Domain 10 - Application Security Flashcards

1
Q

What are Cloud Computing Opportunities to Application Security?

A
  • Higher Baseline Security
  • Responsiveness
  • Isolated Environments
  • Independent Virtual Machines
  • Elasticity
  • DevOps
  • Unified Interface
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

True/False: In a cloud environment, major baseline security failures completely undermine the trust
that a public cloud provider needs in order to maintain relationships with its customer base.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

_______ is a new application development methodology and philosophy focused
on automation of application development and deployment.

A

DevOps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the cloud computing challenges to Application Security?

A
  • Limited Detailed Visibility
  • Increased Application Scope
  • Changing Threat Models
  • Reduced Transparency
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are some of SDLC Frameworks?

A
  • Microsoft Developent Lifecycle
  • NIST 800-64
  • ISO/IEC 27034
  • OWASP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the CSA Meta phases of SDLC?

A
  • Secure Design and Development
  • Secure Deployment
  • Secure Operations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

5 Main Phases in Secure Design and Development

A
  • Training
  • Define
  • Design
  • Develop
  • Test
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Multiple Kind of Application Security Test

A
  • Code Review
  • Unit, regression and functional test
  • SAST
  • DAST
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

CSA Cloud Penetration Testing Recommendations

A
  • Use experienced cloud provider testing firm
  • Include developer and adminitrator in scoping
  • In multi-tenant app, all testers to act as tenant
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Impact of Cloud in Application Design and Architectures

A
  • Segregation by Default
  • Immutable Infrastructure
  • Increased use of micro-services
  • PaaS and Serverless architectures
  • Software Defined Security
  • Event Driven Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

________refers to the deeper integration of development and operations teams through better
collaboration and communications, with a heavy focus on automating application deployment and
infrastructure operations.

A

DevOps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Security Implications and Advantages of DevOps

A
  • Standardisation
  • Automated Testing
  • Immutable
  • Improved Auditing and Change Management
  • SecDevOps/DevSecOps and Rugged DevOps
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

__________ sometimes refers to the
use of DevOps automation techniques to improve security operations. These two terms are emerging to describe the integration of security activities into DevOps

A

SecDevOps/DevSecOps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In DevOps, _________ refers
to integration of security testing into the application development process to produce harder,
more secure, and more resilient applications

A

Rugged DevOps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly