Skip survey header

CISSP Practice Quiz: Domain 8: Software Development Security Quiz 1

CISSP Practice Quiz: Domain 8: Software Development Security Quiz 1

1. Joan is developing a new web application and wants to protect against SQL injection attack. What is the best technique she can use to defend against this threat?
2. Don’s company is using the waterfall model of software development. Which one of the following transitions is not acceptable under this model?
3. What level of the software capability maturity model focuses on both quantitative process management and software quality management?
4. What type of software development project management tool is shown in the figure below?

5. Jason is analyzing the logs from his web server and notices user-supplied input that has this text entered into a name field:


What type of attack may have occurred?

6. Which character is the most critical portion of a SQL injection attack?
7. Allan would like to reduce the likelihood that an attacker will be able to exploit his backend database through a web server query. What technique may assist in this goal?
8. Yolanda is negotiating a contract with a cloud service provider and wants to ensure that the contract contains uptime guarantees. What type of agreement should she sign with the vendor?
9. Which one of the following is not a component of a typical change management program?
10. What approach to software development embraces delivering value quickly and iteratively improving?