(ISC)² CISSP Certified Information Systems Security Professional Official Study Guide

Chapter 20: Software Development Security




1. The primary key uniquely identifies each row in the table. For

example, an employee identification number might be the primary
key for a table containing information about employees.

2. Polyinstantiation is a database security technique that appears to
permit the insertion of multiple rows sharing the same uniquely
identifying information.

3. Static analysis performs assessment of the code itself, analyzing the
sequence of instructions for security flaws. Dynamic analysis tests
the code in a live production environment, searching for runtime

flaws.

4. One phase.

Chapter 21: Malicious Code and Application

Attacks




1. Viruses and worms both travel from system to system attempting
to deliver their malicious payloads to as many machines as

possible. However, viruses require some sort of human
intervention, such as sharing a file, network resource, or email
message, to propagate. Worms, on the other hand, seek out
vulnerabilities and spread from system to system under their own
power, thereby greatly magnifying their reproductive capability,
especially in a well-connected network.

2. To construct a rainbow table, the attacker follows this process:


1. Obtain or develop a list of commonly used passwords.

2. Determine the hashing function used by the password
mechanism.

3. Compute the hash value of each password on the commonly
used list and store it with the password. The result of this
operation is the rainbow table.

3. If possible, antivirus software may try to disinfect an infected file,

removing the virus’s malicious code. If that fails, it might either
quarantine the file for manual review or automatically delete it to
prevent further infection.

4. Data integrity assurance packages like Tripwire compute hash
values for each file stored on a protected system. If a file infector
virus strikes the system, this would result in a change in the
affected file’s hash value and would, therefore, trigger a file

integrity alert.



Comprehensive Online Learning Environment




Register to gain one year of FREE access to the online interactive
learning environment and test bank to help you study for your (ISC) 2
CISSP certification exam—included with your purchase of this book!



The online test bank includes the following:


Assessment Test to help you focus your study to specific
objectives

Chapter Tests to reinforce what you’ve learned

Practice Exams to test your knowledge of the material

Digital Flashcards to reinforce your learning and provide last-
minute test prep before the exam

Searchable Glossary to define the key terms you’ll need to know
for the exam



Register and Access the Online Test Bank

To register your book and get access to the online test bank, follow
these steps:

1. Go to bit.ly/SybexTest.

2. Select your book from the list.

3. Complete the required registration information including

answering the security verification proving book ownership. You
will be emailed a pin code.

4. Follow the directions in the email or go to
www.wiley.com/go/cissptestprep.

5. Enter the pin code you received and click the “Activate PIN”
button.

6. On the Create an Account or Login page, enter your username and

password, and click Login. A “Thank you for activating your PIN!”
message will appear. If you don’t have an account already, create a

new account.

7. Click the “Go to My Account” button to add your new book to the
My Products page.

Do you need more practice? Check out CISSP Official (ISC)2 Practice
Tests, 2nd Edition (ISBN: 978-1-119-47592-7). With 100 or more
practice questions for each domain and four additional complete
practice exams, it’s a great way to build your confidence and readiness
for exam day.

WILEY END USER LICENSE AGREEMENT



Go to www.wiley.com/go/eula to access Wiley’s ebook EULA.