D487: Secure Software Design Questions
And Answers
What .are .the .two .common .best .principles .of .software .applications .in .the .development .process? .Ch
oose .2 .answers.
Quality .code
Secure .code
Information .security
Integrity
Availability .- .(correct .answer) .-Quality .code
Secure .code
"Quality .code" .is .correct. .Quality .code .is .efficient .code .that .is .easy .to .maintain .and .reusable.
"Secure .code" .is .correct. .Secure .code .authorizes .and .authenticates .every .user .transaction, .logs .the .t
ransaction, .and .denies .all .unauthorized .requisitions.
What .ensures .that .the .user .has .the .appropriate .role .and .privilege .to .view .data?
Authentication
Multi-factor .authentication
Encryption
Information .security
Authorization .- .(correct .answer) .-Authorization
Authorization .ensures .a .user's .information .and .credentials .are .approved .by .the .system.
,Which .security .goal .is .defined .by ."guarding .against .improper .information .modification .or .destructio
n .and .ensuring .information .non-repudiation .and .authenticity"?
Integrity
Quality
Availability
Reliability .- .(correct .answer) .-Integrity
The .data .must .remain .unchanged .by .unauthorized .users .and .remain .reliable .from .the .data .entry .po
int .to .the .database .and .back.
Which .phase .in .an .SDLC .helps .to .define .the .problem .and .scope .of .any .existing .systems .and .determi
ne .the .objectives .of .new .systems?
Requirements
Design
Planning
Testing .- .(correct .answer) .-Planning
The .planning .stage .sets .the .project .schedule .and .looks .at .the .big .picture.
What .happens .during .a .dynamic .code .review?
Programmers .monitor .system .memory, .functional .behavior, .response .times, .and .overall .performanc
e.
Customers .perform .tests .to .check .software .meets .requirements.
An .analysis .of .computer .programs .without .executing .them .is .performed.
Input .fields .are .supplied .with .unexpected .input .and .tested. .- .(correct .answer) .-
Programmers .monitor .system .memory, .functional .behavior, .response .times, .and .overall .performanc
e.
How .should .you .store .your .application .user .credentials .in .your .application .database?
Use .application .logic .to .encrypt .credentials
Store .credentials .as .clear .text
, Store .credentials .using .Base .64 .encoded
Store .credentials .using .salted .hashes .- .(correct .answer) .-Store .credentials .using .salted .hashes
Hashing .is .a .one-
way .process .that .converts .a .password .to .ciphertext .using .hash .algorithms. .Password .salting .adds .ra
ndom .characters .before .or .after .a .password .prior .to .hashing .to .obfuscate .the .actual .password.
Which .software .methodology .resembles .an .assembly-line .approach?
V-model
Agile .model
Iterative .model
Waterfall .model .- .(correct .answer) .-Waterfall .model
Waterfall .model .is .a .continuous .software .development .model .in .which .the .development .steps .flow .
steadily .downwards.
Which .software .methodology .approach .provides .faster .time .to .market .and .higher .business .value?
Iterative .model
Waterfall .model
V-model
Agile .model .- .(correct .answer) .-Agile .model
In .the .agile .model, .projects .are .divided .into .small .incremental .builds .that .provide .working .software .
at .the .end .of .each .iteration .and .adds .value .to .business.
In .Scrum .methodology, .who .is .responsible .for .making .decisions .on .the .requirements?
Scrum .Team
Product .Owner
ScrumMaster
Technical .Lead .- .(correct .answer) .-Product .Owner
And Answers
What .are .the .two .common .best .principles .of .software .applications .in .the .development .process? .Ch
oose .2 .answers.
Quality .code
Secure .code
Information .security
Integrity
Availability .- .(correct .answer) .-Quality .code
Secure .code
"Quality .code" .is .correct. .Quality .code .is .efficient .code .that .is .easy .to .maintain .and .reusable.
"Secure .code" .is .correct. .Secure .code .authorizes .and .authenticates .every .user .transaction, .logs .the .t
ransaction, .and .denies .all .unauthorized .requisitions.
What .ensures .that .the .user .has .the .appropriate .role .and .privilege .to .view .data?
Authentication
Multi-factor .authentication
Encryption
Information .security
Authorization .- .(correct .answer) .-Authorization
Authorization .ensures .a .user's .information .and .credentials .are .approved .by .the .system.
,Which .security .goal .is .defined .by ."guarding .against .improper .information .modification .or .destructio
n .and .ensuring .information .non-repudiation .and .authenticity"?
Integrity
Quality
Availability
Reliability .- .(correct .answer) .-Integrity
The .data .must .remain .unchanged .by .unauthorized .users .and .remain .reliable .from .the .data .entry .po
int .to .the .database .and .back.
Which .phase .in .an .SDLC .helps .to .define .the .problem .and .scope .of .any .existing .systems .and .determi
ne .the .objectives .of .new .systems?
Requirements
Design
Planning
Testing .- .(correct .answer) .-Planning
The .planning .stage .sets .the .project .schedule .and .looks .at .the .big .picture.
What .happens .during .a .dynamic .code .review?
Programmers .monitor .system .memory, .functional .behavior, .response .times, .and .overall .performanc
e.
Customers .perform .tests .to .check .software .meets .requirements.
An .analysis .of .computer .programs .without .executing .them .is .performed.
Input .fields .are .supplied .with .unexpected .input .and .tested. .- .(correct .answer) .-
Programmers .monitor .system .memory, .functional .behavior, .response .times, .and .overall .performanc
e.
How .should .you .store .your .application .user .credentials .in .your .application .database?
Use .application .logic .to .encrypt .credentials
Store .credentials .as .clear .text
, Store .credentials .using .Base .64 .encoded
Store .credentials .using .salted .hashes .- .(correct .answer) .-Store .credentials .using .salted .hashes
Hashing .is .a .one-
way .process .that .converts .a .password .to .ciphertext .using .hash .algorithms. .Password .salting .adds .ra
ndom .characters .before .or .after .a .password .prior .to .hashing .to .obfuscate .the .actual .password.
Which .software .methodology .resembles .an .assembly-line .approach?
V-model
Agile .model
Iterative .model
Waterfall .model .- .(correct .answer) .-Waterfall .model
Waterfall .model .is .a .continuous .software .development .model .in .which .the .development .steps .flow .
steadily .downwards.
Which .software .methodology .approach .provides .faster .time .to .market .and .higher .business .value?
Iterative .model
Waterfall .model
V-model
Agile .model .- .(correct .answer) .-Agile .model
In .the .agile .model, .projects .are .divided .into .small .incremental .builds .that .provide .working .software .
at .the .end .of .each .iteration .and .adds .value .to .business.
In .Scrum .methodology, .who .is .responsible .for .making .decisions .on .the .requirements?
Scrum .Team
Product .Owner
ScrumMaster
Technical .Lead .- .(correct .answer) .-Product .Owner
