Name: Score:
49 Multiple choice questions
Term 1 of 49
Tactical Attacks
Combines white and black box testing.
Testers examine the software from a user perspective and have access to the source code.
minimum privileges for minimum amount of time required to complete a task.
surgical by nature, have highly specific targeting, and are technologically sophisticated
intended to elevate awareness of a topic
Definition 2 of 49
can be strategic, tactical, or personal in nature, and target personal devices that may be either
consumer or enterprise owned.
attacking the user instead of the system.
Fail safe
Black Box testing
Least Common mechanism
User Specific attacks
Definition 3 of 49
Formalized procedures are used to keep track of all authorized changes that take place.
Configuration Identification (SCM)
Software Security Architect (ssa)
Configuration Status Accounting (SCM)
Software Security Evangelist (sse)
,Definition 4 of 49
Admins document the configuration of covered software products throughout the organization
Configuration Control (SCM)
Software Configuration Management (SCM)
Configuration Identification (SCM)
NonFunctional Acceptance Criteria
Term 5 of 49
Code Repositories
Centralized locations for the storage and management of application source code.
Formalized procedures are used to keep track of all authorized changes that take place.
user general targeting against a broad industry. Highly repeatable.
Identify the requirements and risks
create a threat model for the software
create a threat architectural analysis of the software.
mitigate the risk, accept the risk etc.
create accurate data flow diagrams.
Definition 6 of 49
People who take lead in a project such as development leadership, or training to enable support
and encourage the adoption of security knowledge and practices through peer leadership,
behavior demonstration, and social encouragement.
Developer
Ethical Hacker
Security Champion
Open Design
, Definition 7 of 49
Describes the behavior of the system as it relates to the systems functionality.
ex: send an email when a condition is met
Functional Acceptance Criteria
Complete Mediation
Policy Compliance Analysis:
Least Common Mechanism
Term 8 of 49
Economy of mechanism
a minimum number of protective mechanisms should be common to multiple users, as
shared access paths can be sources of unauthorized information exchange.
identify the requirements and risks
create a threat model for the software
create a threat architectural analysis of the software.
mitigate the risk, accept the risk etc.
create accurate data flow diagrams.
Combines white and black box testing.
Testers examine the software from a user perspective and have access to the source code.
promotes a simple comprehensible design and implementation of protection mechanisms.
Definition 9 of 49
users can request modifications, managers can conduct cost/benefit analysis, and developers can
prioritize tasks.
Configuration Identification (SCM)
Change management: Request Control
Change management: Change Control
Change management: Release Control
49 Multiple choice questions
Term 1 of 49
Tactical Attacks
Combines white and black box testing.
Testers examine the software from a user perspective and have access to the source code.
minimum privileges for minimum amount of time required to complete a task.
surgical by nature, have highly specific targeting, and are technologically sophisticated
intended to elevate awareness of a topic
Definition 2 of 49
can be strategic, tactical, or personal in nature, and target personal devices that may be either
consumer or enterprise owned.
attacking the user instead of the system.
Fail safe
Black Box testing
Least Common mechanism
User Specific attacks
Definition 3 of 49
Formalized procedures are used to keep track of all authorized changes that take place.
Configuration Identification (SCM)
Software Security Architect (ssa)
Configuration Status Accounting (SCM)
Software Security Evangelist (sse)
,Definition 4 of 49
Admins document the configuration of covered software products throughout the organization
Configuration Control (SCM)
Software Configuration Management (SCM)
Configuration Identification (SCM)
NonFunctional Acceptance Criteria
Term 5 of 49
Code Repositories
Centralized locations for the storage and management of application source code.
Formalized procedures are used to keep track of all authorized changes that take place.
user general targeting against a broad industry. Highly repeatable.
Identify the requirements and risks
create a threat model for the software
create a threat architectural analysis of the software.
mitigate the risk, accept the risk etc.
create accurate data flow diagrams.
Definition 6 of 49
People who take lead in a project such as development leadership, or training to enable support
and encourage the adoption of security knowledge and practices through peer leadership,
behavior demonstration, and social encouragement.
Developer
Ethical Hacker
Security Champion
Open Design
, Definition 7 of 49
Describes the behavior of the system as it relates to the systems functionality.
ex: send an email when a condition is met
Functional Acceptance Criteria
Complete Mediation
Policy Compliance Analysis:
Least Common Mechanism
Term 8 of 49
Economy of mechanism
a minimum number of protective mechanisms should be common to multiple users, as
shared access paths can be sources of unauthorized information exchange.
identify the requirements and risks
create a threat model for the software
create a threat architectural analysis of the software.
mitigate the risk, accept the risk etc.
create accurate data flow diagrams.
Combines white and black box testing.
Testers examine the software from a user perspective and have access to the source code.
promotes a simple comprehensible design and implementation of protection mechanisms.
Definition 9 of 49
users can request modifications, managers can conduct cost/benefit analysis, and developers can
prioritize tasks.
Configuration Identification (SCM)
Change management: Request Control
Change management: Change Control
Change management: Release Control
