answer : Objects.

Explanation CASE (Computer-Aided Software Engineering): Similar to and were partly inspired by computer-aided design (CAD) tools used for designing hardware products. Used for developing high-quality, defect-free, and maintainable software. Often associated with methods for the development of information systems together with automated tools that can be used in the software development process. CASE software is classified into 3 categories: Tools support specific tasks in the software life-cycle. Workbenches combine two or more tools focused on a specific part of the software life-cycle. Environments combine two or more tools or workbenches and support the complete software life-cycle.

Which of these is NOT related to security misconfigurations (OWASP A5)?

Options are :

  • Keeping default logins and passwords.
  • Using deprecated objects or code. (Correct)
  • Misconfigured databases.
  • Not applying patches.

Answer : Using deprecated objects or code.

Explanation While using deprecated objects or code is a security issue, is OWASP A9 using Components with Known Vulnerabilities. A5 Security Misconfiguration would be databases configured incorrectly, not removing out of the box default access and settings. Keeping default usernames and passwords. OS, Web Server, DBMS, applications, etc. Not patched and up to date. Unnecessary features are enabled or installed; this could be open ports, services, pages, accounts, privileges, etc.

When we release our software as open source, we do what?

Options are :

  • Release the code, but not the software.
  • Release the code and the software. (Correct)
  • Release neither the software or code.
  • Release the software, but not the code.

Answer : Release the code and the software.

Explanation Open source: We release the code publicly, where it can be tested, improved and corrected, but it also allows attackers to find the flaws in the code.

CISSP - Security Engineering Mock Questions

Which of these is not really a methodology, but describes the phases of the software development lifecycle?

Options are :

  • Waterfall.
  • SDLC. (Correct)
  • Agile.
  • RAD.

Answer : SDLC.

Explanation SDLC (Software Development Life Cycle): The SDLC is not really a methodology, but a description of the phases in the life cycle of software development. These phases are (in general), investigation, analysis, design, build, test, implement, maintenance and support (and disposal).

Procedural programming tends to lean towards which type of programming process?

Options are :

  • Cripple ware.
  • Sashimi.
  • Bottom-up.
  • Top-down. (Correct)

Answer : Top-down.

Explanation Top-Down Programming: Starts with the big picture, then breaks it down into smaller segments. Procedural programming leans toward Top-Down, you start with one function and add to it.

Which software development methodology uses prototypes in addition to, or instead of, design specifications.

Options are :

  • XP.
  • RAD. (Correct)
  • Scrum.
  • Prototyping.

Answer : RAD.

Explanation RAD (Rapid Application Development): Puts an emphasize adaptability and the necessity of adjusting requirements in response to knowledge gained as the project progresses. Prototypes are often used in addition to or sometimes even in place of design specifications. Very suited for developing software that is driven by user interface requirements. GUI builders are often called rapid application development tools.

CISSP - Security Operations Mock Questions

Which software development methodology breaks the project into smaller tasks and builds multiple models of system design features?

Options are :

  • XP.
  • Prototyping. (Correct)
  • Scrum.
  • RAD.

Answer : Prototyping.

Explanation Prototyping: Breaks projects into smaller tasks, creating multiple prototypes of system design features. A working model of software with some limited functionality, rather than designing the full software up front. Has a high level of customer involvement, the customer has inspects the prototypes to ensure that the project is on track and meeting its objective.

In part of our backup and disposal policy, you would find all these regarding backup tapes, EXCEPT which?

Options are :

  • Thrown in the trash when the retention period is over. (Correct)
  • Software encrypted.
  • Kept in a secure geographical distance climate controlled facility.
  • Hardware encrypted.

Answer : Thrown in the trash when the retention period is over.

Explanation Tapes should be properly disposed of, our data is still on the tape even if the retention has expired.

When you discover a software vulnerability, you notify the vendor of the vulnerability for them to fix it. What is the term used for this?

Options are :

  • Partial disclosure. (Correct)
  • Full disclosure.
  • No disclosure.
  • Predictable disclosure.

Answer : Partial disclosure.

Explanation Responsible/Partial disclosure: Telling the vendor, they have time to develop a patch and then disclose it. If they do nothing we can revert to the full disclosure forcing them to act.

CISSP Security Engineering Certification Practice Exam Set 5

We are using the scrum project management methodology on one of our projects. For that project who would be responsible for the analysis, design, and documentation?

Options are :

  • The product owner.
  • The scrum master.
  • All of these.
  • The development team. (Correct)

Answer : The development team.

Explanation Development team: Responsible for delivering the product at the end of each sprint (sprint goal). The team is made up of 3–9 individuals who do the actual work (analysis, design, develop, test, technical communication, document, etc.). Development teams are cross-functional, with all of the skills as a team necessary to create a product increment.

Jane is using the Scrum project management methodology. Which of these would be some of the core team roles in the Scrum framework? (Select all that apply).

Options are :

  • The product owner. (Correct)
  • The project manager.
  • The project sponsor.
  • The development team. (Correct)
  • The Scrum master. (Correct)

Answer : The product owner. The development team. The Scrum master.

