Software Design Flashcards
What should be done when sensitive data has to be shared over a network or in reports with another department in the organization that is not authorized to see certain data elements?
- Log the data access request
- Encrypt the data
- Anonymize the data
- Hash the data
Anonymize the data
What is a risk associated with relying on wireless network access in a congested area?
- Contamination of data from other channels
- Jamming of the signal
- Loss of packets
- Shorter battery life
Jamming of the signal
How can symmetric encryption keys be sent between business partners if the network is subject to monitoring?
- In email
- Prior to the data exchange
- In a certificate
- Out of band
Out of band
What is the condition an entity is in at a point in time?
- Security
- Temporal
- State
- Masked
State
Which of the following is a good justification for allocating secuurity requirements to existing systems?
- Greater (more granular) control
- Better tailoring of controls to the new system
- Avoid introducing new vulnerabilities
- Increase Total Cost of Ownership (TCO)
Avoid introducing new vulnerabilities
Which of the following is an example of a role that is responsible for ‘owning’ an external system such as power or physical access?
- Information owner
- A facility owner
- Senior management
- Security Director
A facility owner
What is a primary goal of control selection?
- To avoid all security risks
- To enable business functions
- To avoid the cost of controls
- Provide adequate security
Provide adequate security
Which type of malware is often described as parasitical?
- Virus
- Logic bomb
- Worm
- Trojan horse
Virus
In addition to motivation and skill, which other characteristic of a threat adversary is most important?
- Opportunity
- Circumstantial
- Proximity
- Persistence
Persistence
The network may be a victim of an attack or?
- The channel of an attack
- The source of an attack
- The reason for an attack
- The subject of an attack
The channel of an attack
A member of the sales team is going to make a presentation at a secure facility and has the presentation stored on the cloud. What risk may be associated with this?
- Interception of the presentation over a wireless network
- A laptop that is not compatible with the facility’s audio/visual equipment
- No network connectivity in the restricted location
- Corruption of the presentation by the CSP
No network connectivity in the restricted location
What plans should be made when setting up a new network connection between business partners?
- Allocate rack space for additional network devices
- Establish the process to disconnect the system
- Ensure that the network is redundant
- Train users in encryption
Establish the process to disconnect the system
What is a good place to record all security features that should be designed into the software?
- Risk Assessment Reports (RAR)
- Audit logs
- Requirements Traceability Matrix (RTM)
- User manuals
Requirements Traceability Matrix (RTM)
Which of the following is a weak encryption protocol?
- UDP
- TLS 1.2
- SSL
- SHA-1
SSL
Which access control limits a user’s access permissions to a certain time of day?
- Mutual exclusivity
- Least privilege
- Separation of duties
- Need to know
Least privilege
Which access control security model is focused on preserving confidentiality?
- Biba
- Bell LaPadula
- Clark Wilson
- Take-grant
Bell LaPadula
In addition to layers of control, what else is defense in depth concerned with?
- Redundancy
- Single points of failure
- Motivation of the attackers
- Quality of threats
Single points of failure
What is a database view an example of?
- Mutual exclusivity
- A constrained user interface
- A privileged access mode
- A network-based control
A constrained user interface
What is an operator console or management interface on a device known as?
- VLAN
- Redundant network
- Trusted path
- Encrypted channel
Trusted path
Why would a log be written to a WORM system?
- To save log data across multiple systems
- To ensure no one can read the data
- To prevent alteration of the log data
- To support better management overview
To prevent alteration of the log data
Which access control model enforced a well-formed transaction?
- Clark Wilson
- Boebert and Cain
- Bell LaPadula
- Biba
Clark Wilson