CSSLP Flashcards

Question 1

Q

Confidentiality is used to

a) protect information from destruction
b) protect information from disclosure
c) protect information from modification
d) all of the above

Answer

A

b) protect information from disclosure

Question 2

Q

Integrity is used to

a) protect information from destruction
b) protect information from disclosure
c) protect information from modification
d) both a and c

Answer

A

d) both a and c

Question 3

Q

Integrity can be ensured by

a) redundancy
b) failover
c) clusters
d) none of the above

Answer

A

d) none of the above

Question 4

Q

Availability can be ensured by

a) encryption
b) revocation
c) clusters
d) hashing

Answer

A

c) clusters

Question 5

Q

Failover is applied

a) automatically
b) manually
c) never
d) none of the above

Answer

A

a) automatically

Question 6

Q

Separation of duties

a) breaks work into manageable parts
b) improves quality control
c) requires multiple parties
d) reduces the work week

Answer

A

c) requires multiple parties

Question 7

Q

An audit is

a) a single point in time event
b) a continuous event
c) a subset of monitoring
d) an accounting task

Answer

A

a) a single point in time event

Question 8

Q

The KISS principle is demonstrated by

a) nonrepudiation
b) least privilege
c) defense in depth
d) economy of mechanism

Answer

A

d) economy of mechanism

Question 9

Q

Secure configuration management (CM) is most useful for

a) organizing meetings
b) reviewing documentation
c) preventing integrity breaches
d) secure data repositories

Answer

A

c) Configuration management ensures against the unauthorized modification or destruction of data items

Question 10

Q

Which is not a secure configuration management and version control (CM/VC) process?

a) Planning
b) Identifying file security
c) Controlling configuration changes
d) Monitoring

Answer

A

b) CM/VC deals with monitoring data items, it does not implement file security

Question 11

Q

Which methodology uses a security best practices approach whereby the best practices are mapped to each phase of a generic software development lifecycle (SDLC)?

a) Microsoft SDL
b) S-Scrum
c) CLASP
d) SALSA

Answer

A

c) CLASP is designed to insert security into SDLC phases, regardless of methodology

Question 12

Q

A disadvantage of agile methods is that

a) they map all requirements to a generic SDLC
b) they require fast computers for execution of the code
c) they do not work with older code
d) they do not allow sufficient time for detailed security planning or analysis

Answer

A

d) Agile is based on identifying just enough requirements for the next sprint, and executing those quickly

Question 13

Q

What is the difference between standards and frameworks?

a) Standards are accepted as best practices, whereas frameworks are practices that are generally employed
b) Standards are locality specific, whereas frameworks are international
c) Standards are specific while frameworks are general
d) Both A and C

Answer

A

d) both A and C

Question 14

Q

Attack surface analysis will

a) identify what functions and what parts of the system you need to review/test for security vulnerabilities
b) identify high-risk areas of code that require defense in depth protection - what parts of the system that you need to defend
c) identify when you have changed the attack surface and need to do some kind of threat assessment
d) do all of the above

Answer

A

d) do all of the above

Question 15

Q

End-of-life policies apply when

a) users are retiring from the organization
b) users are transitioning to a newer platform
c) users need to update their policies and procedures
d) none of the above happens

Answer

A

b) users are transitioning to a newer platform

Question 16

Q

Which is not a risk management strategy?

a) Mitigate
b) Accept
c) Transfer
d) Amend

Question 17

Q

Which of the following regulations include provisions to protect consumers’ personal financial information held by financial institutions?

a) Sarbanes-Oxley Act (SOX)
b) Payment Card Industry Data Security Standard (PCI-DSS)
c) Gramm-Leach-Bliley Act (GLBA)
d) Electronic Fund Transfer Act, Regulation E (EFTA)

Answer

A

c) GLBA deals with privacy requirements for financial information

Question 18

Q

Which type of requirement is used to describe long-term goals?

a) Cosmic
b) Mission
c) Business
d) Technical

Answer

A

b) Mission requirements describe long term goals, business requirements describe mid-term goals, technical requirements describe short term goals

Question 19

Q

Which of the following is not a classification criterion for data?

a) usefulness of data
b) value of data
c) age of data
d) format of data

Answer

A

d) Classification deals with labeling data according to sensitivity; data format does not affect this

Question 20

Q

Which of the following is not a mandatory document?

a) Standards
b) Baselines
c) Procedures
d) Guidelines

Answer

A

d) Guidelines are optional. Standards, baselines and procedures are mandatory

Question 21

Q

Which of the following is an anonymization approach for relational data?

a) Socialization
b) Perturbation
c) Derivation
d) Elicitation

Answer

A

b) There are 4 approaches to data anonymization; Generalization, Perturbation, Replacement and Suppression

Question 22

Q

Which of the following are used in the development of abuse cases?

a) Case Reports
b) Use Cases
c) Risk Results
d) Complaints

Answer

A

b) Abuse cases can be developed from the inverse of use cases

Question 23

Q

The requirements for a software security standard are comprised of which two subsets to enhance system protection and reduce the risk to the system?

a) Operational System and Organization
b) Operational System and Environment
c) Operational System and Development Process
d) none of the above

Answer

A

a) The requirements for a software security standard are drawn from operational system and organization requirements and development process and environment requirements

Why is this not all of the above?

Question 24

Q

Which testing process is most commonly performed at the end of the SDLC?

a) Source Code Static Security Analysis
b) Binary Code Security Scanning
c) Byte Code Security Analysis
d) Source Code Security Fault Injection

Answer

A

c) Byte code security analysis can be performed in tandem with source code analysis at the end of the SDLC to improve overall accuracy of results

Question 25

Q

Which principle states that a system should have simple, well-defined interfaces and functions?

a) Clear Abstractions
b) Least Common Mechanism
c) Modularity and Layering
d) Partially Ordered Dependencies

Answer

A

a) An abstraction is a technique for arranging complexity of computer systems; clear abstractions are those with simple, well-defined interfaces

Question 26

Q

Which principle states that the system design should be as simple and small as possible?

a) Efficiently Mediated Access
b) Minimized Sharing
c) Reduced Complexity
d) Secure Evolvability

Answer

A

c) Reduced Complexity means the design should be as simple and small as possible

Question 27

Q

Which principle states that each component should be allocated sufficient privileges to accomplish its specified functions, but no more?

a) Inverse Modification Threshold
b) Hierarchical Protection
c) Minimized Security Elements
d) Least Privilege

Answer

A

d) Security elements should enforce principles such as least privilege and separation of duties

Question 28

Q

Which of the following is an advantage of using an SRTM?

a) It confirms 100 percent test coverage
b) It highlights any security flaws
c) It focuses only on business requirements
d) It replaces the need for analysis by the QA team

Answer

A

a) By being able to track the business requirement to the technical requirement to the test case; there is the assurance of 100% test coverage

Question 29

Q

Which of the following defines an entity that denies having performed an action?

a) Tampering
b) Repudiation
c) Information Disclosure
d) Denial of Service

Answer

A

b) Non-repudiation is tied to accountability and means an actor cannot deny performing an action

Question 30

Q

Which of the following potential mitigations is used if you want to leave the threat unmitigated?

a) Warn the User (W)
b) Disable the Feature (D)
c) Remove the Feature (R)
d) Technological Solution (T)

Answer

A

a) There are 4 potential mitigations; warn the user (which leaves the threat unmitigated), disable the feature (making it an optional application function), remove the feature (get rid of it), technological solution (use technological solutions to mitigate the threat)

Question 31

Q

With which of the following does attack surface analysis help? (Select all that apply)

a) Identify what functions and what parts of the system you need to review/test for security vulnerabilities
b) Identify high-risk areas of code that require defense in depth protection and what parts of the system you need to defend
c) Identify what parts of the system need to be removed or turned off
d) Identify when you have changed the attack surface and need to perform a threat assessment

Answer

A

A, B and D - Attack surface analysis is an assessment of the total number of exploitable vulnerabilities in a system or network or other potential computer attack targets. So A, B and D all apply.

Question 32

Q

Which of the following represent the steps in the attack surface analysis process? (Select all that apply)

a) Defining the attack surface of an application
b) Listing the components of the attack surface
c) Measuring and assessing the attack surface
d) Managing the attack surface

Answer

A

A, B and C - The attack surface analysis process steps are: Define the attack surface of an application, Identify and map the attack surface, Measure and assess the attack surface

https://www.owasp.org/index.php/Attack_Surface_Analysis_Cheat_Sheet

Question 33

Q

Which type of control is intended to limit the extent of any damage caused by an incident?

a) Limitation Controls
b) Preventive Controls
c) Detective Controls
d) Corrective Controls

Answer

A

d) Corrective controls restore the system or process back to the state prior to a harmful event. As such, they contain the damage and prevent further spread of the incident

Question 34

Q

What is the definition of a Rich Internet Application (RIA)?

a) An expensive software based control implemented via a web service
b) A desktop application ported to a web server and run via a portal
c) A web application that has many of the characteristics of desktop application software
d) An internet application that can be used to create income using web services

Answer

A

c) A Rich Internet Application is a Web application that has many of the characteristics of desktop application software, and is typically delivered via a browser plug-in, an independent sandbox, JavaScript, or a virtual machine

Question 35

Q

What is a multitenant cloud infrastructure where the cloud is shared by several IT organizations known as?

a) Shared Cloud
b) Organizational Cloud
c) Community Cloud
d) None of the above

Answer

A

c) A community cloud is a cloud computing solution provided to a specific computing community, and that is governed, managed and secured commonly by that participating community

Question 36

Q

What must you be able to do when performing a design security review?

a) Attach performance metrics to the review process
b) Decompose your application and be able to identify key items
c) Highlight all security controls used in the system
d) Use standardized graphics to document the data flow

Answer

A

b) Decomposing the application allows for a more detailed understanding of the mechanics of the application makes it easier to uncover more relevant and more detailed threats

Question 37

Q

What is the difference between provenance and pedigree?

a) Provenance is a place or source of origin, Pedigree is a chart, list or record of origin
b) Pedigree is systematically recorded while Provenance is left to chance
c) Provenance and Pedigree refer to the same concept
d) Pedigree is place or source of origin while Provenance is a chart, list or record of origin

Answer

A

a) The difference between Provenance and Pedigree is that Provenance is the place or source of origin; Pedigree is a chart, list or record of origin. The Pedigree is the basis for creating software supply chain paths

Question 38

Q

Which of the following environment types include techniques that let users directly manipulate the structures?

a) Language-oriented Environments
b) Structure-oriented Environments
c) Toolkit Environments
d) Method-Based Environments

Answer

A

b) Language-oriented environments are developed around one language, thereby offering a tool set suitable for that particular language. They are very interactive and provide restricted support for programming-in-the-large. Structure-oriented environments include techniques that let users directly manipulate the structures. These techniques are language independent, which triggered the concept of generators for environments. Toolkit environments offer a set of tools that incorporate language independent support for programming-in-the-large tasks such as version control and configuration management. Method-based environments include support for a wide variety of routines involved in the software development process. This includes tasks such as team and project management. These environments also feature tools for certain specification and design techniques.

Question 39

Q

An agreement for all customers using the services being delivered by the service provider is an example of which of the following?

a) Customer Based SLA
b) Service Based SLA
c) Multilevel SLA
d) Customer Level SLA

Answer

A

b) A service level agreement (SLA) is an agreement between two or more parties where one is the customer and the others are service providers. This can be a formal (legally binding) or an informal (for example, internal department relationships) “contract”. The agreement may involve separate organizations or different teams within one organization

Question 40

Q

Which of the following is included in the terms and conditions of the GNU General Public License (GNU GPL)?

a) The license must be made available to anybody
b) Any licensee who adheres to the terms and conditions is given permission to modify the work
c) Free software should place restrictions on commercial use
d) A distributer may impose further restrictions on the rights granted by the GPL

Answer

A

b) The GNU General Public License (GNU GPL) is a freely available, copyleft license, a license that allows end users to execute, modify, and share the software to which the license applies, and which means that any software created or modified under that license must be distributed under the same license terms. The license allows for redistribution, either for a fee or free of charge, but cannot impose any constraints further than those already enforced by the parent GLP license, such as a nondisclosure agreement or contract. The only restriction on the use of the GLP license is that two licensees must use different names for the license.

Question 41

Q

Which of the following is the most important use of input validation?

a) It ensures that input is readable
b) It can be used to design elegant interfaces
c) It ensures all of the required fields have been filled out and conform to your formats and business rules
d) It is the most effective way to stop the execution of common attacks

Answer

A

d) There are all sorts of other types of vulnerabilities that would be solved by input validation. If there is one thing that could solve a huge number of security vulnerabilities, including execution attacks, it would be input validation.

Question 42

Q

In terms of output encoding, an XSL engine is used to do which of the following?

a) Load documents into memory
b) Convert text to XLS format
c) Convert the output to a different encoding
d) Perform the execution of the XSL commands

Answer

A

c) One way of performing output encoding is to use an Extensible Stylesheet Language (XSL) engine, which can convert the output to a different encoding.

Question 43

Q

In terms of malware, what is the definition of a worm?

a) A fragment of code that attaches itself to other executable computer instructions
b) A virus that is able to infect both boot sectors and program files
c) A stand-alone file that can be executed by an interpreter
d) A program that self-propagates from one computer to another over a network

Answer

A

d) A worm is a program that self-propagates from one computer to another over a network, using the resources on one machine to attack other machines. Worms differ from viruses in that they do not need input from users; worms are independently capable of transferring between computers.

Question 44

Q

What is the most important aspect of code signing?

a) Ensuring the code is in the correct format for the signing process
b) Ensuring the correct public keys are available to sign the code
c) Ensuring the integrity of the system relies on publishers securing their private keys against unauthorized access
d) Ensuring the hashing algorithm can perform both encryption and decryption

Answer

A

c) Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee the code has not been altered or corrupted since it was signed. The process employs the use of a cryptographic hash to validate authenticity and integrity.

Question 45

Q

What is software security testing mainly used to test against?

a) Software Security Enhancements
b) Functional Requirements
c) Nonfunctional Requirements
d) Attacker Heuristics

Answer

A

c) Nonfunctional refers to aspects of the software that may not be related to a specific function or user action such as scalability or security

Question 46

Q

Which of the following is the correct sequence of execution for penetration testing?

a) Reconnaissance, Scanning, Attack, Vulnerability Mapping, and Reporting
b) Planning, Discovery, Vulnerability Mapping, Penetration, and Reporting
c) Planning, Discovery, Vulnerability Mapping, Attack, and Reporting
d) Planning, Vulnerability Mapping, Scanning, Attack, and Reporting

Answer

A

c) Penetrating testing is often executed in 5 phases: Planning, Discovery, Vulnerability Mapping, Attack and Reporting

Question 47

Q

Which of the following is the correct description for stress testing of software testing?

a) Large amounts of data
b) Large amounts of users
c) Too much data and too many users
d) Too many users, too much data and too little time and too little room

Answer

A

d) The difference between volume, load and stress testing is as follows: Volume testing uses large amounts of data, load testing uses a large amount of users, while stress testing uses too many users and too much data with too little time and too little room

Question 48

Q

What is the main difference between test harness / unit test framework tools and test execution tools?

a) Test harness tools need to be constrained during use
b) There is no capture / playback facility in unit test tools, and they tend to be used at a lower level
c) Test execution tools only run on compiled code
d) None of the above

Answer

A

b) Test execution tools are also known as capture - playback capture - replay tools. The test execution tools need a scripting language to create and modify the scripts to run the tool.

Question 49

Q

Which of the following is an object that is verified when presented to the verifier in an authentication transaction?

a) Credential
b) Secret Key
c) Authenticator
d) Certificate

Answer

A

a) A credential is an object that is verified when presented to the verifier in an authentication transaction. Credentials may be bound in some way to the individual to whom they were issued, or they may be bearer credentials. The former are necessary for identification, while the latter may be acceptable for some forms of authentication.