Explanation Scrum is a framework for managing software development. Scrum is designed for teams of approximately 10 individuals, and generally relies on two-week development cycles, called "sprints", as well as short daily stand-up meetings. The three core roles in the Scrum framework. The product owner: Representing the product's stakeholders, the voice of the customer, and is accountable for ensuring that the team delivers value to the business. Development team: Responsible for delivering the product at the end of each sprint (sprint goal). The team is made up of 3–9 individuals who do the actual work (analysis, design, develop, test, technical communication, document, etc.). Scrum master: Facilitates and accountable for removing impediments to the ability of the team to deliver the product goals and deliverables. Not a traditional team lead or project manager but acts as a buffer between the team and any distracting influences. The scrum master ensures that the Scrum framework is followed.

We have just signed a contract with a vendor for a Software as a service (SaaS) implementation. Where does our responsibility start, and the vendors responsibility stop?


Options are :

  • C: Between virtualization and OS.
  • A: After the application. (Correct)
  • D: Between storage and servers.
  • B: Between security and application.

Answer : A: After the application.

Explanation In Software as a service (SaaS), the vendor provides everything including the applications and programs. We would provide the data for the applications.

CISSP Security Engineering Certification Practical Exam Set 10

We are looking at SDLC project management software development methodologies. Which of these NOT one of them?

Options are :

  • Agile.
  • Bottom-up. (Correct)
  • Waterfall.
  • Sashimi.

Answer : Bottom-up.

Explanation Waterfall , Agile and Sashimi are all SDLC methods, bottom-up is not.

In Agile XP software development, we would normally do all of these, EXCEPT which?

Options are :

  • Use short 1-2 week development cycles (sprints). (Correct)
  • Unit testing of all code.
  • Programming pairs.
  • Expect changing requirements.

Answer : Use short 1-2 week development cycles (sprints).

Explanation XP (Extreme programming): Intended to improve software quality and responsiveness to changing customer requirements. Uses advocates frequent releases in short development cycles, intended to improve productivity and introduce checkpoints at which new customer requirements can be adopted. XP uses: Programming in pairs or doing extensive code review. Unit testing of all code. Avoiding programming of features until they are actually needed. Flat management structure. Code simplicity and clarity. Expecting changes in the customer's requirements as time passes and the problem is better understood. Frequent communication with the customer and among programmers.

When we check our databases for integrity, we notice a value that is not consistent with the attribute data type. Which type of integrity failure is this?

Options are :

  • Referential integrity.
  • Entity integrity.
  • Semantic integrity. (Correct)
  • Formatted integrity.

Answer : Semantic integrity.

Explanation Semantic integrity: Each attribute value is consistent with the attribute data type.

CISSP Security Engineering Certification Practice Exam Set 7

Jane is looking at Java vulnerabilities for a report. She needs to present it to senior management at the end of the week. Which type of database does Java use?

Options are :

  • Object-oriented. (Correct)
  • Document-oriented.
  • Hierarchical.
  • Relational.

Answer : Object-oriented.

Explanation Object-Oriented Databases (Object Database Management Systems): Object databases store objects rather than data such as integers, strings or real numbers. Objects are used in object oriented languages such as Smalltalk, C++, Java, etc. Objects, in an object-oriented database, reference the ability to develop a product, then define and name it. The object can then be referenced, or called later, as a unit without having to go into its complexities.

We want to mitigate injection attacks (OWASP A1) on our web servers. What can we implement to help with that?

Options are :

  • Non-predictable session IDs.
  • CAPTCHA.
  • Input validation. (Correct)
  • SSL.

Answer : Input validation.

Explanation A1 Injection. Can be any code injected into user forms, often seen is SQL/LDAP. Attackers can do this because our software does not use: Strong enough input validation and data type limitations input fields. Input length limitations. The fix is to do just that, we only allow users to input appropriate data into the fields, only letters in names, numbers in phone number, have dropdowns for country and state (if applicable), we limit how many characters people can use per cell,

When we talk about proprietary software, we are referring to which of these?

Options are :

  • Open source.
  • Closed source.
  • All of these. (Correct)
  • Software not released into the public domain.

Answer : All of these.

Explanation Proprietary software: Software protected by intellectual property and/or patents, often used interchangeably with Closed Source software, but it really is not. It can be both Open and Closed Source software. Any software not released into the public domain is protected by copyright.

CISSP - Mock Questions with all domains

In object-oriented databases, the objects can have different attributes. Which of them would define the behavior of an object?

Options are :

  • Attributes.
  • Classes.
  • Schemas.
  • Methods. (Correct)

Answer : Methods.

Explanation Methods: Defines the behavior of an object and are what was formally called procedures or functions. Objects contain both executable code and data.

In object-oriented databases, the objects can have different attributes. Which of these would define the characteristics of an object?

Options are :

  • Attributes. (Correct)
  • Methods.
  • Schemas.
  • Classes.

Answer : Attributes.

Explanation Attributes: Data which defines the characteristics of an object. This data may be simple such as integers, strings, and real numbers or it may be a reference to a complex object.

Bob is doing cleanups of one of our databases. He has found foreign keys that do not match the primary key. Which type of integrity error is this?

Options are :

  • Foreign.
  • Semantic.
  • Entity.
  • Referential. (Correct)

Answer : Referential.

Explanation Referential integrity: When every foreign key in a secondary table matches a primary key in the parent table. It is broken if not all foreign keys match the primary key.

CISSP - Communications and Network Security Mock Questions

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions