Secure Software Design Study Guide - C706 |\ |\ |\ |\ |\ |\ |\
exam questions with answers |\ |\ |\
Confidentiality - CORRECT ANSWERS ✔✔Information is not made |\ |\ |\ |\ |\ |\ |\ |\
available or disclosed to unauthorized individuals, entities, or
|\ |\ |\ |\ |\ |\ |\ |\
processes. Ensures unauthorized persons are not able to read
|\ |\ |\ |\ |\ |\ |\ |\ |\
private and sensitive data. It is achieved through cryptography.
|\ |\ |\ |\ |\ |\ |\ |\
Integrity - CORRECT ANSWERS ✔✔Ensures unauthorized persons
|\ |\ |\ |\ |\ |\ |\
or channels are not able to modify the data. It is accomplished
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
through the use of a message digest or digital signatures.
|\ |\ |\ |\ |\ |\ |\ |\ |\
Availability - CORRECT ANSWERS ✔✔The computing systems |\ |\ |\ |\ |\ |\ |\
used to store and process information, the security controls used
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to protect information, and the communication channels used to
|\ |\ |\ |\ |\ |\ |\ |\ |\
access information must be functioning correctly. Ensures system
|\ |\ |\ |\ |\ |\ |\
remains operational even in the event of a failure or an attack. It
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
is achieved by providing redundancy or fault tolerance for a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
failure of a system and its components.
|\ |\ |\ |\ |\ |\
Ensure Confidentiality - CORRECT ANSWERS ✔✔Public Key
|\ |\ |\ |\ |\ |\ |\
Infrastructure (PKI) and Cryptography/Encryption |\ |\ |\
Ensure Availability - CORRECT ANSWERS ✔✔Offsite back-up and
|\ |\ |\ |\ |\ |\ |\ |\
Redundancy
,Ensure Integrity - CORRECT ANSWERS ✔✔Hashing, Message
|\ |\ |\ |\ |\ |\ |\
Digest (MD5), non repudiation and digital signatures
|\ |\ |\ |\ |\ |\
Software Architect - CORRECT ANSWERS ✔✔Moves analysis to
|\ |\ |\ |\ |\ |\ |\ |\
implementation and analyzes the requirements and use cases as |\ |\ |\ |\ |\ |\ |\ |\ |\
activities to perform as part of the development process; can also
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
develop class diagrams.
|\ |\ |\
Security Practitioner Roles - CORRECT ANSWERS ✔✔Release
|\ |\ |\ |\ |\ |\ |\
Manager, |\
Architect, Developer, Business Analyst/Project Manager
|\ |\ |\ |\
Release Manager - CORRECT ANSWERS ✔✔Deployment
|\ |\ |\ |\ |\
Architect - CORRECT ANSWERS ✔✔Design
|\ |\ |\ |\
Developer - CORRECT ANSWERS ✔✔Coding |\ |\ |\ |\
Business Analyst/Project Manager - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\
✔✔Requirements Gathering |\
Red Team - CORRECT ANSWERS ✔✔Teams of people familiar with
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
the infrastructure of the company and the languages of the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
software being developed. Their mission is to kill the system as
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
the developers build it.
|\ |\ |\
, Static Analysis - CORRECT ANSWERS ✔✔A method of computer
|\ |\ |\ |\ |\ |\ |\ |\ |\
program debugging that is done by examining the code without
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
executing the program. The process provides an understanding of
|\ |\ |\ |\ |\ |\ |\ |\
the code structure, and can help to ensure that the code adheres
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to industry standards. It's also referred as code review.
|\ |\ |\ |\ |\ |\ |\ |\ |\
MD5 Hash - CORRECT ANSWERS ✔✔A widely used hash function
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
producing a 128-bit hash value. Initially designed to be used as a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
cryptographic hash function, it has been found to suffer from
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
extensive vulnerabilities. It can still be used as a checksum to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
verify data integrity, but only against unintentional corruption.
|\ |\ |\ |\ |\ |\ |\
SHA-256 (Secure Hash Algorithm) - CORRECT ANSWERS ✔✔One
|\ |\ |\ |\ |\ |\ |\ |\
of a number of cryptographic hash functions. A cryptographic
|\ |\ |\ |\ |\ |\ |\ |\ |\
hash is like a signature for a text or a data file. Generates an
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
almost-unique, fixed size 32-byte |\ |\ |\ |\
(32 X 8) hash. Hash is a one-way function - it cannot be
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
decrypted.
