Home > CISSP > Quizzes > CISSP Domain 8: Software Development Security
CISSP Domain 8: Software Development Security
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 33% Most missed: “What technique is used to detect buffer overflows?”

Domain 8: Software Development Security Practice Questions 
Questions from the following topics are included in this domain: 
Understanding and integrating security into the software development life cycle 
Identifying and applying security controls to software development 
Assessing the effectiveness of software security
Assessing the security of acquired software  
Defining and applying secure coding guidelines and standards  

CISSP Domain 8: Software Development Security
Time left 00:00
25 Questions

1. When coding in .NET on a Microsoft system, compiling with the /GS flag enables which feature?
2. Veronica leads the software development team at TTC Corp and uses a tool to prioritize which errors must be resolved before releasing the application. What is this tool called?
3. One of the important differences between a SIEM platform and a SOAR platform is what?
4. Hash functions are commonly deployed for what purpose?
5. Which architecture mimics desktop applications in terms of functionality and usability?
6. Matthew manages the software development of a website with a paywall, and they are running behind schedule. The threat model documentation is mostly complete. What should be their next step?
7. Which of the following technologies is a set of standards that uses radio frequencies over very short distances?
8. Jacques has just finished writing an application for computer-aided engineering. After running the application, he notices that the output results are incorrect, and now he needs to debug the application even further. What kind of test did he run?
9. Users that create passwords with multiple characters using uppercase characters, lowercase characters, special characters, and a minimum of 12 characters are using which type of security model?
10. Which of the following is NOT a key difference between standard work groups and integrated product teams (IPTs)?
11. Nathan, a software engineer, has developed an application in the C language that allows users to enter their tax identification number. Which of the following is his primary concern?
12. Which system uses customized playbooks to automate the mitigation of cybersecurity incidents, thus resulting in faster incident response and system operations being streamlined?
13. Which of the following is the biggest risk for an organization converting from a Waterfall development to continuous integration and continuous delivery?
14. What is the primary difference between software configuration management (SCM) and a revision control system (RCS)?
15. Hernan is designing an application that would work great within a single sign-on (SSO) system. What is the BEST way for him to manage authentication in the system?
16. What are the BEST methods for examining and selecting code when you're using disallowed functions (for example, routines prone to buffer overflows)?
17. Creating standardized designs, and running standardized code for similar or repeatable functionalities, goes by which design philosophy?
18. TVM Corp's team of software developers inspects each programmer's source code for proper data sanitation regarding inputs, backdoors, and buffer overflow mitigations. This is an example of which activity?
19. The process that considers decision making from a variety of skill sets, for a specific product, within a specific timeframe, and uses consensus building techniques is considered which of the following?
20. Which of the following are foundations of privacy?
21. Applications that are written to restore themselves after a security breach are known to have which functionality?
22. Jackson tests security for applications, including those that encrypt data. To validate the encryption functions, he runs all of the following Except for what?
23. An important part of customer service for those that use an organization's software product includes which of the following?
24. Designing a simpler system that makes it easier for the team and others to understand design objectives is an example of which principle?
25. The security approach of complete mediation has which of the following features?