Question 50

Q

Why does security checking need to continue during distribution/deployment and after software has been tested?

a) The tester’s job is never done
b) The code needs a final check before delivery
c) Pre-deployment software is most vulnerable to unauthorized access
d) The test plan may have missed something

Answer

A

c) Once software has undergone all of its testing and mitigations or remediations of unacceptable test findings have been implemented, it is considered ready for release. Security checking does not stop here, however, because this is the point in the SDLC at which pre-deployment software is most vulnerable to unauthorized access when it is being staged for distribution/deployment, transferred from staging to the production environment, or in the process of being installed.

Question 51

Q

If code with a vulnerability is removed from the code base, which risk response was exercised?

a) Accepting
b) Avoiding
c) Transferring
d) Sharing

Answer

A

b) After a risk determination, organizations can respond to risk in a variety of ways: accepting risk, avoiding risk, mitigating risk, sharing risk, transferring risk, or a combination of the above.

Question 52

Q

What is the purpose of a data retention policy?

a) Describe the procedure to retain data
b) Determine where data should be stored
c) Determine which data is not subject to specific regulatory requirements
d) Determine the sequence by which the data should be deleted

Answer

A

c) A data retention policy, or records retention policy, is an organization’s established protocol for retaining information for operational or regulatory compliance needs.

Question 53

Q

Which of the following access control types gives “UPDATE” privileges on Structured Query Language (SQL) database objects to specific users or groups?

a) Content dependent access control
b) Discretionary access control
c) Directory access control
d) Data Control Language (DCL) access control

Answer

A

b) Discretionary Access Control

Question 54

Q

The 3 primary methods for authentication of a user to a system or network are:

a) Passwords, tokens and biometrics
b) Authorization, identification and tokens
c) Passwords, encryption and identification
d) Identification, encryption and authorization

Answer

A

a) Passwords, tokens and biometrics

Question 55

Q

An access system that grants users only those rights necessary for them to perform their job is operating on which security principle?

a) Discretionary Access
b) Least Privilege
c) Mandatory Access
d) Separation of Duties

Answer

A

b) Least Privilege

Question 56

Q

Which one of the following can be used to increase the authentication strength of an access control system?

a) Multi-party
b) Two factor
c) Mandatory
d) Discretionary

Answer

A

b) Two factor

Question 57

Q

What role do biometrics have in a logical access control?

a) Identification
b) Authorization
c) Authentication
d) Confirmation

Answer

A

c) Authentication

Question 58

Q

At what stage of the application development process should the security department first become involved?

a) Prior to the implementation
b) Prior to user acceptance testing
c) During unit testing
d) During requirements development

Answer

A

d) During requirements development

Question 59

Q

All the following are purposes of the change control management process EXCEPT ensuring the changes are :

a) Properly authorized
b) Required by users
c) Fully documented
d) Performed correctly

Answer

A

b) Required by users

Question 60

Q

Security of an automated system is most effective and economical if the system is

a) Optimized prior to addition of security
b) Customized to meet a specific security threat
c) Subjected to intense security testing
d) Designed originally to provide the necessary security

Answer

A

d) Designed originally to provide the necessary security

Question 61

Q

Programmed procedures which ensure that valid transactions are processed accurately and only once are referred to as

a) Data installation controls
b) Application controls
c) Operation controls
d) Physical controls

Answer

A

c) Operation controls

Question 62

Q

What common attack can be used against passwords if a copy of the password file can be obtained?

a) Birthday attack
b) Dictionary attack
c) Plaintext attack
d) Smurf attack

Answer

A

b) Dictionary attack

Question 63

Q

Configuration management ensures that all changes to a computer system take place in an identifiable and controlled environment, and that the changes

a) to application software cannot bypass system security features
b) do not adversely affect implementation of the security policy
c) to the operating system are always subjected to independent validation and verification
d) in technical documentation maintain an accurate description of the Trusted Computing Base

Answer

A

b) do not adversely affect implementation of the security policy

Question 64

Q

Which of the following is the MAIN advantage of having an application gateway?

a) To perform change control procedures for applications
b) To provide a means for applications to move into production
c) To log and control incoming and outgoing application traffic
d) To audit and approve changes to applications

Answer

A

c) To log and control incoming and outgoing application traffic

Answer 64

A

c) Catch and log exceptions only at points which exceptions are actually handled

Answer 65

A

b) A brief high-level statement defining what is and is not permitted in the operation of a system

Answer 66

A

c) It provides highly granular control

Answer 67

A

c) Reference Monitor

Answer 68

A

b) To provide a clear understanding of potential risk and exposure

Answer 69

A

b) Vulnerabilities in software

Answer 70

A

b) a person or process emulating another person or process

Answer 71

A

d) ALE = SLE * ARO

Answer 72

A

d) Procedure

Answer 73

A

b) Cost justified for the potential loss

Answer 74

A

a) Separation of duties

Answer 75

A

d) Detection

Answer 76

A

a) It is relatively easy to distribute keys

Answer 77

A

b) Certification Authority (CA)

Answer 78

A

a) Data Encryption Standard (DES)

Answer 79

A

d) Key Exchange

Answer 80

A

c) It identifies the source and verifies the integrity of data

Answer 81

A

b) the number of people requiring access to the system or data

Answer 82

A

c) Need to Know

Answer 83

A

a) Tunnel

Answer 84

A

b) Protected subsystem

Answer 85

A

d) User input validation

Answer 86

A

d) Subject’s digital signature

Answer 87

A

b) Client execution environment may not provide the ability to limit system access that an applet could have on a client system

Answer 88

A

c) Level 3

Answer 89

A

a) Everyone in the organization

Answer 90

A

b) Arbitrary code execution

Answer 91

A

a) Improve the quality of the software product

Answer 92

A

c) validate user input

Answer 93

A

b) the governing law in the agreements between two nations

Answer 94

A

a) The impact on the organization’s ability to achieve its goals

Answer 95

A

a) User’s Name

Answer 96

A

b) Threat Modeling

Answer 97

A

b) It directly reflects management’s commitment to security

Answer 98

A

d) Statement of performance characteristics and requirements

Answer 99

A

a) A hierarchical definition of security policies, standards and procedures

Answer 100

A

b) Periodically review audit and access logs

Answer 101

A

b) Single Loss Expectancy

Answer 102

A

c) Due to its compactness, the kernel is easier to formally verify

Answer 103

A

b) Small - In order to facilitate the detailed analysis necessary to prove that it meets design requirements

Answer 104

A

c) Password

Answer 105

A

a) The individual must have a need to know

Answer 106

A

a) Availability, Confidentiality, Integrity

Answer 107

A

a) create a standard configuration for all systems and applications on the network

Answer 108

A

a) centralized or decentralized according to business and security needs

Answer 109

A

c) control all access by subjects requesting access to resources

Answer 110

A

b) Trademark

Answer 111

A

d) permit authenticated personnel to perform authorized changes

Answer 112

A

d) integrate security into the software development process

Answer 113

A

b) understand both use and misuse case models

Answer 114

A

d) develop an information classification procedure and ensure that appropriate handling procedures are in place

Answer 115

A

a) identifying an information owner

Answer 116

A

a) Single Sign On

Answer 117

A

a) security requirement to the components that will deliver specific security functions

Answer 118

A

a) define an ongoing metric for default security levels

Answer 119

A

a) older systems were never built with adequate security controls

Answer 120

A

d) the likelihood a control will not provide adequate protection in the event of an attack

Answer 121

A

c) ensuring no unauthorized changes are made to the code

Answer 122

A

c) Threat Modeling

Answer 123

A

d) detecting potential security vulnerabilities not just software function and features

Answer 124

A

c) ensures tests will cover the entire range of allowable input values in a truly random manner

Answer 125

A

c) allow more thorough testing when used in conjunction with manual testing

Answer 126

A

b) attempts to read data from an integrated circuit chip by freezing it at extremely low temperatures

Answer 127

A

c) Type Safety

Answer 128

A

d) To ensure the designed security controls were implemented correctly, operating correctly and providing the intended benefit

Answer 129

A

c) code that is on the attack surface of the application

Answer 130

A

a) ensures new changes do not unintentionally overwrite previous changes

Answer 131

A

c) Customers

Answer 132

A

a) ISO 15408

Answer 133

A

d) Total Risk

Answer 134

A

c) Exploit

Answer 135

A

b) Risk remaining after all controls have been applied

Answer 136

A

d) Asset Value * Exposure Factor

Answer 137

A

a) Annual Rate of Occurrence (ARO * Single Loss Expectancy (SLE)

Remember : ALE = ARO * SLE

-or- BEER = AROUSLE

Answer 138

A

b) Risk Management

Answer 139

A

d) Sometimes difficult to quantify software assets

Answer 140

A

b) Controls may cause unintended results

Answer 141

A

c) The organization

Answer 142

A

b) Document

Answer 143

A

b) Avoidance

Answer 144

A

d) Training

Answer 145

A

b) Privacy

Answer 146

A

b) Confidentiality, Integrity and Availability

Budget, Schedule and Scope are the 3 tiers of the Iron Triangle.

Answer 147

A

a) Logging

Answer 148

A

a) Accountability

Answer 149

A

b) Denial of Service (DOS)

Answer 150

A

c) Least Common Mechanism

Answer 151

A

a) authority to access objects is checked every time access is requested

Answer 152

A

c) Regulatory compliance

Answer 153

A

c) Support of top management

Answer 154

A

d) Use of popular methodologies

Answer 155

A

d) Performance Impairment

Answer 156

A

d) Polymorphism

Answer 157

A

c) ISO 27000 series

Answer 158

A

a) ISO 15408

Answer 159

A

a) ISO 15408

Answer 160

A

d) NIST SP 800-64

Answer 161

A

c) Socratic method

Answer 162

A

a) Six Sigma

Answer 163

A

b) Psychological (User Acceptance)

Answer 164

A

b) Gramm-Leach Bliley Act (GLBA)

Answer 165

A

a) Confidentiality

Answer 166

A

a) Bell-LaPadula Confidentiality (BLP)

Answer 167

A

b) Security

Answer 168

A

d) Clark Wilson Integrity

Answer 169

A

d) Clark Wilson Integrity

Answer 170

A

c) Brewer Nash

Answer 171

A

d) White box testing

Answer 172

A

a) Ring 0

Answer 173

A

b) Trusted Platform Module (TPM)

Answer 174

A

b) User Activity Patterns

Answer 175

A

a) Continuously Improving

This level is also known as Optimizing or Level 5. Qualitatively Controlled is actually Level 4

Answer 176

A

a) Compartmentalization Principle

Answer 177

A

c) Complete Mediation

Answer 178

A

b) COSO and Zachman

Answer 179

A

b) Executive Sponsor

Answer 180

A

d) Input Validation and Hashing

Answer 181

A

a) Critical Business, Administrative and Authentication Attempts

Answer 182

A

b) Acquirer

Answer 183

A

d) Build support, meeting collaboratively with stakeholders, sharing information and being prepared

Answer 184

A

b) Encoded using Base-64 encoding

Answer 185

A

d) Time of Check (TOC) / Time of Use (TOU)

Answer 186

A

a) Encryption and masking

Answer 187

A

d) Are assumed malicious and labeled as such

Answer 188

A

b) In development

Answer 189

A

a) Confidentiality

Answer 190

A

b) Integrity

Answer 191

A

b) Integrity

Answer 192

A

d) Resiliency

Answer 193

A

b) Defensive coding

Answer 194

A

d) Digest authentication

Answer 195

A

b) Grants admins full access

Answer 196

A

a) Access granularity

Answer 197

A

a) Demilitarized Zone (DMZ)

Answer 198

A

a) Canonicalization

Answer 199

A

b) Identity Management Requirements

Answer 200

A

a) Current control environment

Answer 201

A

b) Integrity

Answer 202

A

c) Availability

Answer 203

A

c) Referential constraints

Answer 204

A

c) Provide alternate ways an action can be performed

Answer 205

A

d) Generate sequence diagrams

Answer 206

A

b) Cater to variants and exceptions

Answer 207

A

a) Misuse case visualizations

Answer 208

A

c) A security Architecture and Design report

Answer 209

A

d) Mutual Exclusion Property

Isn’t this NOT a property…look it up

Answer 210

A

c) Accident

Answer 211

A

c) Permissions are assigned to the client

Answer 212

A

c) Race window

Answer 213

A

d) Development

Answer 214

A

d) Relationships

Answer 215

A

b) Threat

Answer 216

A

c) Architects and lead developers

Answer 217

A

c) Business Impact Analysis

Answer 218

A

c) NIST SP 800-12

Answer 219

A

c) Role Based Model

Answer 220

A

a) Organizational policy

Answer 221

A

a) Actor

An actor is some external entity that interacts with the system

Answer 222

A

b) FIPS 201

Answer 223

A

b) Integrity

Answer 224

A

c) Nothing

Answer 225

A

b) Data Classification

Answer 226

A

d) A bug is code-specific and a flaw is weakness in the logic

Answer 227

A

b) Symmetric and Asymmetric encryption, Hashing and Masking

Answer 228

A

b) Recipient’s public key

Answer 229

A

c) Sender’s private key

Answer 230

A

a) Integrity, Availability and Non-Repudiation

Answer 231

A

b) Integrity

Answer 232

A

c) Open connections, memory leaks and endless loops

Answer 233

A

d) Compartmentalization

Answer 234

A

a) Clark Wilson

Answer 235

A

d) Bell-LaPadula

Answer 236

A

b) Rich Internet Applications

Answer 237

A

a) Encryption

Answer 238

A

d) Increased attack surface

Answer 239

A

a) Integrity

Answer 240

A

a) Locking to prevent inconsistent updates

Answer 241

A

d) Confidentiality

Answer 242

A

b) Availability

Answer 243

A

d) Identifies performance implications

Answer 244

A

d) Non-Repudiation

Answer 245

A

a) Proxy between the Internet and Intranet

Answer 246

A

c) Removing maintenance hooks

Answer 247

A

b) Initial Program Load (IPL)

Answer 248

A

c) Document

Answer key say E…but there is no E

Answer 249

A

a) Data and Logic

Answer 250

A

d) Metrics

Answer 251

A

b) Incident Management works to restore service while Problem Management works to improve service

Answer 252

A

d) Removed from service

Answer 253

A

b) Fingerprinting

Answer 254

A

b) Reviews and validates the software’s functionality

Answer 255

A

c) Trade secret

Answer 256

A

a) Accreditation

Answer 257

A

b) Regression Testing

Answer 258

A

d) Performance measures

Answer 259

A

d) Vendor Evaluation

Answer 260

A

c) How long it take for an event to be elevated to an incident

Answer 261

A

c) Certification

Answer 262

A

d) Trademark

Answer 263

A

b) Exceptions to Policy

Answer 264

A

b) Stress Testing

Answer 265

A

d) Black Box Testing

Answer 266

A

c) Fuzzing

Answer 267

A

a) Does not exist

Answer 268

A

d) Integration

Answer 269

A

b) Denial of Service

Answer 270

A

c) Exception handling

Answer 271

A

d) Integration

Answer 272

A

c) Business Continuity

Answer 273

A

a) Coding bugs

Answer 274

A

b) Smishing

…and never heard of it

Answer 275

A

a) Chroot jail

…again, never heard of it

Answer 276

A

d) Application injection flaws

Answer 277

A

b) Easily guessable IDs

Answer 278

A

d) Machine, Assembly, High Level, Natural

Answer 279

A

a) TEMPEST

Answer 280

A

b) Input validation

Answer 281

A

d) Obfuscation

Answer 282

A

c) Machine

Answer 283

A

a) Logic Bomb

Answer 284

A

d) System function exploits

Answer 285

A

b) Forced browsing

Forced browsing is an umbrella answer in that it consists of Predictable Resource Location, File Enumeration, Directory Enumeration, and Resource Enumeration.

