1.
The PRIMARY reason for incorporating security into the software development life cycle is to protect
- A.the unauthorized disclosure of information.
- B.the corporate brand and reputation.
- C.against hackers who intend to misuse the software.
- D.the developers from releasing software with security defects.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| When security is incorporated in to the software development life cycle, confidentiality, integrity and availability can be assured and external hacker and insider threat attempts thwarted. Developers will generate more hack-resilient software with fewer vulnerabilities, but protection of the organization’s reputation and corporate brand is the primary reason for software assurance. |
2.
The resiliency of software to withstand attacks that attempt modify or
alter data in an unauthorized manner is referred to as
- A.Confidentiality.
- B.Integrity.
- C.Availability.
- D.Authorization.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| When the software program operates as it is expected to, it is said to be reliable or internally consistent. Reliability is an indicator of the integrity of software. Hack resilient software are reliable (functioning as expected), resilient (able to withstand attacks) and recoverable (capable of being restored to normal operations when breached or upon error). |
3.
The MAIN reason as to why the availability aspects of software must be part of the organization’s software security initiatives is:
- A.software issues can cause downtime to the business.
- B.developers need to be trained in the business continuity procedures.
- C.testing for availability of the software and data is often ignored.
- D.hackers like to conduct Denial of Service (DoS) attacks against the organization.
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| One of the tenets of software assurance is ‘availability’. Software issues can cause software unavailability and downtime to the business. This is often observed as a denial of service (DoS) attack. |
4.
Developing the software to monitor its functionality and report when
the software is down and unable to provide the expected service to the
business is a protection to assure which of the following?
- A.Confidentiality.
- B.Integrity
- C.Availability.
- D.Authentication.
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
|
Confidentiality controls assures protection against unauthorized disclosure. Integrity controls assures protection unauthorized modifications or alterations. Availability controls assures protection against downtime/denial of service and destruction of information. Authentication is the mechanism to validate the claims/credentials of an entity. Authorization has to do with rights and privileges that a subject has upon requested objects. |
5.
When a customer attempts to log into their bank account, the customer
is required to enter a nonce from the token device that was issued to
the customer by the bank. This type of authentication is also known
as which of the following?
- A.Ownership based authentication.
- B.Two factor authentication.
- C.Characteristic based authentication.
- D.Knowledge based authentication.
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Authentication can be achieved in one or more of the following ways. Using something one knows (knowledge based), something one has (ownership based) and something one is (characteristic based). Using a token device is ownership based authentication. When more than one way is used for authentication purposed, it is referred to as multifactor authentication and is recommended over single factor authentication. |
|
|
||||||||||||||||||||||||||||