Advanced Encryption Standard (AES) - CORRECT ANSWERS ✔✔A |\ |\ |\ |\ |\ |\ |\ |\
symmetric encryption algorithm. The algorithm was developed by |\ |\ |\ |\ |\ |\ |\
two Belgian cryptographers Joan Daemen and Vincent Rijmen.
|\ |\ |\ |\ |\ |\ |\ |\ |\
Designed to be efficient in both hardware and software, and
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
supports a block length of 128 bits and key lengths of 128, 192,
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
and 256 bits. |\ |\
Algorithms used to verify integrity - CORRECT ANSWERS ✔✔MD5 |\ |\ |\ |\ |\ |\ |\ |\ |\
Hash, SHA-256 |\
exam questions with answers |\ |\ |\
Confidentiality - CORRECT ANSWERS ✔✔Information is not made |\ |\ |\ |\ |\ |\ |\ |\
available or disclosed to unauthorized individuals, entities, or
|\ |\ |\ |\ |\ |\ |\ |\
processes. Ensures unauthorized persons are not able to read
|\ |\ |\ |\ |\ |\ |\ |\ |\
private and sensitive data. It is achieved through cryptography.
|\ |\ |\ |\ |\ |\ |\ |\
Integrity - CORRECT ANSWERS ✔✔Ensures unauthorized persons
|\ |\ |\ |\ |\ |\ |\
or channels are not able to modify the data. It is accomplished
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
through the use of a message digest or digital signatures.
|\ |\ |\ |\ |\ |\ |\ |\ |\
Availability - CORRECT ANSWERS ✔✔The computing systems |\ |\ |\ |\ |\ |\ |\
used to store and process information, the security controls used
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to protect information, and the communication channels used to
|\ |\ |\ |\ |\ |\ |\ |\ |\
access information must be functioning correctly. Ensures system
|\ |\ |\ |\ |\ |\ |\
remains operational even in the event of a failure or an attack. It
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
is achieved by providing redundancy or fault tolerance for a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
failure of a system and its components.
|\ |\ |\ |\ |\ |\
Ensure Confidentiality - CORRECT ANSWERS ✔✔Public Key
|\ |\ |\ |\ |\ |\ |\
Infrastructure (PKI) and Cryptography/Encryption |\ |\ |\
Ensure Availability - CORRECT ANSWERS ✔✔Offsite back-up and
|\ |\ |\ |\ |\ |\ |\ |\
Redundancy
,Ensure Integrity - CORRECT ANSWERS ✔✔Hashing, Message
|\ |\ |\ |\ |\ |\ |\
Digest (MD5), non repudiation and digital signatures
|\ |\ |\ |\ |\ |\
Software Architect - CORRECT ANSWERS ✔✔Moves analysis to
|\ |\ |\ |\ |\ |\ |\ |\
implementation and analyzes the requirements and use cases as |\ |\ |\ |\ |\ |\ |\ |\ |\
activities to perform as part of the development process; can also
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
develop class diagrams.
|\ |\ |\
Security Practitioner Roles - CORRECT ANSWERS ✔✔Release
|\ |\ |\ |\ |\ |\ |\
Manager, |\
Architect, Developer, Business Analyst/Project Manager
|\ |\ |\ |\
Release Manager - CORRECT ANSWERS ✔✔Deployment
|\ |\ |\ |\ |\
Architect - CORRECT ANSWERS ✔✔Design
|\ |\ |\ |\
Developer - CORRECT ANSWERS ✔✔Coding |\ |\ |\ |\
Business Analyst/Project Manager - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\
✔✔Requirements Gathering |\
Red Team - CORRECT ANSWERS ✔✔Teams of people familiar with
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
the infrastructure of the company and the languages of the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
software being developed. Their mission is to kill the system as
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
the developers build it.
|\ |\ |\
, Static Analysis - CORRECT ANSWERS ✔✔A method of computer
|\ |\ |\ |\ |\ |\ |\ |\ |\
program debugging that is done by examining the code without
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
executing the program. The process provides an understanding of
|\ |\ |\ |\ |\ |\ |\ |\
the code structure, and can help to ensure that the code adheres
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to industry standards. It's also referred as code review.
|\ |\ |\ |\ |\ |\ |\ |\ |\
MD5 Hash - CORRECT ANSWERS ✔✔A widely used hash function
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
producing a 128-bit hash value. Initially designed to be used as a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
cryptographic hash function, it has been found to suffer from
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
extensive vulnerabilities. It can still be used as a checksum to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
verify data integrity, but only against unintentional corruption.
|\ |\ |\ |\ |\ |\ |\
SHA-256 (Secure Hash Algorithm) - CORRECT ANSWERS ✔✔One
|\ |\ |\ |\ |\ |\ |\ |\
of a number of cryptographic hash functions. A cryptographic
|\ |\ |\ |\ |\ |\ |\ |\ |\
hash is like a signature for a text or a data file. Generates an
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
almost-unique, fixed size 32-byte |\ |\ |\ |\
(32 X 8) hash. Hash is a one-way function - it cannot be
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
decrypted.
Advanced Encryption Standard (AES) - CORRECT ANSWERS ✔✔A |\ |\ |\ |\ |\ |\ |\ |\
symmetric encryption algorithm. The algorithm was developed by |\ |\ |\ |\ |\ |\ |\
two Belgian cryptographers Joan Daemen and Vincent Rijmen.
|\ |\ |\ |\ |\ |\ |\ |\ |\
Designed to be efficient in both hardware and software, and
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
supports a block length of 128 bits and key lengths of 128, 192,
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
and 256 bits. |\ |\
Algorithms used to verify integrity - CORRECT ANSWERS ✔✔MD5 |\ |\ |\ |\ |\ |\ |\ |\ |\
Hash, SHA-256 |\