The SPECIFIC question refers to Predictable Resource Location

Answer 286

A

c) High Level

Answer 287

A

d) Temporal

Both TEMPORAL and LOCAL variables are the same but because Temporal is SPECIFIC and Local is not…stupid question

Answer 288

A

d) Extreme Programming

Answer 289

A

c) Client and Server

Answer 290

A

b) Dangling code

Answer 291

A

c) Static Code Analysis

Answer 292

A

a) Applet

Answer 293

A

b) Cryptographic Next Generation (CNG)

Answer 294

A

d) Spear Phishing

Answer 295

A

a) Input Validation

Answer 296

A

c) Bounds Checking

Answer 297

A

b) Complete mediation

Answer 298

A

b) Reflected Cross-Site Scripting (XSS)

Answer 299

A

c) Upper Computer-Aided Software Engineering (CASE)

Note the ONLY difference between Upper and Lower is that of ANALYSIS versus DEVELOPMENT.

Answer 300

A

c) Objects and Classes

Answer 301

A

d) Unpredictable code memory locations

Answer 302

A

a) Impersonation

Answer 303

A

c) Operating System command injection

Answer 304

A

b) Spatial Locality

Answer 305

A

a) Injection attacks

Answer 306

A

a) Cryptography

Answer 307

A

b) TEMPEST

Answer 308

A

d) Back Door

Answer 309

A

b) Obfuscation

Answer 310

A

a) Machine code

Answer 311

A

b) All functions and variables are copied into the executable image

Answer 312

A

d) Dangling pointer

Answer 313

A

a) Cyclomatic Complexity

Answer 314

A

b) Parameterized queries

Answer 315

A

d) Type safety

Answer 316

A

c) Sensitive information disclosure

Answer 317

A

c) Code signing

Answer 318

A

a) Survivability

Answer 319

A

a) Defense in Depth

Answer 320

A

d) Attack Surface Evaluation

Answer 321

A

c) Configuration and performance

Answer 322

A

b) Authorized data disclosure

Answer 323

A

d) Mutual Exclusion

A race condition violates these properties, which are closely related:

Exclusivity - the code sequence is given exclusive access to the shared resource
Atomicity - the code sequence is behaviorally atomic

Answer 324

A

b) Salting

Answer 325

A

a) Inference

Answer 326

A

b) Memory Management

Answer 327

A

d) n(n-1)/2

Answer 328

A

c) Scalability

Answer 329

A

c) Strive for Simplicity

Answer 330

A

B. the corporate brand and reputation

When security is incorporated in to the software development life cycle, confidentiality, integrity and availability can be assured and external hacker and insider threat attempts thwarted. Developers will generate more hack-resilient software with fewer vulnerabilities, but protection of the organization’s reputation and corporate brand is the primary reason for software assurance.

Answer 331

A

B. Integrity

When the software program operates as it is expected to, it is said to be reliable or internally consistent. Reliability is an indicator of the integrity of software. Hack resilient software are reliable (functioning as expected), resilient (able to withstand attacks) and recoverable (capable of being restored to normal operations when breached or upon error).

Answer 332

A

A. software issues can cause downtime to the business.

One of the tenets of software assurance is ‘availability’. Software issues can cause software unavailability and downtime to the business. This is often observed as a denial of service (DoS) attack.

Answer 333

A

C. Availability

Confidentiality controls assures protection against unauthorized disclosure.
Integrity controls assures protection unauthorized modificatons or alterations.
Availability controls assures protection against downtime/denial of service and destruction of information.
Authentication is the mechanism to validate the claims/credentials of an entity.
Authorization has to do with rights and privileges that a subject has upon requested objects.

Answer 334

A

A. Ownership based authentication

Authentication can be achieved in one or more of the following ways. Using something one knows (knowledge based), something one has (ownership based ) and something one is (characteristic based). Using a token device is ownership based authentication. When more than one way is used for authentication purposes, it is referred to as multifactor authentication and is recommended over single factor authentication.

Answer 335

A

B. Defense in depth

Having more than one way of authentication provides for a layered defense which is the premise of the defense in depth security design principle.

Answer 336

A

D. preventing a user from performing some unauthorized operations.

Audit log information can be a detective control (providing evidentiary information), a deterrent control when the users know that they are being audited but it cannot prevent any unauthorized actions. When the software logs user actions, it also provides non-repudiation capabilities because the user cannot deny their actions.

Answer 337

A

A. Clipping level

The predetermined number of acceptable user errors before recording the error as a potential security incident is referred to as clipping level. For example is the number of allowed failed login attempts before the account is locked out is 3, then the clipping level for authentication attempts is 3.

Answer 338

A

C. Fail secure

Fail secure principle prescribes that access decisions must be based on permission rather than exclusion. This means that the default situation is a lack of access, and the protection scheme identifies conditions under which access is permitted. The alternative, in which mechanisms attempt to identify condition under which access should be refused, presents the wrong psychological base for secure system design. As design or implementation mistake in the mechanism that gives explicit permission tends to fail by refusing permission, a safe situation, since it will be quickly detected. On the other hand, a design or implementation mistake in a mechanism that explicitly excludes access tends to fail by allow access, a failure which may go unnoticed in normal use. This principle applies to both the outward appearance of the protection mechanism and to its underlying implementation.

Answer 339

A

C. Transference

When an “As-Is” disclaimer clause is used, the risk is transferred from the publisher of the software to the user of the software.

Answer 340

A

B. Policy

Policies are high level documents that communicate the mandatory goals and objectives of company management. Standards are also mandatory but are not quite as high level as policy. Guidelines provide recommendations of how to implement a standard. Procedures are usually step by step instruction of how to perform an operation. A baseline is one that has the minimum levels of control or configuration that needs to be implemented.

Answer 341

A

B. evaluate security engineering practices and organizational management processes.

The evaluation of security engineering practices and organizational management processes are provided as guidelines and prescribed in the Systems Security Engineering Capability Maturity Model (SSE-CMM). The SSE-CMM is an internationally recognized standard that is published as ISO 21827.

Answer 342

A

B. Sherwood Applied Business Security Architecture (SABSA)

SABSA is a proven framework and methodology for Enterprise Security Architecture and Service Management. SABSA ensures that the needs of your enterprise are met completely and that security services are designed, delivered and supported as an integral part of your business and IT management infrastructure.

Answer 343

A

B. Intellectual Property protection

All of the other answers are considerations for the software acquirer (purchaser)

Answer 344

A

C. Asset Value x Exposure Factor

Single Loss Expectancy is the expected loss of a single disaster. It is computed as the product of asset value and the exposure factor. SLE = Asset Value x Exposure Factor.

Answer 345

A

C. Mitigation

The implementation of IPSec at the network layer helps to mitigate threats to the confidentiality of transmitted data.

Answer 346

A

D. FIPS 201

Personal Identity Verification (PIV) of Federal Employees and Contractors is published as FIPS 201 and it prescribes some guidelines for biometric authentication.

Answer 347

A

D. PCI DSS

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

Answer 348

A

C. Advanced Encryption Standard (FIPS 197)

The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher than can encrypt (encipher) and decrypt (decipher) information. Encryption coverts data to an unintelligible form called ciphertext; decrypting the ciphertext converts the data back into its original form, called plaintest. The AES algorithm is capable of using cryptographic keys of 128, 192, 256 bits to encrypt and decrypt data in blocks of 128 bits.

Answer 349

A

C. Open Web Application Security Project (OWASP)

The Open Web Application Security Project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.

Answer 350

A

C. Anonymization

Anonymization is the process of removing private information from the data. Anonymization techniques such as replacement, suppression, generalization and perturbation are useful to assure data privacy. It is important that you are familiar with these techniques. Sanitation has to do with inputs and outputs as a defensive control and includes techniques such as escaping and encoding. Degaussing and Formatting are information and media sanitization techniques and they are not selective of what they remove/dispose.

Answer 351

A

B. Goals and objectives of the organization.

When determining software security requirements, it is imperative to address the goals and objectives of the organization. Management’s goals and objectives need to be incorporated into the organizational security policies. While external auditor, internal quality requirements and technology are factors that need consideration, compliance with organizational policies must be the foremost consideration.

Answer 352

A

A. Directory information

Information that is public is also known as directory information. The name ‘directory’ information comes from the fact that such information can be found in a public directory like a phone book, etc. When information is classified as public information, confidentiality assurance protection mechanisms are not necessary.

Answer 353

A

C. availability requirements

Destruction is the threat against availability as disclosure is the threat against confidentiality and alternation being the threat against integrity.

Answer 354

A

D. Recovery Time Objective (RTO)

Maximum Tolerable Downtime (MTD) is the maximum length of time a business process can be interrupted or unavailable without causing the business itself to fail. Recover Time Objective (RTO) is the time period in which the organization should have the interrupted process running again, at or near the same capacity and conditions as before the disaster/downtime. MTD and RTO are part of availability requirements. It is advisable to set the RTO to be lesser than the MTD.

Answer 355

A

A. biometric authentication

Forms authentication has to do with usernames and passwords that are input into a for (like a web page/form). Basic authentication transmits credential s in a Base64 encoded form while digest authentication provides the credentials as a hash value (also known as a message digest). Token based authentication uses credentials in the form of specialized tokens which is often used with a token device. Biometric authentication uses physical characteristics to provide the credential information.

Answer 356

A

B. Authentication

When two factors are used to validate an entity’s claim and/or credentials, it is referred to as two-factor authentication and when more than two factors are used for authentication purposes, it is referred to as multi-factor authentication. It is important to determine first, if there exists a need for two- or multi-factor authentication.

Answer 357

A

B. Discretionary Access Control (DAC)

Discretionary access control (DAC) is defined as “a means of restricting access to objects based on the identity of subjects and/or groups to which they belong.” The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject. DAC restricts access to objects based on the identity of the subject and is distinctly characterized by the owner of the resource deciding who has access and their level of privileges or rights.

Answer 358

A

C. accountability requirements

Accountability requirements are those that assist in building a historical record of user actions. Audit trails can help detect when an unauthorized user makes a change or an authorized user makes an unauthorized change, both of which are cases of integrity violations. Auditing requirements not only help with forensic investigations as a detective control but can also be used for troubleshooting errors and exceptions, if the actions of the software are tracked appropriately. When auditing is combined with identification, it provides for accountability.

Answer 359

A

A. Improper session management

Easily guessable and non-random session identifiers can be hijacked and replayed if not managed appropriately and this can lead to MITM attacks.

Answer 360

A

B. policy decomposition

The process of eliciting concrete software security requirements from high level regulatory and organizational directives and mandates is referred to as policy decomposition. When the policy decomposition process completes, all the gleaned requirements must be measurable components.

Answer 361

A

A. engage the customer

IT is there for the business and not the other way around. The first step when determining protection needs is to engage the customer followed by modeling the information and identifying least privilege scenarios. Once an application profile is developed, then we can undertake threat modeling and analysis to determine the risk levels which can be communicated to the business to prioritize the risk.

Answer 362

A

D. identifying privileged code sections

Identifying privileged code sections is part of threat modeling and not part of a RTM

Answer 363

A

D. Input validation

Parity bit checking is primarily used for error detection but it can be used for assuring the integrity of transferred files and messages.

Answer 364

A

B. Use case modeling

A use case models the intended behavior of the software or system. In other words, the use case describes behavior the system owner intended. This behavior describes the sequence of actions and events that are to be taken to address a business need. Use case modeling and diagramming is very useful for specifying requirements. It can be effective in reducing ambiguous and incompletely articulated business requirements by explicitly specifying exactly when and under what conditions certain behavior occurs. Use case modeling is meant to model only the most significant system behavior and not all of it and so should not be considered a substitute for requirements specification documentation.

Answer 365

A

A. Race conditions

Misuse cases, also known as abuse cases help identify security requirements by modeling negative scenarios. A negative scenario is an unintended behavior of the system, one that the system owner does not want to occur within the context of the use case. Misuse cases provide insight into the threats that can occur against the system or software. It provides the hostile users point of view and is an inverse of the use case. Misuse case modeling is similar to the use case modeling, except that in misuse case modeling, misactors and unintended scenarios or behavior are modeled. Misuse cases may be intentional or accidental. One of the most distinctive traits of misuse cases is that they can be used to elicit security requirements unlike other requirements determination methods that focus on end-user functional requirements.

Answer 366

A

B. Information Lifecycle Management

Data classification is the conscious effort to assign a level of sensitivity to data assets, based on potential impact upon disclosure, alteration or destruction. The results of the classification exercise can then be used to categorize the data elements into appropriate buckets. Data classification is part of information lifecycle management.

Answer 367

A

B. Environment

When determining requirements it is important to elicit requirements that are tied to the environment in which the data will be marshaled or processed. Viewstate corruption issues in web farm settings where all the servers were not configured identically or lack of card holder data encryption in public networks have been observed when the environmental requirements were not identified or taken into account.

Answer 368

A

A. Service Level Agreements (SLA)

SLAs should contain the levels of service expected fro the software to provide and this becomes crucial when the software is not developed in-house.

Answer 369

A

B. Resiliency

Software is said to be reliable when it is functioning as expected to. Resiliency is the measure of the software’s ability to withstand an attack. When the software is breach, its ability to restore itself back to normal operations is known as the recoverability of the software. Redundancy has to do with high availability.

Answer 370

A

A. Availability

Improper coding constructs such as infinite loops and improper memory management can lead to denial of service and resource exhaustion issues, which impacted availability.

Answer 371

A

C. Service Level Agreements (SLA)

SLAs should contain the levels of service expected for the software to provide and this becomes crucial when the software is not developed in house.

Answer 372

A

C. confidentiality requirements

Destruction is the threat against availability as disclosure is the threat against confidentiality and alteration being the threat against integrity.

Answer 373

A

B. Integrity

Destruction is the threat against availability as disclosure is the threat against confidentiality and alteration being the threat against integrity.

Answer 374

A

B. Steganography

Encryption and Hashing are overt mechanisms to assure confidentiality. Masking is an obfuscating mechanism to assure confidential. Steganography which is hiding information within other media is a cover mechanisms to assure confidentiality. Steganography is more commonly referred to as invisible ink writing and is the art of camouflaging or hidden writing, where the information is hidden and the existence of the message itself is concealed. Steganography is primarily useful for covert communications and is useful and prevalent in military espionage communications.

Answer 375

A

D. Watermarking

Digital watermarking is the process of embedding information into a digital signal. These signals can be audio, video, or pictures.

Answer 376

A

B. Integrity

Parity bit checking is useful in the detection of errors or changes made to data when it is transmitted. A common usage of parity bit checking is to do a Cyclic Redundancy Check (CRC) for data integrity as well, especially for messages longer than one bye (8bits) long. Upon data transmission, each block of data is given a computed CRC value, commonly referred to as a checksum. If there is an alteration between the origin of data and its destination, the checksum sent at the origin will not match with the one that is computed at the destination. Corrupted media (CDs, DVDs) and incomplete downloads of software yield CRC errors.

Answer 377

A

D. Identifying privileged code sections.

Identifying privileged code sections is part of threat modeling and not part of a RTM.

Answer 378

A

B. Design

Although it is imperative to visit the threat model during the development, testing and deployment phase of the software development lifecycle (SDLC), the threat modeling exercise should commence in the design phase of the SDLC.

Answer 379

A

C. Public Key Infrastructure (PKI)

PKI makes it possible to securely exchange data by hiding or keeping secret a private key on one system while distributing the public key to the other systems participating in the exchange.

Answer 380

A

D. Non-repudiation

Nonrepudiation and proof of origin (authenticity) is provided by the certificate authority (CA) attaching its digital signature, encrypted with the private key of the sender, to the communication that is to be authenticated, and this attests the authenticity of both the document and the sender.

Answer 381

A

C. hashing

An important use for hashes is storing passwords. The actual password should never be stored in the database. Using hashing functions, you can store the hash value of the user password and use that value to authenticate the user. Because hashes are one-way (not reversible), they offer a heightened level of confidentiality assurance.

Answer 382

A

D. separation of duties

Separation of duties or sometimes it is referred to as separation of privilege is the principle that it is better to assign tasks to several specific individuals so that no one user has total control over the task themselves. It is closely related to the principle of least privilege which is the ideas that minimum amount of privilege is granted for the minimum (shortest) amount of tie to individuals with a need to know.

Answer 383

A

B. simplify user authentication.

The design principle of economy of mechanism states that one must keep the design as simple and small as possible. This well known principle deserves emphasis for protection mechanisms because design and implementation errors that result in unwanted access paths will not be noticed during normal use. As a result, techniques such as line-by-line inspection of software that implements protection mechanisms are necessary. For such techniques to be successful, a small and simple design is essential. SSO support this principle by simplifying the authentication process.

Answer 384

A

C. Auditing

All stored procedures could be updated to incorporate auditing logic; however a better solution is to use database triggers. You can use triggers to monitor actions performed on the database tables and automatically log auditing information.

Answer 385

A

D. entry points

During threat modeling, the application is dissected into its functional components. The development team analyzes the components at every entry point and traces data flow through all functionality to identify security weaknesses.

Answer 386

A

A. Spoofing

Although it may seem that a MITM attack is an expression of the threat of repudiation, and it very well could be, it is PRIMARILY a spoofing threat. In a spoofing attack, an attacker impersonates a different person and pretends to be a legitimate user of the system. Spoofing attack is mitigated through authentication so that adversaries cannot be come any other user or assume the attributes of another user. When undertaking a threat modeling exercise, it is important to list all possible threats, regardless of whether they have been mitigated so that you can later generate test cases where necessary. If the threat is not documented, there is a high likelihood that the software will not be tested for those threats. Using a categorized list of threats (such as STRIDE which is Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege) is useful to list all possible threats.

Answer 387

A

B. Network

Although software security has specific implications on layer 7, the application of the OSI stack, the security at the other levels of the OSI stack is also important and should be leveraged to provide defense in depth. The seven layers of the OSI stack are Physical (layer 1), Data Link (layer 2), Network (layer 3), Transport (layer 4), Session (layer 5), Presentation (layer 6), and Application (layer 7). SSL and IPSec can be used to assure confidentiality for data in motion. SSL operates at the Transport Layer (layer 4) and IPSec operate at the Network Layer (layer3).

Answer 388

A

A. interoperability.

A distinctive characteristic of SOA is that the business logic is abstracted into discoverable and reusable contract based interfaces to promote interoperability between heterogeneous computing ecosystem.

Answer 389

A

D. Physical

Side channel attacks use unconventional means to compromise the security of the system and in most cases require physical access to the device or system. Therefore, to mitigate side channel attacks, physical protection can be used.

Answer 390

A

C. Rich Internet Application (RIA)

RIAs require Internet Protocol (IP) connectivity to the backend server. Browser sandboxing is recommended since the client is also susceptible to attack now, but it is not a requirement. The workload is shared between the client and the server and the user experience and control is increased in RIA architecture.

Answer 391

A

B. Identification

Trusted Platform Module (TPM) is the name assigned to a chip that can store cryptographic keys, passwords, or certificates. It can be sued to protect mobile devices besdies personal computers. It is also used to provice identity information for authentication purposes in mobile computing. It also assures secure startup and integrity. The TPM can be used to generate values used with whole disk encryption such as the Windows Vista’s BitLocker.

Answer 392

A

B. Inference

An inference attack is one in which the attacker combines information that is available in the database with a suitable analysis to glean information that is presumably hidden or not as evident. This means that individual data elements when viewed collectively can reveal confidential information. It is therefore, possible to have public elements in a database reveal private information by inference. The first thing to ensure is that the database administrator does not have direct access to the data in the database and that the administrator’s access of the database is mediated by a program the application) and audited. In situations, where direct database access is necessary, it is important to ensure that the database design is not susceptible to inference attacks. Inference attacks can be mitigated by polyinstantiation.

Answer 393

A

C. views

Views provide a number of benefits with regard to security. They abstract the source of the data being presnted, keeping the internal structure of the source of the database hdden from the user. Furthermore, views can be created on a subset of columns in a table. This capability can allow users granular access to specific data elements. Views can also be used to limit access to specific rows of data as well.

Answer 394

A

B. security management interfaces

Security management Interfaces (SMI) are administrative interfaces for your application which have the highest level of privileges on the system and can do tasks such as:
Users provisioning – adding/deleting/enabling user accounts
Granting rights to different user roles.
System restart
Changing system security settings
Accessing audit trails, user credentials, exception logs
Although SMIs are often not explicitly stated in the requirements, and subsequently not threat modeled, strong controls such as least privilege and access controls must be designed and built in when developing SMI because the compromise of a SMI can be devasting, ranging from complete compromise, installing backdoors, to disclosure, alteration and destruction (DAD) attacks on audit logs, user credentials, exception logs, etc. SMI need not be deployed always with the default accounts that is set by the software publisher, although it is often observed to be.

Answer 395

A

B. Security Assert Markup Language (SAML)

Federation technology is usually built on a centralized identity management architecture leveraging industry standard identity standard identity management protocols such as SAML, WS Federation (WS-*) or Liberty Alliance. Of the three major protocols familier associated with federation, SAML seems to be recognized as the de facto standard for enterprise to enterprise federation. SAML works in cross domain settings while Kerberos tokens are useful only within a single domain.

Answer 396

A

B. transport layer security

The syslog network protocol has become a de facto standard for logging program and server information over the Internet. Many routers, switches and remote access devices will transmit system messages, and there are syslog servers available for Windows and UNIX operating systems. TLS protection mechanisms such as SSL wrappers are needed to protect syslog data in transmit as they are transmitted in the clear. SSL wrappers like stunnel provide transparent SSL functionality.

Answer 397

A

D. Digital Rights Management (DRM)

Digital Rights Management (DRM) solutions give copyright owners control over access and sue of the copyright protected material. When users want to access or sue digital copyrighted material, they can do so on the terms of the copyright owner.

Answer 398

A

D. Rootkit

Rootkits are known to compromise the operating system ring protection mechanisms and masquerade as a legitimate operating system taking siege of it.

Answer 399

A

D. Loose Coupling

Since REST is a client/server model in which the requests and responses are built around transition state of resources, it promotes loose coupling between the client and server.

Answer 400

A

C. Bytecode Verifier

Bytecode verifier is the most important component of the JVM from a type consistency viewpoint. The Bytecode Verifier checks to see if the .class files are in the Class file format and double checks to ensure that there aer no malicious instructions in the code that would compromise the rules of type safety in Java.

Answer 401

A

D. Unauthorized access

Although the nefarious use of APIs, shared technologies issues that can be abused and unauthorized access of data and software hosted in the cloud, the primary security concern is related to data disclosure, which includes leakage and/or loss.

Answer 402

A

B. Ransomware

Ransomware that locks screens on mobile devices is on the rise and predominantly observed in mobile apps that don’t implement sufficient protection controls.

Answer 403

A

A. they were not initially implemented with security in mind

Most SCADA systems were not originally designed with security in mind. Basic protection mechanisms like authentication and authorization to these systems is weak, if at all present.

Answer 404

A

C. solve business problems

IT and software development teams function to provide solutions to the business Manual and inefficient business processes can be automated and made efficient using software programs.

Answer 405

A

C. linking

Linking is the process of combining the necessary functions, variables, dependent files and libraries required for the machine to run the program. The output that results from the linking process is the executable program or machine code/file the machine can understand and process. In short, linked object code is the executable. Link editors that combine object codes are known as linkers. Upon completion of the compilation process, the compiler invokes the linker to perform its function. There are two types of linking: static linking and dynamic linking.

Answer 406

A

B. type safety

Code is said to be type safe if it only accesses memory resources that do not belong to the memory assigned to it. Type safety verification takes place during the Just In Time (JIT) compilation phase and prevents unsafe code from becoming active. Although you can disable type safety verification, it can lead to unpredictable results. The best example is that code can make unrestricted calls to unmanaged code, and if that code has malicious intent, the results can be severe. Therefore, the framework only allows fully trusted assemblies to bypass verification. Type safety is a form of “sandboxing”. Type safety must be one of the most important considerations in regards to security when selecting a programming language.

Answer 407

A

D. low level language

A programming language in which there is little to no abstraction from the native instruction codes that the computer can understand is also referred to as low-level language. There is no abstraction from native instruction codes in machine language. Assembly languages are the lowest level in the software chain, which makes it incredibly suitable for reversing. It is therefore important to have an understanding of low-level programming languages to understand how an attacker will attempt to circumvent the security of the application at its lowest level

Answer 408

A

D. Man-in-the-Middle (MITM)

As a defense against a Main-in-the-middle (MITM) attack, authentication and session management needs to be in place. Multifactor authentication provides greater defense than single actor authentication and is recommended. Session identifiers that are generated should be unpredictable, random and non-guessable.

Answer 409

A

B. session management

Internet application means that the ability to manage identities as would be possible in an intranet application is not easy or in some cases infeasible. Internet applications also use stateless protocols such as HTTP or HTTPS and this requires the management of user sessions.

Answer 410

A

C. Cross-Site Request Forgery (CSRF)

In addition to assuring that the requestor is a human, CAPTCHA’s are useful mitigating CSRF attacks. Since CFR is dependent on a pre-authenticated token to be in place, using CAPTCHA as the anti-CSRF token is an effective way of dealing with the inherent XSS problems regarding anti-SCRF tokens a long as the CAPTHA image itself is not guessable, predictabl or reserved to the attacker.

Answer 411

A

D. advanced encryption standard (AES)

Advanced encryption standard (FIPS197) is published as the Rijndael cipher Software should be designed in such a way that you should be able to replace one cryptographic algorithm with a stronger one, when needed without much rework and recoding. This is referred to as cryptographic agility

Answer 412

A

C. secure sockets layer (SSL)

SSL provides disclosure protection, and protection against session hijacking and replay at the transport layer (layer 4) while IPSec provides confidentiality and integrity assurance operating in the network layer (layer 3). DRM provides some degree of disclosure (primarily IP) protection and operates in the presentation layer (layer 6), and data loss prevention (DLP) technologies prevent the inadvertent disclosure of data to unauthorized individuals, predominantly who are external to the organization.

Answer 413

A

D. information disclosure

Information disclosure is primarily a design issue and therefore is a language independent problem, although with accidental leakage, many newer high level languages can worsen the problem by providing verbose error messages that might be helpful to attack in their information gathering (reconnaissance) efforts. It must be recognized that there is a tricky balance between providing the user with the helpful information about errors and preventing attackers from learning about the internal details and architecture of the software. From a security standpoint, it is advisable to not disclose verbose error messages and still provide the users with a helpline to get additional support.

Answer 414

A

D. authentication of users

Code signing can provide all of the following. Anti-tampering protection assuring integrity of code, Authenticity (not authentication) of code origin and runtime permissions for the code to access system resources. The primary benefit of code signing is that it provides users with the identity of the software’s creator, which is particularly important for mobile code i.e., that is downloaded from a remote location over the internet.

Answer 415

A

D. timing

Poorly designed and implement systems are expected to be insecure, but most well designed and implemented systems also have subtle gaps between their abstract models and their physical realization due to the existence of side channels. A side channel is a potential source of information flow from a physical system to an adversary, beyond what is available via the conventional (abstract) model. These range from subtle observation of timing, electromagnetic radiations, power usage, analog signals, acoustic emanations, etc. the use of non-conventional and specialized techniques long with physical access to the target system to discover information is characteristic of side channel attacks. The analysis of delayed error messages between successful and unsuccessful query is a form of timing side channel attack.

Answer 416

A

B. type safe code

Code is said to be type safe if it only accesses memory resources that do not belong to the memory assigned to it. Type safety verification takes place during the Just In time (JIT) compilation phase and prevents unsafe code from becoming active although you can disable type safety verification, it can lead to unpredictable results. The best example is that code has malicious intent the results can be severe. Therefore, the framework only allows fully trusted assemblies to bypass verification. Type safety is a form of ‘sandboxing’. Type safety must be one of the most important considerations in regards to security when selecting a programming language and phasing out older generation programming languages.

Answer 417

A

B. declarative syntax security

Declarative syntax address the ‘what’ part of an action whereas imperative syntax tries to deal with the ‘how’ part when security requests are made in the form of attributes (in the metadata of the code), it is referred to as declarative security. It does not precisely define the steps as to how the security will be realized. When security requests are made through programing logic within a function or method body, it is referred to as imperative security. Declarative security is an ‘all or nothin’ kind of implementation while imperative security offers greater levels of granularity and control, because the security requests runs as line of code intermixed with the application code.

Answer 418

A

D. imperative security

When security requests are made in the form of attributes, it is referred to as declarative security. It does not precisely define the steps as to how the security will be realized. Declarative syntax actions can be evaluated without running the code because attributes are stored as part of an assembly’s metadata while the imperative security actions are stored as Intermediary Language (IL). This means that imperative security actions can be evaluated only when the code is running. Declarative security actions are checks before a method is invoked and are placed at the class level being applicable to all methods in that class, unlike imperative security. Declarative security is an ‘all or nothing’ kind of implementation, while imperative security offers greater levels of granularity and control, because the security requests runs as lines of code intermixed with the application code.

Answer 419

A

C. locality of reference

Computer processors tend to access memory in a very patterned way. For example, in the absence of branching, if memory location X is accessed at time t, there is a high probability that memory location X+1 will also be accessed in the near future. This kind of clustering of memory references into groups is referred to as locality of reference the basic forms of locality of reference are temporal (based on time), spatial (based on address space), branch conditional and equidistant(somewhere between spatial and branch using simple linear functions that look for equidistant locations of memory to predict which location will be accessed in the near future). While this is good from a performance vantage point, it can lead to an attacker predicting memory address spaces and causing memory corruption and buffer overflow.

Answer 420

A

A. are references to memory locations of destroyed objects.

A dangling pointer, also known as a stray pointer, occurs when a pointer points to an invalid memory address. This is often observed when memory management is left to the developer. Dangling pointers are usually created in one of two ways: an object is destroyed (freed) but the reference to the object is not reassigned and is late used or a local object is popped from the stack when the function returns but a reference to the stack allocated object is still maintained. Attackers write exploit code to take control of dangling pointers so that they can move the pointer to where their arbitrary shell code is injected.

Answer 421

A

C. address space layout randomization (ASLR)

In the past, the memory manager would try to load binaries at the same location in the linear address space each time the program was urn. This behavior made it easier for shell coders by ensuring that certain modules of code wuld always reside at a fixed address and could b referenced in exploit code using raw numeric literals. The address space layout randomization (ASLR) is a feature in newer operating systems (introduced in Windows Vista) which deals with this predictable and direct referencing issue. ASLR make the binary load in random address space each time the program is run.

Answer 422

A

B. obfuscated code

Reverse engineering is used to infer how a progam works by inspecting it. Code obfuscation which makes the readability of code extremely difficult and confusing, can be used to deter reverse (not prevent) engineering attacks. Obfuscating code is not detective or corrective in its implementation.

Answer 423

A

A. version control

The ability to track ownership, changes in code and rollback abilities is possible because of versioning which is a configuration management process. Release management of software should include proper source code control and management of software should include proper source code control and versioning. A phenomenon known as ‘regenerative bugs’ is often observed when it comes to improper release management processes. Regenerative bugs are fixed software detects that reappear in subsequent releases of the software. This happens when the software coding defect (bug) is detected in the testing environment (such as user acceptance testing) and the fix is made in that test environment and promoted to production without retrofitting it into the development environment. The latest version in the developmnet environment does not have the fix and the issue reappears in subsequent versions of the software.

