11.
Which of the following MUST be addressed by software security requirements? Choose the BEST answer.
- A.Technology used in building the application.
- B.Goals and objectives of the organization.
- C.Software quality requirements.
- D.External auditor requirements.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| When determining software security requirements, it is imperative to address the goals and objectives of the organization. Management’s goals and objectives need to be incorporated into the organizational security policies. While external auditor, internal quality requirements and technology are factors that need consideration, compliance with organizational policies must be the foremost consideration. |
12.
Which of the following types of information is exempt from
confidentiality requirements?
- A.Directory information.
- B.Personally identifiable information (PII).
- C.User’s card holder data.
- D.Software architecture and network diagram.
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Information that is public is also known as directory information. The name ‘directory’ information comes from the fact that such information can be found in a public directory like a phone book, etc. When information is classified as public information, confidentiality assurance protection mechanisms are not necessary. |
13.
Requirements that are identified to protect against the destruction of information or the software itself are commonly referred to as
- A.confidentiality requirements.
- B.integrity requirements.
- C.availability requirements.
- D.authentication requirements.
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Destruction is the threat against availability as disclosure is the threat against confidentiality and alteration being the threat against integrity. |
14.
The amount of time by which business operations need to be restored to service levels as expected by the business when there is a security
breach or disaster is known as
- A.Maximum Tolerable Downtime (MTD).
- B.Mean Time Before Failure (MTBF).
- C.Minimum Security Baseline (MSB).
- D.Recovery Time Objective (RTO).
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
|
Maximum Tolerable Downtime (MTD) is the maximum length of time
a business process can be interrupted or unavailable without causing the
business itself to fail. Recovery Time Objective (RTO) is the time period in
which the organization should have the interrupted process running again, at or near the same capacity and conditions as before the disaster/downtime. MTD and RTO are part of availability requirements. It is advisable to set the RTO to be lesser than the MTD. |
15.
The use of an individual’s physical characteristics such as retinal blood
patterns and fingerprints for validating and verifying the user’s identity
if referred to as
- A.biometric authentication.
- B.forms authentication
- C.digest authentication.
- D.integrated authentication
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Forms authentication has to do with usernames and passwords that are input into a form (like a web page/form). Basic authentication transmits the credential s in Base64 encoded form while digest authentication provides the credentials as a hash value (also known as a message digest). Token based authentication uses credentials in the form of specialized tokens which is often used with a token device. Biometric authentication uses physical characteristics to provide the credential information. |
|
|
||||||||||||||||||||||||||||