Answer 424

A

D. errors and vulnerabilities can be detected earlier in the life cycle.

The one thing that is common in all software is source code and this source code needs to be reviewed from a security perspective to ensure that security vulnerabilities are detected and addressed before the software is released into the production environment or to customers code review is the process of systematically analyzing the code for insecure and inefficient coding issues in addition to static analysis, which reviews code before it goes live, there are also dynamic analysis tools which conduct automated scans of applications in production to unearth vulnerabilities in other words, dynamic tools test from the outside in, which static tools test from the inside out. Just because the code compiles without any errors, it does not necessarily mean that is will run without errors at runtime. Dynamic tests are useful to get a quick assessment of the security of th4e applications. It comes in handy when source code is not available for review as well.

Answer 425

A

D. masking of data when it is displayed.

Masking does not use any overt cryptography operations such as encryption, decryption, or hashing or covert operations such as data hiding as in the case of steganography to provide disclosure protection.

Answer 426

A

B. tokenization

Tokenization is the process of replacing sensitive data with unique identification symbols that still retain the needed information about the data, without compromising its security.

Answer 427

A

A. sandboxing

Sandboxing is an example of the principle of least privilege running code in a sandbox (or jail) restricts the access that the code has on other system resources.

Answer 428

A

B. recoverability

When the software performs as it is expected to, it is aid to be reliable. When errors occur, the reliability of software is impacted and the software needs to be able to restore itself to expected operations the ability of the software to be restored to normal expected operations is referred to as recoverability. The ability of the software to withstand attacks against its reliability sis referred to as resiliency. Redundancy is about availability and reconnaissance is related to information gathering as in fingerprinting/footprinting.

Answer 429

A

B. agile

Unit testing enables collective code ownership. Collective code ownership encourages everyone to contribute new ideas to all segments of the project. Any developer can change any line of code to add functionality fix bugs or re-factor. No one person becomes a bottleneck for changes. The way this works is for each developer that work in concert (usually more in agile methodologies than the traditional model) create unit tests for his/her code as it is developed. All code that is released into the source code repository includes unit tests code that is added bugs as they are fixed and old functionality as it is changed will be covered by automated testing.

Answer 430

A

C. leveraging existing components

Test harnesses promote the principle of leveraging existing components as it can be reused by multiple projects, once it is set up.

Answer 431

A

A. logic

IF-THEN rules are constructs of logic and when thes constructs are used for software testing it is generally referred to as logic testing.

Answer 432

A

A. stress

Tests that assure that the service level requirements are met is characteristic of performance testing. Load and stress testing are types of performance tests while stress testing is testing by starving the software load testing is done by subjecting the software to extreme volumes or load.

Answer 433

A

B. stress

The goal of stress testing is to determine if the software will continue to operate reliably under duress or extreme conditions often the resources that the software needs is taken away from the software and the software’s behavior observed as part of the stress test.

Answer 434

A

A. source code analyzers

White box testing or structural analysis is about testing the software with prior knowledge of the code and configuration. Source code review is a type of white box testing. Embedded code issues such as Trojan horses, logic bombs etc. that are implanted by insiders can be detected using source code analyzers.

Answer 435

A

B. black box

In black box or behavioral testing, test conditions are developed on the basis of the program’s or system’s functionality; that is the tester requires information about the input data and observed output, but does not know how the program or system works The tester focuses on testing the program’s behavior (or functionality) against the specification. With black box testing the tester views the program as a black box an is completely unconcerned with the internal structure of the program or system. White box testing is also referred to as clear box or glass box testing. Gray box testing is a software testing technique that uses a combination of black box and white box testing

Answer 436

A

A. rules of engagement.

Penetration testing must be controlled and not ad hoc in nature with properly defined rules of engagement.

Answer 437

A

C. non-repudiation

When session management is in place it provides for authentication and when authentication is combined with auditing capabilities it provides nonrepudiation i.e., the authenticated user cannot claim broken sessions and intercepted authentication and deny their user actions due to the audit logs recording their actions

Answer 438

A

B. lack of reverse engineering protection

Disassemblers, debuggers and decompilers are utilities that can be used for reverse engineering software and software tester should have these utilities in their list of tools to validate protection against reversing.

Answer 439

A

C. expected results

Knowledge of the expected results along with the defect information can be sued to determine the variance between what the result need to be and what is deficient.

Answer 440

A

B. cloaking

Detection of web server versions is usually done by analyzing HTTP responses. This process is known as banner grabbing. But administrator can change the information that gets reported and this process is known as cloaking. Banner cloaking is a security through obscurity approach to protect against version enumeration.

Answer 441

A

B. variations of data structures that are known

The process of sending random data to test security of an application is referred to as ‘fuzzing’ or ‘fuzz testing’. There are two levels of fuzzing: dumb fuzzing and smart fuzzing. Sending truly random data, known as dumb fuzzing, often doesn’t yield great results and has the potential of bringing the software down, causing a Denial of Service (DoS). If the code being fuzzed required data to be in a certain format but the fuzzer does not create data in that format, most of the fuzzed data will be rejected by the application. The more knowledge the fuzzer has of the data format, the more intelligent it can be at creating data. These more intelligent fuzzers are known as smart fuzzers.

Answer 442

A

C. confidentiality integrity and availability are not adversely impacted.

As part of security testing, the principle of failsafe must be assured. This means confidentiality, integrity and availability are not adversely impacted when the software fails. As part of general software testing, the recoverability of the software i.e., restoration of the software to normal operation functionality is an important consideration, but it need not always be an automated process.

Answer 443

A

B. stress

Race conditions and resource exhaustion issues are more likely to be identified when the software is starved of the resources that it expects as is done during stress testing.

Answer 444

A

C. the presence and effectiveness of risk mitigation controls.

Security testing must include both external (blackhat) and insider threat analysis and it should be more than just testing for the ability to circumvent access control mechanisms. The resiliency of software is the ability of the software to be able to withstand attacks. The presence and effective of risk mitigate controls increase the resiliency of the software.

Answer 445

A

C. resiliency.

Resiliency of software is defined as the ability of the software to withstand attacker attempts

Answer 446

A

C. unit

In order for unit testing to be thorough, the unit/module and the environment for the execution of the module need to be complete. The necessary environment includes the modules that either call or are called by the unit of code being tested. Stubs and drivers are designed to provide the complete environment for a module so that unit testing can be carried out. A stub procedure is a dummy procedure that has the same input/output (I/O) parameters as the given procedure. A driver module should have the code to call the different functions of the module under test with appropriate parameter values for testing. In layman’s terms, the driver module is akin to the caller and the stub module can be seen as the callee.

Answer 447

A

C. performance

Assurance that the software meets the expectations of the business as defined in the service level agreements (SLA) can be demonstrated by performance testing. One the importance of the performance of an application is know, it is necessary to understand how various factors affect the performance. Security features can have an impact on performance and this must be checked to ensure that service level requirements can be met.

Answer 448

A

B. detect the presence of loopholes and weaknesses in the software.

A vulnerability is a weakness (or loophole) and vulnerability scans are sued to detect the presence of weaknesses in software.

Answer 449

A

B. synthetic

Synthetic transactions refer to transactions that serve no business value. Querying order information of a ‘dummy’ customer is an example of a synthetic transaction. They are not necessarily useless.

Answer 450

A

D. subsetting

The defining of subset criteria to export only certain kinds of information from the production environment to the test environment is also known as subsetting.

Answer 451

A

C. black box testing

Since third party vendor software is often received in object code form, access to source is usually not provided and structural analysis (white box) or source code analysis is not possible. Also looking into the source code or source-code look alike by reverse engineering without explicit permission can have legal ramifications. Additionally, without documentation on the architecture and software makeup, a threat modeling exercise would most likely be incomplete. License validation is primarily used for curtailing piracy and is a component of verification and validation mechanisms. Black security of third party vendor software.

Answer 452

A

B. assess the presence and effectiveness of protection mechanisms.

To maintain the confidentiality, integrity and availability of software and the data it processes, prior to the acceptance of software, vendor claims of security must be assessed not only for their presence but also their effectiveness within your computing ecosystem.

Answer 453

A

A. verification

Verification is defined as the process of evaluating software to determine whether the products of a given development phase satisfies the conditions imposed at the start of the phase. In other words, verification ensures that the software performs as required and designed to. Validation is the process of evaluating software during or at the end of the development process to determine whether it satisfies specified requirements. In other words validation ensures that the software meets required specifications.

Answer 454

A

B. reliability

Verification ensures that the software performs as required and designed to which is a measure of the software’s reliability.

Answer 455

A

C. Common Criteria

The common criteria (ISO 15408) is a security product evaluation methodology with clearly defined ratings, such as Evaluation Assurance Levels (EALs). In addition to assurance validation, the common criteria also validates software functionality for the security target. EALs rating assure the owner of the assurance capability of the software/system and so the common criteria is also referred to as an owner assurance model.

Answer 456

A

D. user acceptance testing

The end users of the business have the final say on whether the software can be deployed or not. User acceptance testing (UAT) is used to determine the readiness of the software for deployment to the production environment or release to an external customer.

Answer 457

A

D. accreditation

While certification is the assessment of the technical and nontechnical security controls of the software, accreditation is a management activity that assures that the software has adequate levels of software assurance protection mechanisms.

Answer 458

A

B. Accept the risk with a documented exception

When there are known vulnerabilities in legacy software and there is not much you can do to mitigate the vulnerabilities, it is recommended that the business accepts the risk with a documented exception to the security policy. When accepting this risk, the exception to policy process must ensure that there is a contingency plan in place to address the risk by either replacing the software with a new version or discontinuing its use (risk avoidance). Transferring the risk may not be a viable option for legacy software that is already in your production environment and one must never ignore the risk or take the vulnerable software out of the scope of an external audit.

Answer 459

A

B. business owner

Risk must always be accepted formally by the business owner.

Answer 460

A

B. incompatible environment configurations.

When the production environment does not mirror the development or test environments, software that works fine in non-production environments are observed to experience issues when it is deployed into the production environment this stresses the need for simulation testing.

Answer 461

A

D. collected manually

A good security metric is expressed quantitatively and is contextually accurate. Irrespective of how many times the metrics is collected, the results are not significantly variant. Good metrics are usually collected in an automated manner so that the collector’s subjectivity does not come into effect.

Answer 462

A

A. hardening

Locking down the software by reducing the attack surface of the software by removing unneeded code and documentation is referred to as software hardening. Before hardening the software, it is crucially important to harden the operating system of the host on which the software program will be run.

Answer 463

A

C. continuous monitoring

Operations security is about staying secure by keeping the resiliency levels of the software above the acceptable risk levels. It is the assurance the software will continue to function as expected in a reliable fashion for the business, without compromising its state of security by monitoring, managing and applying the needed controls to protect resources (assets).

Answer 464

A

D. detective

Audit logging is a type of detective control. When the users are made aware that their activities are logged, audit logging could function as a deterrent control, but it is primarily used for detective purposes. Audit logs can be used to control, but it is primarily used for detective purposes. Audit logs can be sued to build the sequence o historical events and give insight into who (subject such as user/process) did what (action), where (object) and when (timestamp).

Answer 465

A

B. provide an increased level of defense than the original requirement.

PCI DSS prescribes that the compensating control that is used must provide a similar level, not increased level of defense as the original requirement.

Answer 466

A

B. release management

It is extremely important that versioning, backups, check-in and check-out practices are all managed as part of the release management process

Answer 467

A

C. logic bombs

Logic Bombs can be planted by an insider and when the internal network is not monitored, the likelihood of these are much higher.

Answer 468

A

D. auditing

IDS and auditing are both detective types of controls which can be used to continuously monitor the security health of the computing environment.

Answer 469

A

B. research the validity of the alert or event further.

Upon the report of a breach, it is important to go into a triaging phase in which the validity and severity of the alert/event is investigated further. This reduces the number of false positives that are reported to management

Answer 470

A

D. informing the development team that there should be no injection flaws in the payroll application.

Using security metrics over Fear, Uncertainty and Doubt (FUD) is the best recommendation to champion security objectives within the software development organization.

Answer 471

A

B. audits

Periodic audits (both internal and external) can be used to assess the overall state of security health of the organization.

Answer 472

A

B. normalization

To normalize logs means that duplicate and redundant information is removed from the logs after the time is synchronized for each log set and the logs are parsed to deduce patterns that are identified in the correlation phase.

Answer 473

A

D. recovery

The incident response process involves preparation, detection, analysis, containment, eradication and recovery. The goal of incident management is the restore (recover) service to normal business operations.

Answer 474

A

D. identifying and eliminating the root cause of the problem.

The goal of problem management is to identify and eliminate the root cause of the problem. All of the other definitions are related to incident management. The goal of incident management is to restore service while the goal of problem management is to improve service.

Answer 475

A

C. patching

Patching is the process of applying updates and hot fixes. Porting is the process of adapting software so that an executable program can be created for a computing environment that is different from the one for which it was originally designed (e.g. different processor architecture, Operating System or third party software library)

Answer 476

A

D. root cause analysis

Ishikawa diagrams or fish bone diagrams are used to identify the cause and effect of a problem and are used commonly to determine the root cause of the problem.

Answer 477

A

C. backward compatibility.

Regression testing of patches are crucial to ensure that there were no newer side effects and that all previous functionality as expected were still available.

Answer 478

A

A. end-of-life

End-of-Life (EOL) policies are used for disposing code configuration and documents based on organizational and regulatory requirements.

Answer 479

A

D. avoidance

When software with known vulnerabilities is replaced with a secure version, it is an example of avoiding the risk. It is not transference, as the new version may not have the same risks. It is not mitigation since no controls are implemented to address the risk of the old software. It is not acceptance, since the risk of the software is replaced with the risk of the newer version. It is not ignorance, because the risk is not left unhandled.

Answer 480

A

B. dumpster divers

Dumpster divers are threat agents that can steal information from printed media (printer ribbons, facsimiles transmission and printed paper).

Answer 481

A

B. sandbox

Preventing malicious file execution attacks takes some careful planning during the architectural and design phases of the SDLC, through thorough testing. In general, a well-written application will not use user-supplied input or any filename for any server-based resource (such as images, XML and XSL transform documents, or script inclusions), and will have firewall rules in place preventing new outbound connections to the Internet or internally back to any other server. However, many legacy applications continue to have a need to accept user supplied input and files without the adequate levels of validation built in. When this is the case, it is advisable to separate the production environment and upload the files to a sandbox environment before the files can be processed.

Answer 482

A

B. before and after the code is implemented

In order to understand if there is an improvement in the resiliency of the software code, the RASQ (which attempts to quantify the number and kinds of vectors available to an attacker) needs to be computed before and after code development is completed and the code is frozen.

Answer 483

A

D. proper change control management

Proper change control management is useful to provide separation of duties as it can prevent direct access to backend databases by developers.

Answer 484

A

C. incident response plan

An Incident Response Plan (IRP) must be developed and tested for completeness as it is the document that one should refer to and follow in the event of a security breach. The effectiveness of an IRP is dependent on the awareness of users on how to respond to an incident and increased awareness can be achieved by proper education and training.

Answer 485

A

C. incidences of malicious code and logic found in acquired software

Although there is an increase in the offshoring and outsourcing activities, complete cessation of software development activities within a company is not usually the case. Increases in foreign trade agreements have opened up markets, but this is not the primary driver for the increased need for security in the software supply chain. Software developed within a company is likely to be more trusted than ones developed outside the purview of a company’s control. An observable increase of malicious code and logic implanted in software that is acquired has made the need for security in the supply chain no longer optional.

Answer 486

A

A. contracting

After the planning, and before the development phase of the acquisition life cycle is the sourcing of suppliers, evaluating their responses and issuance of a contract award to the winning supplier.

Answer 487

A

C. authorization

The three goals of software supply chain includes conformance, trustworthiness and authenticity.

Answer 488

A

B. insecure code transfer

Counterfeit and pirated software are product threats. Subornation is a people threat. Transferring code without appropriate security controls is indicative of a breakdown in the process and is deemed a process threat.

Answer 489

A

B. location agnostic protection

End-to-end encryption and cryptographic agility are concepts that are tied to cryptography to assure protection against unauthorized disclosure. Locality of reference is a memory management concept. Location agnostic protection, means that the security of the software is not dependent on where (location) it is developed, but instead, it is dependent on the maturity of the software development practices. This Is the one concept that is related to the software supply chain.

Answer 490

A

B. security track record

While all of the option choices need to be evaluated, the supplier’s past performance (track record) can be used to determine if he supplier is capable of providing timely updates and hotfixes.

Answer 491

A

A. Key Performance Indicators (KPI)

RASQ is computed to determine the attackability of software. MTD is a business continuity and disaster recovery concept. RTMs are used to trace deviations from expected functionality. When KPIs are evaluated and managed, they can provide insight into the effectiveness and efficiencies of the supply chain processes as it pertains to assuring trust and software security.

Answer 492

A

D. Assurance Plan

An assurance plan addresses the development and maintenance of an assurance case for software and the assurance case contains the required security requirements and the evidence needed to prove that the supplier meets the assurance needs of the acquirer.

Answer 493

A

A. contracts-based protection is mutual

Unlike disclaimer-based protection, wherein there exists only a one-sided notification of terms, contracts require that both parties engaged in the transaction mutually agree to abide by any terms of the agreement contracts are legally binding.

Answer 494

A

B. copyright

Patents protect an idea while copyrights protect the expression of an idea software programs, database models and images on a website are expressions of an idea trade secrets ensures that the company has a competitive advantage and is not disclosed while trademarks are disclosed to uniquely identify a manufacturer.

Answer 495

A

D. copyrights

Peer-to-peer torrent’s unauthorized sharing of copyrighted information such as a software or music files constitutes copyright violations.

Answer 496

A

B. non-disclosure agreements (NDA)

Non-disclosure agreements assure confidentiality of sensitive information such as software program processing logic, database schema and internal organizational business processes and client lists.

Answer 497

A

C. ransomware

In some situations the source code of COTS may be escrowed and released under a free software or open source license when the original developer (supplier) no longer continues to develop that software or if stipulated fundraising conditions are met this model is referred to as the ransom model of software publishing and the software is known a ransomware.

Answer 498

A

B. denial of service

If the validity period set in software is not properly implemented then legitimate users can be potentially denied service. It is therefore imperative to ensure that the duration and checking mechanism of validity periods is properly implemented.

Answer 499

A

C. validity periods

Software functionality can be restricted using validity period as is often observed in the ‘try-before you-buy’ or ‘demo’ versions of software. It is recommended to have a stripped down version of he software for the demo version and if feasible it is advisable to include the legal team to determine the duration of the validity period (especially in the context of digital signatures and Public Key Infrastructure solutions).

Answer 500

A

A. before delivery (handover)

Prior to the delivery of the software, the supplier must provide the acquirer with all the applicable export compliance requirements.

Answer 501

A

C. the attacker can look into the source code to determine its exploitability.

Some open source software are supported and maintained by very well established companies and communities and they don’t necessarily have to be purchased as components alone and integrated some open source software offer entire enterprise solutions which don’t require a piece-meal approach. Open source software is modifiable and while insight into how the software is architected can be viewed by the acquirer, an attacker also has the advantage of looking into the software and writing tailored exploits against it.

Answer 502

A

D. code review

Threat modeling primarily addresses the design aspects of software and fuzzing and penetration testing usually deals with the software after it deployed, the integrity of the code can be determined using code review.

Answer 503

A

C. logic flaws

Logic flaws or semantic issues are design related and can be detected using threat modeling. Backdoors, logic bombs and Trojan horses are code or syntactic issues are primarily detected using a code review process. When acquirer software from a supplier, it is imperative that a code review process is in place to detect malicious code that arises from the presence of backdoors, logic bomb and Trojan horses implanted in the code.

Answer 504

A

D. open design

Developers should only have access to the version of code necessary to complete their responsibilities for only the time period that they need to complete their operation. In other works, least privilege must be enforced on a need-to-know basis. Source code control systems (or code repositories) can provide such granular levels of access control. Identity management with auditing in place can provide accountability and so any code changes that are made and checked back into the code repositories must be traceable and identifiable to individuals who are making the change this reduces the likelihood of malicious code implanted into the code.

Answer 505

A

B. tampering

If the integrity of the build process is questionable, and the build tools and environment not protected then the confidence of pristine untampered code is not assured and all efforts previously undertaken to protect the assurance of the software can be nullified.

Answer 506

A

B. binary code scanners

Source code and byte code scanners detect the presence of vulnerabilities in source or byte code form of code while binary code scanners have to disassemble the object code form while analyzing, executables for vulnerabilities. Compliance validators primarily use an interview format to detect non-compliance.

Answer 507

A

B. code signing

Code signing is the process of encrypting the hash value of software with the publisher’s (or suppliers) private key. This creates a unique digital signature which can be used to attest the genuineness of the software encryption alone cannot provide such pedigree attestation. Code review and code scanning are primarily detective in nature and are used to detect the presence of vulnerabilities in the software and not proof of origin or authenticity.

Answer 508

A

A. chain of custody

As software code or components move from supplier to supplier in a software supply chain, it is extremely important to make sure that the chain of custody is controlled, until the software reaches the final user or acquirer of the software, so that unauthorized tampering of the software is mitigated.

Answer 509

A

B. transference

Code escrows can be regarded as a form of risk transference by insurance, because it insures the licensee continued business operations, should the licensor be no longer alive (in case of a sole proprietorship), go out of business, or file for bankruptcy (in case of a Corporation).

Answer 510

A

B. integration

Integration testing s useful to test the interfaces and interdependencies between components that are integrated in an SoS to reveal single points of failure or weak links that can render the entire SoS exploitable.

Answer 511

A

C. termination access control

Once software is handed over from one supplier to another or to the acquirer, only the receiving part’s personnel should be allowed to access and/or modify the software code components and configuration.

Answer 512

A

B. Corporate brand and reputation

When security is incorporated into the software development life cycle, confidentiality, integrity, and availability can be assured and external hacker and insider threat attempts thwarted. Developers will generate more hack-resilient software with fewer vulnerabilities, but protection of the organization’s reputation and corporate brand is the primary reason for software assurance.

Answer 513

A

B. Integrity

When the software program operates as expected, it is said to be reliable or internally consistent. Reliability is an indicator of the integrity of software. Hack-resilient software are reliable (functioning as expected), resilient (able to withstand attacks), and recoverable (capable of being restored to normal operations when breached or upon error).

Answer 514

A

A. Software issues can cause downtime to the business.

One of the tenets of software assurance is “availability.” Software issues can cause software unavailability and downtime to the business. This is often observed as a denial of service (DoS) attack.

Answer 515

A

C. Availability

Confidentiality controls assure protection against unauthorized disclosure.
Integrity controls assure protection against unauthorized modifications or alterations.
Availability controls assure protection against downtime/denial of service and destruction of information.
Authentication is the mechanism to validate the claims/credentials of an entity.
Authorization covers the subject’s rights and privileges upon requested objects.

Answer 516

A

A. Ownership-based authentication

Authentication can be achieved in one or more of the following ways: using something one knows (knowledge-based), something one has (ownership-based), and something one is (characteristic-based). Using a token device is ownership-based authentication. When more than one way is used for authentication purposes, it is referred to as multifactor authentication, and this is recommended over single-factor authentication.

Answer 517

A

B. Defense in-depth

Having more than one way of authentication provides for a layered defense, which is the premise of the defense in depth security design principle.

Answer 518

A

D. Preventing a user from performing some unauthorized operations

Audit log information can be a detective control (providing evidentiary information) and a deterrent control when the users know that they are being audited, but it cannot prevent any unauthorized actions. When the software logs user actions, it also provides nonrepudiation capabilities because the user cannot deny their actions.

Answer 519

A

B. Session management

An Internet application means that the ability to manage identities as would be possible in an Intranet application is not easy and, in some cases, infeasible. Internet applications also use stateless protocols, such as HTTP or HTTPS, and this requires the management of user sessions.

Answer 520

A

A. Clipping level

The predetermined number of acceptable user errors before recording the error as a potential security incident is referred to as the clipping level. For example, if the number of allowed failed login attempts before the account is locked out is three, then the clipping level for authentication attempts is three.

Answer 521

A

C. Fail safe

The failsafe principle prescribes that access decisions must be based on permission rather than exclusion. This means that the default situation is lack of access, and the protection scheme identifies conditions under which access is permitted. The alternative, in which mechanisms attempt to identify conditions under which access should be refused, presents the wrong psychological base for secure system design. A design or implementation mistake in a mechanism that gives explicit permission tends to fail by refusing permission, which is a safe situation since it will be quickly detected. On the other hand, a design or implementation mistake in a mechanism that explicitly excludes access tends to fail by allowing access, a failure that may go unnoticed in normal use. This principle applies both to the outward appearance of the protection mechanism and to its underlying implementation.

Answer 522

A

C. Transference

When an “as is” disclaimer clause is used, the risk is transferred from the publisher of the software to the user of the software.

Answer 523

A

B. Policy

Policies are high-level documents that communicate the mandatory goals and objectives of company management. Standards are also mandatory, but not quite at the same high level as policy. Guidelines provide recommendations on how to implement a standard. Procedures are usually step-by-step instructions of how to perform an operation. A baseline has the minimum levels of controls or configurations that need to be implemented.

Answer 524

A

B. Evaluate security engineering practices and organizational management processes

The evaluation of security engineering practices and organizational management processes are provided as guidelines and prescribed in the Systems Security Engineering Capability Maturity Model (SSE-CMM®). The SSE-CMM is an internationally recognized standard that is published as ISO 21827.

Answer 525

A

B. Sherwood Applied Business Security Architecture (SABSA)

SABSA is a proven framework and methodology for Enterprise Security Architecture and Service Management. SABSA ensures that the needs of your enterprise are met completely and that security services are designed, delivered, and supported as an integral part of your business and IT management infrastructure.

Answer 526

A

A. Not allowing the process to write above its security level

The Biba integrity model prevents unauthorized modification. It states that the maintenance of integrity requires that data not flow from a receptacle of a given integrity to a receptacle of higher integrity. If a process can write above its security level, trustworthy data could be contaminated by the addition of less trustworthy data.

Answer 527

A

D. Rootkit

Rootkits are known to compromise the operating system ring protection mechanisms and masquerade as a legitimate operating system taking control of it.

Answer 528

A

B. Intellectual property protection

All of the other options are considerations for the software acquirer (purchaser).

Answer 529

A

C. Asset value × exposure factor

Single loss expectancy is the expected loss of a single disaster. It is computed as the product of asset value and the exposure factor. SLE = asset value ⨯ exposure factor.

Answer 530

A

C. Mitigation

The implementation of IPSec at the network layer helps to mitigate threats to the confidentiality of transmitted data.

Answer 531

A

D. FIPS 201

Personal identity verification (PIV) of federal employees and contractors is published as FIPS 201, and it prescribes some guidelines for biometric authentication.

Answer 532

A

D. PCI DSS

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

Answer 533

A

C. Advanced Encryption Standard (FIPS 197)

The advanced encryption standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. Encryption converts data to an unintelligible form called ciphertext; decrypting the ciphertext converts the data back into their original form, called plaintext. The AES algorithm is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits.

Answer 534

A

C. Open Web Application Security Project (OWASP)

The Open Web Application Security Project (OWASP) Top Ten provides a powerful awareness document for Web application security. The OWASP Top Ten represents a broad consensus about what the most critical Web application security flaws are.

Answer 535

A

B. Goals and objectives of the organization

When determining software security requirements, it is imperative to address the goals and objectives of the organization. Management’s goals and objectives need to be incorporated into the organizational security policies. While external auditor, internal quality requirements, and technology are factors that need consideration, compliance with organizational policies must be the foremost consideration.

Answer 536

A

A. Directory information

Information that is public is also known as directory information. The name “directory” information comes from the fact that such information can be found in a public directory, such as a phone book. When information is classified as public information, confidentiality assurance protection mechanisms are not necessary.

Answer 537

A

C. Availability requirements

Destruction is the threat against availability, as disclosure is the threat against confidentiality, and alteration is the threat against integrity.

Answer 538

A

D. Recovery time objective (RTO)

The maximum tolerable downtime (MTD) is the maximum length of time a business process can be interrupted or unavailable without causing the business itself to fail. The recovery time objective (RTO) is the time period in which the organization should have the interrupted process running again at or near the same capacity and conditions as before the disaster/downtime. MTD and RTO are part of availability requirements. It is advisable to set the RTO to be less than the MTD.

Answer 539

A

A. Biometric authentication

Forms authentication has to do with usernames and passwords that are input into a form (e.g., a Web page/form). Basic authentication transmits the credentials in Base64 encoded form, while digest authentication provides the credentials as a hash value (also known as a message digest). Token-based authentication uses credentials in the form of specialized tokens and is often used with a token device. Biometric authentication uses physical characteristics to provide the credential information.

Answer 540

A

B. Authentication

When two factors are used to validate an entity’s claim and/or credentials, it is referred to as two-factor authentication, and when more than two factors are used for authentication purposes, it is referred to as multifactor authentication. It is important to determine first whether if there exists a need for two- or multifactor authentication.

Answer 541

A

B. Discretionary access control (DAC)

Discretionary access control (DAC) is defined as “a means of restricting access to objects based on the identity of subjects and/or groups to which they belong.” The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject. DAC restricts access to objects based on the identity of the subject and is distinctly characterized by the decision of the owner of the resource regarding who has access and their level of privileges or rights.

Answer 542

A

C. Auditing requirements

Auditing requirements are those that assist in building a historical record of user actions. Audit trails can help detect when an unauthorized user makes a change or an authorized user makes an unauthorized change, both of which are cases of integrity violations. Auditing requirements not only help with forensic investigations as a detective control, but can also be used for troubleshooting errors and exceptions, if the actions of the software are tracked appropriately.

Answer 543

A

A. Improper session management

Easily guessable and nonrandom session identifiers can be hijacked and replayed if not managed appropriately, and this can lead to MITM attacks.

Answer 544

A

B. Policy decomposition

The process of eliciting concrete software security requirements from high-level regulatory and organizational directives and mandates is referred to as policy decomposition. When the policy decomposition process completes, all the gleaned requirements must be measurable components.

Answer 545

A

A. Engage the customer

IT is there for the business and not the other way around. The first step when determining protection needs is to engage the customer, followed by modeling the information and identifying least privilege scenarios. Once an application profile is developed, we can undertake threat modeling and analysis to determine the risk levels, which can be communicated to the business to prioritize the risk.

Answer 546

A

D. Identifying privileged code sections

Identifying privileged code sections is part of threat modeling and not part of an RTM.

Answer 547

A

D. Input validation

Parity bit checking is primarily used for error detection, but it can be used for assuring the integrity of transferred files and messages.

Answer 548

A

B. Use case modeling

A use case models the intended behavior of the software or system. In other words, the use case describes behavior that the system owner intended. This behavior describes the sequence of actions and events that are to be taken to address a business need. Use case modeling and diagramming are very useful for specifying requirements. It can be effective in reducing ambiguous and incompletely articulated business requirements by explicitly specifying exactly when and under what conditions certain behaviors occur. Use case modeling is meant to model only the most significant system behavior, not all, and so it should not be considered a substitute for requirements specification documentation.

Answer 549

A

A. Race conditions

Misuse cases, also known as abuse cases, help identify security requirements by modeling negative scenarios. A negative scenario is an unintended behavior of the system, one that the system owner does not want to have occur within the context of the use case. Misuse cases provide insight into the threats that can occur to the system or software. It provides the hostile users’ point of view and is an inverse of the use case. Misuse case modeling is similar to the use case modeling, except that the former models misactors and unintended scenarios or behavior. Misuse cases may be intentional or accidental. One of the most distinctive traits of misuse cases is that they can be used to elicit security requirements, unlike other requirements determination methods that focus on end user functional requirements.

Answer 550

A

B. Information Life Cycle Management

Data classification is the conscious effort to assign a level of sensitivity to data assets based on potential impact upon disclosure, alteration, or destruction. The results of the classification exercise can then be used to categorize the data elements into appropriate buckets. Data classification is part of information life cycle management.

Answer 551

A

B. Environment

When determining requirements, it is important to elicit requirements that are tied to the environment in which the data will be marshaled or processed. Viewstate corruption issues in Web farm settings where all the servers were not configured identically or lack of card holder data encryption in public networks have been observed when the environmental requirements were not identified or taken into account.

Answer 552

A

A. Service level agreements (SLAs)

SLAs should contain the levels of service expected for the software to provide, and this becomes crucial when the software is not developed in-house.

Answer 553

A

B. Resiliency

Software is said to be reliable when it is functioning as expected. Resiliency is the measure of the software’s ability to withstand an attack. When the software is breached, its ability to restore itself back to normal operations is known as the recoverability of the software. Redundancy has to do with high availability.

Answer 554

A

A. Availability

Improper coding constructs such as infinite loops and improper memory management can lead to denial of service and resource exhaustion issues, which impact availability.

Answer 555

A

C. Service level agreements

SLAs should contain the levels of service the software is expected to provide, and this becomes crucial when the software is not developed in-house.

Answer 556

A

C. Confidentiality requirements

Destruction is the threat against availability, as disclosure is the threat against confidentiality, and alteration is the threat against integrity.

Answer 557

A

B. Integrity

Destruction is the threat against availability, as disclosure is the threat against confidentiality, and alteration is the threat against integrity.

Answer 558

A

B. Steganography

Encryption and hashing are overt mechanisms to assure confidentiality. Masking is an obfuscating mechanism to assure confidentiality. Steganography is hiding information within other media as a cover mechanism to assure confidentiality. Steganography is more commonly referred to as invisible ink writing and is the art of camouflaging or hidden writing, where the information is hidden and the existence of the message itself is concealed. Steganography is primarily useful for covert communications and is prevalent in military espionage communications.

Answer 559

A

D. Watermarking

Digital watermarking is the process of embedding information into a digital signal. These signals can be audio, video, or pictures.

Answer 560

A

B. Integrity

Parity bit checking is useful in the detection of errors or changes made to data when they are transmitted. A common use of parity bit checking is to do a cyclic redundancy check (CRC) for data integrity as well, especially for messages longer than one byte (8 bits) long. Upon data transmission, each block of data is given a computed CRC value, commonly referred to as a checksum. If there is an alteration between the origin of data and their destination, the checksum sent at the origin will not match the one computed at the destination. Corrupted media (CDs, DVDs) and incomplete downloads of software yield CRC errors.

Answer 561

A

B. Design

Although it is important to visit the threat model during the development, testing, and deployment phase of the software development life cycle (SDLC), the threat modeling exercise should commence in the design phase of the SDLC.

Answer 562

A

C. Public Key Infrastructure (PKI)

PKI makes it possible to exchange data securely by hiding or keeping secret a private key on one system while distributing the public key to the other systems participating in the exchange.

Answer 563

A

D. Nonrepudiation

Nonrepudiation and proof of origin (authenticity) are provided by the certificate authority’s (CA) attaching its digital signature, encrypted with the private key of the sender, to the communication that is to be authenticated, and this attests to the authenticity of both the document and the sender.

Answer 564

A

C. Hashing

An important use for hashes is storing passwords. The actual password should never be stored in the database. Using hashing functions, you can store the hash value of the user password and use that value to authenticate the user. Because hashes are one-way (not reversible), they offer a heightened level of confidentiality assurance.

Answer 565

A

D. Separation of duties

Separation of duties, or separation of privilege, is the principle that it is better to assign tasks to several specific individuals so that no one user has total control over the task. It is closely related to the principle of least privilege, the idea that a minimum amount of privilege is granted to individuals with a need to know for the minimum (shortest) amount of time.

Answer 566

A

B. Simplify user authentication

The design principle of economy of mechanism states that one must keep the design as simple and small as possible. This well known principle deserves emphasis for protection mechanisms because design and implementation errors that result in unwanted access paths will not be noticed during normal use. As a result, techniques that implement protection mechanisms, such as line-by-line inspection of software, are necessary. For such techniques to be successful, a small and simple design is essential. SSO supports this principle by simplifying the authentication process.

Answer 567

A

C. Auditing

All stored procedures could be updated to incorporate auditing logic, but a better solution is to use database triggers. You can use triggers to monitor actions performed on the database tables and automatically log auditing information.

Answer 568

A

D. Entry points

During threat modeling, the application is dissected into its functional components. The development team analyzes the components at every entry point and traces data flow through all functionality to identify security weaknesses.

Answer 569

A

A. Spoofing

Although it may seem that an MITM attack is an expression of the threat of repudiation, and it can be, it is primarily a spoofing threat. In a spoofing attack, an attacker impersonates a legitimate user of the system. A spoofing attack is mitigated through authentication so that adversaries cannot become any other user or assume the attributes of another user. When undertaking a threat modeling exercise, it is important to list all possible threats, regardless of whether they have been mitigated, so that you can later generate test cases where necessary. If the threat is not documented, there is a high likelihood that the software will not be tested for those threats. Using a categorized list of threats (such as spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege [STRIDE]) is useful to address all possible threats.

Answer 570

A

B. Network

Although software security has specific implications on layer seven, the application of the OSI stack, the security at other levels of the OSI stack is also important and should be leveraged to provide defense in depth. The seven layers of the OSI stack are physical (1), data link (2), network (3), transport (4), session (5), presentation (6), and application (7). SSL and IPSec can be used to assure confidentiality for data in motion. SSL operates at the transport layer (4), and IPSec operates at the network layer (3) of the OSI model.

Answer 571

A

A. Interoperability

A distinctive characteristic of SOA is that the business logic is abstracted into discoverable and reusable contract-based interfaces to promote interoperability between heterogeneous computing ecosystems.

Answer 572

A

D. Physical

Side channel attacks use unconventional means to compromise the security of the system and, in most cases, require physical access to the device or system. Therefore, to mitigate side channel attacks, physical protection must be used.

Answer 573

A

C. Rich Internet application (RIA)

RIAs require Internet protocol (IP) connectivity to the backend server. Browser sandboxing is recommended since the client is also susceptible to attack now, but it is not a requirement. The workload is shared between the client and the server, and the user’s experience and control is increased in RIA architecture.

Answer 574

A

B. Identification

Trusted platform module (TPM) is the name assigned to a chip that can store cryptographic keys, passwords, and certificates. It can be used to protect mobile devices other than personal computers. It is also used to provide identity information for authentication purposes in mobile computing. It also assures secure startup and integrity. The TPM can be used to generate values used with whole-disk encryption, such as the Windows Vista’s BitLocker. It is developed to specifications of the Trusted Computing Group.

Answer 575

A

B. Inference

An inference attack is one in which the attacker combines information available in the database with a suitable analysis to glean information that is presumably hidden or not as evident. This means that individual data elements when viewed collectively can reveal confidential information. It is therefore possible to have public elements in a database reveal private information by inference. The first things to ensure are that the database administrator does not have direct access to the data in the database and that the administrator’s access to the database is mediated by a program (the application) and audited. In situations where direct database access is necessary, it is important to ensure that the database design is not susceptible to inference attacks. Inference attacks can be mitigated by polyinstantiation.

Answer 576

A

C. Views

Views provide a number of security benefits. They abstract the source of the data being presented, keeping the internal structure of the database hidden from the user. Furthermore, views can be created on a subset of columns in a table. This capability can allow users granular access to specific data elements. Views can also be used to limit access to specific rows of data.

Answer 577

A

B. Security management interfaces

Security management interfaces (SMIs) are administrative interfaces for your application that have the highest level of privileges on the system and can do tasks such as

User provisioning: adding/deleting/enabling user accounts
Granting rights to different user roles
System restarting
Changing system security settings
Accessing audit trails, user credentials, exception logs

Answer 578

A

B. Security Assert Markup Language (SAML)

Federation technology is usually built on a centralized identity management architecture leveraging industry standard identity management protocols, such as SAML, WS Federation (WS-*), and Liberty Alliance. Of the three major protocol families associated with federation, SAML seems to be recognized as the de facto standard for enterprise-to-enterprise federation. SAML works in cross-domain settings, while Kerberos tokens are useful only within a single domain.

Answer 579

A

B. Transport layer security

The syslog network protocol has become a de facto standard for logging programs and server information over the Internet. Many routers, switches, and remote access devices will transmit system messages, and there are syslog servers available for Windows and UNIX operating systems. TLS protection mechanisms such as SSL wrappers are needed to protect syslog data in transit as they are transmitted in the clear. SSL wrappers such as stunnel provide transparent SSL functionality.

Answer 580

A

D. Digital Rights Management

Digital rights management (DRM) solutions give copyright owners control over access and use of copyright protected material. When users want to access or sue digital copyrighted material, they can do so on the terms of the copyright owner.

Answer 581

A

C. solve business problems

IT and software development teams function to provide solutions to the business. Manual and inefficient business processes can be automated and made efficient using software programs.

Answer 582

A

C. linking

Linking is the process of combining the necessary functions, variables, and dependencies files and libraries required for the machine to run the program. The output that results from the linking process is the executable program or machine code/file that the machine can understand and process. In short, linked object code is the executable. Link editors that combine object codes are known as linkers. Upon the completion of the compilation process, the compiler invokes the linker to perform its function. There are two types of linking: static linking and dynamic linking.

Answer 583

A

B. type safety

Code is said to be type safe if it only accesses memory resources that do not belong to the memory assigned to it. Type safety verification takes place during the just in time (JIT) compilation phase and prevents unsafe code from becoming active. Although you can disable type safety verification, code can then make unrestricted calls to unmanaged code, and if that code has malicious intent, the results can be severe. Therefore, the framework only allows fully trusted assemblies to bypass verification. Type safety is a form of “sandboxing.” Type safety must be one of the most important considerations in regards to security when selecting a programming language.

Answer 584

A

D. Man-in-the-Middle (MITM)

As a defense against man-in-the-middle (MITM) attacks, authentication and session management need to be in place. Multifactor authentication provides greater defense than single factor authentication and is recommended. Session identifiers that are generated should be unpredictable, random, and non-guessable.

Answer 585

A

C. Cross-Site Request Forgery (CSRF)

In addition to assuring that the requestor is a human, CAPTCHAs are useful in mitigating CSRF attacks. Since CSRF is dependent on a preauthenticated token’s being in place, using CAPTCHA as the anti-CSRF token is an effective way of dealing with the inherent XSS problems regarding anti-CSRF tokens, as long as the CAPTCHA image itself is not guessable, predictable, or re-served to the attacker.

Answer 586

A

D. Advanced Encryption Standard (AES)

Advanced encryption standard (FIPS 197) is published as the Rijndael cipher. Software should be designed so that you should be able to replace one cryptographic algorithm with a stronger one, when needed, without much rework or recoding. This is referred to as cryptographic agility.

Answer 587

A

C. Secure Sockets Layer (SSL)

SSL provides disclosure protection and protection against session hijacking and replay at the transport layer (layer 4), while IPSec provides confidentiality and integrity assurance operating in the network layer (layer 3). DRM provides some degree of disclosure (primarily IP) protection and operates in the presentation layer (layer 6), and data loss prevention (DLP) technologies prevent the inadvertent disclosure of data to unauthorized individuals, predominantly those external to the organization.

Answer 588

A

D. information disclosure

Information disclosure is primarily a design issue and therefore is a language-independent problem. There is a tricky balance between providing the user with helpful information about errors and preventing attackers from learning about the internal details and architecture of the software. From a security standpoint, it is advisable not to disclose verbose error messages and provide the users with a helpline to get additional support.

Answer 589

A

D. authentication of users

Code signing can provide all of the following: anti-tampering protection assuring integrity of code, authenticity (not authentication) of code origin, and runtime permissions for the code to access system resources. The primary benefit of code signing is that it provides users with the identity of the software’s creator, and this is particularly important for mobile code, which is code downloaded from a remote location over the Internet.

Answer 590

A

D. timing

A side channel is a potential source of information flow from a physical system to an adversary beyond what is available via the conventional (abstract) model. These include subtle observation of timing, electromagnetic radiations, power usage, analog signals, and acoustic emanations. The use of nonconventional and specialized techniques along with physical access to the target system to discover information is characteristic of side channel attacks. The analysis of delayed error messages between successful and unsuccessful queries is a form of timing side channel attacks.

Answer 591

A

B. declarative syntax security

There are two types of security syntax: declarative security and imperative security. Declarative syntax addresses the “what” part of an action, whereas imperative syntax tries to deal with the “how” part. When security requests are made in the form of attributes (in the metadata of the code), it is referred to as declarative security. When security requests are made through programming logic within a function or method body, it is referred to as imperative security. Declarative security is an all-or-nothing kind of implementation, while imperative security offers greater levels of granularity and control because the security requests run as lines of code intermixed with the application code.

Answer 592

A

D. imperative security

When security requests are made in the form of attributes, it is referred to as declarative security. It does not precisely define the steps as to how the security will be realized. Declarative syntax actions can be evaluated without running the code because attributes are stored as part of an assembly’s metadata, while the imperative security actions are stored as intermediary language (IL). This means that imperative security actions can be evaluated only when the code is running. Declarative security actions are checks before a method is invoked and are placed at the class level, being applicable to all methods in that class, unlike imperative security. Declarative security is an all-or-nothing kind of implementation, while imperative security offers greater levels of granularity and control, because the security requests run as lines of code intermixed with the application code.

Answer 593

A

C. locality of reference

Computer processors tend to access memory in a very patterned way. The basic forms of locality of reference are temporal (based on time), spatial (based on address space), (branch conditional), and equidistant (somewhere between spatial and branch using simple linear functions that look for equidistant locations of memory to predict which location will be accessed in the near future). While this is good from a performance vantage point, it can lead to an attacker’s predicting memory address spaces and causing memory corruption and buffer overflow.

Answer 594

A

A. are references to memory locations of destroyed objects

A dangling pointer, aka stray pointer, occurs when a pointer points to an invalid memory address. Dangling pointers are usually created in one of two ways. An object is destroyed (freed), but the reference to the object is not reassigned and is later used. Or a local object is popped from the stack when the function returns, but a reference to the stack-allocated object is still maintained. Attackers write exploit code to take control of dangling pointers so that they can move the pointer to where their arbitrary shell code is injected.

Answer 595

A

C. Address Space Layout Randomization (ASLR)

In the past, the memory manager would try to load binaries at the same location in the linear address space each time the program was run. This behavior made it easier for shell coders by ensuring that certain modules of code would always reside at a fixed address and could be referenced in exploit code using raw numeric literals. Address space layout randomization (ASLR) is a feature in newer operating systems (introduced in Windows Vista) that deals with this predictable and direct referencing issue.

Answer 596

A

B. obfuscated code

Reverse engineering is used to infer how a program works by inspecting it. Code obfuscation, which makes the readability of code extremely difficult and confusing, can be used to deter (not prevent) reverse engineering attacks. Obfuscating code is not detective or corrective in its implementation.

Answer 597

A

A. version control

The ability to track ownership, changes in code, and rollback abilities is possible because of versioning, which is a configuration management process. A phenomenon known as “regenerative bugs” is often observed when it comes to improper release management processes. Regenerative bugs are fixed software defects that reappear in subsequent releases of the software. This happens when the software coding defect (bug) is detected in the testing environment (such as user acceptance testing), and the fix is made in that test environment and promoted to production without retrofitting it into the development environment. The latest version in the development environment does not have the fix, and the issue reappears in subsequent versions of the software.

Answer 598

A

D. errors and vulnerabilities can be detected earlier in the life cycle

Code review is the process of systematically analyzing the code for insecure and inefficient coding issues. In addition to static analysis, which reviews code before it goes live, there are also dynamic analysis tools, which conduct automated scans of applications in production to unearth vulnerabilities. In other words, dynamic tools test from the outside in, while static tools test from the inside out. Just because the code compiles without any errors, it does not necessarily mean that it will run without errors at runtime.

Answer 599

A

D. masking of data when they are displayed

Masking does not use any overt cryptography operations, such as encryption, decryption, or hashing, or covert operations, such as data hiding, as in the case of steganography, to provide disclosure protection.

Answer 600

A

D. Low-Level Language

A programming language in which there is little to no abstraction from the native instruction codes that the computer can understand is also referred to as low-level language. There is no abstraction from native instruction codes in machine language. Assembly languages are the lowest level in the software chain, which makes them incredibly suitable for reversing.

Answer 601

A

B. Recoverability

When the software performs as it is expected to, it is said to be reliable. When errors occur, the reliability of software is impacted, and the software needs to be able to restore itself to expected operations. The ability of the software to be restored to normal, expected operations is referred to as recoverability. The ability of the software to withstand attacks against its reliability is referred to as resiliency. Redundancy is about availability, and reconnaissance is related to information gathering, as in fingerprinting/footprinting.

Answer 602

A

B. Agile

Unit testing enables collective code ownership. Collective code ownership encourages everyone to contribute new ideas to all segments of the project. Any developer can change any line of code to add functionality, fix bugs, or re-factor. No one person becomes a bottleneck for changes. The way this works is for each developer to work in concert (usually more in agile methodologies than the traditional model) to create unit tests for his code as it is developed. All code released into the source code repository includes unit tests. Code that is added, bugs as they are fixed, and old functionality as it is changed will be covered by automated testing.

Answer 603

A

A. Logic

If-then rules are constructs of logic, and when these constructs are used for software testing, it is generally referred to as logic testing.

Answer 604

A

A. Stress

Tests that assure that the service level requirements are met are characteristic of performance testing. Load and stress testing are types of performance tests. While stress testing is testing by starving the software, load testing is done by subjecting the software to extreme volumes or loads.

Answer 605

A

B. Stress

The goal of stress testing is to determine if the software will continue to operate reliably under duress or extreme conditions. Often the resources that the software needs are taken away from the software, and the software’s behavior is observed as part of the stress test.

Answer 606

A

A. Source code analyzers

White box testing, or structural analysis, is about testing the software with prior knowledge of the code and configuration. Source code review is a type of white box testing. Embedded code issues that are implanted by insiders, such as Trojan horses and logic bombs, can be detected using source code analyzers.

Answer 607

A

B. Black box

In black box or behavioral testing, test conditions are developed on the basis of the program’s or system’s functionality; that is, the tester requires information about the input data and observed output, but does not know how the program or system works. The tester focuses on testing the program’s behavior (or functionality) against the specification. With black box testing, the tester views the program as a black box and is completely unconcerned with the internal structure of the program or system.

Answer 608

A

A. Rules of engagement

Penetration testing must be controlled, not ad hoc in nature, with properly defined rules of engagement.

Answer 609

A

C. Nonrepudiation

When session management is in place, it provides for authentication, and when authentication is combined with auditing capabilities, it provides nonrepudiation. In other words, the authenticated user cannot claim broken sessions or intercepted authentication and deny their user actions due to the audit logs’ recording their actions.

Answer 610

A

B. Lack of reverse engineering protection

Disassemblers, debuggers, and decompilers are utilities that can be used for reverse engineering software, and software testers should have these utilities in their list of tools to validate protection against reversing.

Answer 611

A

C. Expected results

Knowledge of the expected results along with the defect information can be used to determine the variance between what the results need to be and what is deficient.

Answer 612

A

B. Cloaking

Detection of Web server versions is usually done by analyzing HTTP responses. This process is known as banner grabbing. But the administrator can change the information that gets reported, and this process is known as cloaking. Banner cloaking is a security through obscurity approach to protect against version enumeration.

Answer 613

A

B. Variations of data structures that are known

The process of sending random data to test security of an application is referred to as “fuzzing” or “fuzz testing.” There are two levels of fuzzing: dumb fuzzing and smart fuzzing. Sending truly random data, known as dumb fuzzing, often does not yield great results and has the potential of bringing the software down, causing a denial of service (DoS). If the code being fuzzed requires data to be in a certain format but the fuzzer does not create data in that format, most of the fuzzed data will be rejected by the application. The more knowledge the fuzzer has of the data format, the more intelligent it can be at creating data. These more intelligent fuzzers are known as smart fuzzers.

Answer 614

A

C. Confidentiality, integrity, and availability are not adversely impacted

As part of security testing, the principle of failsafe must be assured. This means that confidentiality, integrity, and availability are not adversely impacted when the software fails. As part of general software testing, the recoverability of the software, or restoration of the software to normal operational functionality, is an important consideration, but it need not always be an automated process.

Answer 615

A

B. Stress

Race conditions and resource exhaustion issues are more likely to be identified when the software is starved of the resources that it expects, as is done during stress testing.

Answer 616

A

C. The presence and effectiveness of risk mitigation controls

Security testing must include both external (blackhat) and insider threat analysis, and it should be more than just testing for the ability to circumvent access control mechanisms. The resiliency of software is the ability of the software to be able to withstand attacks. The presence and effectiveness of risk mitigation controls increase the resiliency of the software.

Answer 617

A

C. Resiliency

Resiliency of software is defined as the ability of the software to withstand attacker attempts.

Answer 618

A

C. Unit

In order for unit testing to be thorough, the unit/module and the environment for the execution of the module need to be complete. The necessary environment includes the modules that either call or are called by the unit of code being tested. Stubs and drivers are designed to provide the complete environment for a module so that unit testing can be carried out. A stub procedure is a dummy procedure that has the same input/output (I/O) parameters as the given procedure. A driver module should have the code to call the different functions of the module being tested with appropriate parameter values for testing.

Answer 619

A

C. Performance

Assurance that the software meets the expectations of the business as defined in the service level agreements (SLAs) can be demonstrated by performance testing. Once the importance of the performance of an application is known, it is necessary to understand how various factors affect the performance. Security features can have an impact on performance, and this must be checked to ensure that service level requirements can be met.

Answer 620

A

B. Detect the presence of loopholes and weaknesses in the software

A vulnerability is a weakness (or loophole), and vulnerability scans are used to detect the presence of weaknesses in software.

Answer 621

A

C. Black box testing

Third party vendor software is often received in object code form, access to source code is usually not provided, and structural analysis (white box) or source code analysis is not possible. Looking into the source code or source code look-alike by reverse engineering without explicit permission can have legal ramifications. Additionally, without documentation on the architecture and software makeup, a threat modeling exercise would most likely be incomplete. License validation is primarily used for curtailing piracy and is a component of verification and validation mechanisms. Black box testing or behavioral analysis would be the best option to attest the security of third party vendor software.

Answer 622

A

B. Canonicalization issues

The process of canonicalization resolves multiple forms into standard canonical forms. In software that needs to support multilingual, multicultural capabilities such as Unicode, input filtration can be bypassed by a hacker who sends in data in an alternate form from the standard form. Input validation for alternate forms is therefore necessary.

Answer 623

A

B. Assess the presence and effectiveness of protection mechanisms

To maintain the confidentiality, integrity, and availability of software and the data it processes, prior to the acceptance of software, vendor claims of security must be assessed not only for their presence, but also their effectiveness within your computing ecosystem.

Answer 624

A

C. Validity periods

Software functionality can be restricted using a validity period as is often observed in the “try-before-you-buy” or “demo” versions of software. It is recommended to have a stripped down version of the software for the demo version, and if feasible, it is advisable to include the legal team to determine the duration of the validity period.

Answer 625

A

D. Transference

Since there is an independent third party engaged in an escrow agreement, business continuity is assured for the acquirer when the escrow agency maintains a copy of the source/object code from the publisher. For the publisher, it protects the intellectual property since the source code is not handed to the acquirer directly, but to the independent third escrow party. For both the acquirer and the publishers, some risk is transferred to the escrow party, who is responsible for maintaining the terms of the escrow agreement.

Answer 626

A

B. Nondisclosure agreements (NDA)

Nondisclosure agreements assure confidentiality of sensitive information, such as software programs, processing logic, database schema, and internal organizational business processes and client lists.

Answer 627

A

B. End users

Disclaimers, or “as is” clauses, transfer the risk from the software provider to the end user.

Answer 628

A

B. Denial of service

If the validity period set in the software is not properly implemented, then legitimate users can potentially be denied service. It is therefore imperative to ensure that the duration and checking mechanism of validity periods is properly implemented.

Answer 629

A

A. Verification

Verification is defined as the process of evaluating software to determine whether the products of a given development phase satisfy the conditions imposed at the start of the phase. In other words, verification ensures that the software performs as it is required and designed to do. Validation is the process of evaluating software during or at the end of the development process to determine whether it satisfies specified requirements. In other words, validation ensures that the software meets required specifications.

Answer 630

A

B. Reliability

Verification ensures that the software performs as it is required and designed to do, which is a measure of the software’s reliability.

Answer 631

A

C. Common criteria

Common criteria (ISO 15408) are a security product evaluation methodology with clearly defined ratings, such as evaluation assurance levels (EALs). In addition to assurance validation, the common criteria also validate software functionality for the security target. EALs ratings assure the owner of the assurance capability of the software/system, so common criteria are also referred to as an owner assurance model.

Answer 632

A

D. User acceptance testing

The end users of the business have the final say on whether the software can be deployed/released. User acceptance testing (UAT) determines the readiness of the software for deployment to the production environment or release to an external customer.

Answer 633

A

D. Accreditation

While certification is the assessment of the technical and nontechnical security controls of the software, accreditation is a management activity that assures that the software has adequate levels of software assurance protection mechanisms.

Answer 634

A

B. Accept the risk with a documented exception

When there are known vulnerabilities in legacy software and there is not much you can do to mitigate the vulnerabilities, it is recommended that the business accept the risk with a documented exception to the security policy. When accepting this risk, the exception to policy process must ensure that there is a contingency plan in place to address the risk by either replacing the software with a new version or discontinuing its use (risk avoidance). Transferring the risk may not be a viable option for legacy software that is already in your production environment, and one must never ignore the risk or take the vulnerable software out of the scope of an external audit.

Answer 635

A

B. Business owner

Risk must always be accepted formally by the business owner.

Answer 636

A

B. Incompatible environment configurations

When the production environment does not mirror the development or test environments, software that works fine in nonproduction environments are observed to experience issues when deployed in the production environment. This underlines the need for simulation testing.

Answer 637

A

D. Collected manually

A good security metric is expressed quantitatively and is contextually accurate. Regardless of how many times the metrics are collected, the results are not significantly variant. Good metrics are usually collected in an automated manner so that the collector’s subjectivity does not come into effect.

Answer 638

A

A. Hardening

Locking down the software by removing unneeded code and documentation to reduce the attack surface of the software is referred to as software hardening. Before hardening the software, it is crucial to harden the operating system of the host on which the software program will be run.

Answer 639

A

C. Continuous monitoring

Operations security is about staying secure or keeping the resiliency levels of the software above the acceptable risk levels. It is the assurance that the software will continue to function as expected in a reliable fashion for the business without compromising its state of security by monitoring, managing, and applying the needed controls to protect resources (assets).

Answer 640

A

D. Detective

Audit logging is a type of detective control. When the users are made aware that their activities are logged, audit logging could function as a deterrent control, but it is primarily used for detective purposes. Audit logs can be used to build the sequence of historical events and give insight into who (subject such as user/process) did what (action), where (object), and when (timestamp).

Answer 641

A

B. Provide a higher level of defense than the original requirement

PCI DSS prescribes that the compensating control must provide a similar level, not an increased level of defense over the original requirement.

Answer 642

A

C. Logic bombs

Logic bombs can be planted by an insider, and when the internal network is not monitored, the likelihood of this is much higher.

Answer 643

A

D. Auditing

IDS and auditing are both detective types of controls that can be used to monitor the security health of the computing environment continuously.

Answer 644

A

B. Research the validity of the alert or event further

Upon the report of a breach, it is important to go into a triaging phase in which the validity and severity of the alert/event is investigated further. This reduces the number of false positives that are reported to management.

Answer 645

A

D. Informing the development team that there should be no injection flaws in the payroll application

Using security metrics over fear, uncertainty, and doubt (FUD) is the best recommendation to champion security objectives within the software development organization.

Answer 646

A

B. Audits

Periodic audits (both internal and external) can be used to assess the overall state of the organization’s security health.

Answer 647

A

B. Normalization

Normalizing logs means that duplicate and redundant information is removed from the logs after the time is synchronized for each log set, and the logs are parsed to deduce patterns that are identified in the correlation phase.

Answer 648

A

D. Recovery

The incident response process involves preparation, detection, analysis, containment, eradication, and recovery. The goal of incident management is to restore (recover) service to normal business operations.

Answer 649

A

D. Identifying and eliminating the root cause of the problem

The goal of problem management is to identify and eliminate the root cause of the problem. All of the other definitions are related to incident management. The goal of incident management is to restore service, while the goal of problem management is to improve service.

Answer 650

A

C. Patching

Patching is the process of applying updates and hot fixes. Porting is the process of adapting software so that an executable program can be created for a computing environment that is different from the one for which it was originally designed (e.g., different processor architecture, operating system, or third party software library).

Answer 651

A

D. Root cause analysis

Ishikawa diagrams or fishbone diagrams are used to identify the cause and effect of a problem and are commonly used to determine the root cause of the problem.

Answer 652

A

C. Backward compatibility

Regression testing of patches is crucial to ensure that there were no newer side effects and that all previous functionality as expected is still available.

Answer 653

A

A. End-of-life

End-of-life (EOL) policies are used for the disposal of code, configuration, and documents based on organizational and regulatory requirements.

Answer 654

A

D. Avoidance

When software with known vulnerabilities is replaced with a secure version, it is an example of avoiding the risk. It is not transference because the new version may not have the same risks. It is not mitigation since no controls are implemented to address the risk of the old software. It is not acceptance since the risk of the old software is replaced with the risk of the newer version. It is not ignorance, because the risk is not left unhandled.

Answer 655

A

B. Dumpster divers

Dumpster divers are threat agents that can steal information from printed media (e.g., printer ribbons, facsimile transmission, printed paper).

Answer 656

A

B. Sandbox

Preventing malicious file execution attacks takes some careful planning from the architectural and design phases of the SDLC to thorough testing. In general, a well written application will not use user-supplied input in any filename for any server-based resource (such as images, XML and XSL transform documents, or script inclusions) and will have firewall rules in place preventing new outbound connections to the Internet or internally back to any other server. However, many legacy applications continue to have a need to accept user-supplied input and files without the adequate levels of validation built in. When this is the case, it is advisable to separate the production environment and upload the files to a sandbox environment before the files can be processed.

Answer 657

A

B. Before and after the code is implemented

In order to understand if there is an improvement in the resiliency of the software code, the RASQ, which attempts to quantify the number and kinds of vectors available to an attacker, needs to be computed before and after code development is completed and the code is frozen.

Answer 658

A

B. Type safe code

Code is said to be type safe if it only accesses memory resources that do not belong to the memory assigned to it. Type safety verification takes place during the just in time (JIT) compilation phase and prevents unsafe code from becoming active. Although you can disable type safety verification, it can lead to unpredictable results. The best example is that code can make unrestricted calls to unmanaged code, and if that code has malicious intent, the results can be severe. Therefore, the framework only allows fully trusted assemblies to bypass verification. Type safety is a form of “sandboxing.” Type safety must be one of the most important considerations in regards to security when selecting a programming language and phasing out older generation programming languages.

Answer 659

A

D. Proper change control management

Proper change control management is useful to provide separation of duties as it can prevent direct access to backend databases by developers.

Answer 660

A

C. Incident Response Plan

An Incident Response Plan (IRP) must be developed and tested for completeness as it is the document that one should refer to and follow in the event of a security breach. The effectiveness of an IRP is dependent on the awareness of users on how to respond to an incident, and increased awareness can be achieved by proper education and training.