CSSLP Domain 3 - Secure
Software Design Questions with
Accurate Answers
A Man-in-the-Middle (MITM) attack is PRIMARILY an expression of which type of
the following threats?
A. Spoofing
B. Tampering
C. Repudiation
D. Information disclosure correct answer A. Spoofing
At which layer of the Open Systems Interconnect (OSI) model must security
controls be designed to effectively mitigate side channel attacks?
A. Transport
B. Network
C. Data link
D. Physical correct answer D. Physical
Certificate Authority, Registration Authority, and Certificate Revocation Lists are
all part of which of the following?
A. Advanced Encryption Standard (AES)
B. Steganography
C. Public Key Infrastructure (PKI)
D. Lightweight Directory Access Protocol (LDAP) correct answer C. Public Key
Infrastructure (PKI)
, Choose the BEST answer. Configurable settings for logging exceptions, auditing
and credential management must be part of
A. database views
B. security management interfaces
C. global files
D. exception handling correct answer B. security management interfaces
Database triggers are PRIMARILY useful for providing which of the following
detective software assurance capability?
A. Availability
B. Authorization
C. Auditing
D. Archiving correct answer C. Auditing
During a threat modeling exercise, the software architecture is reviewed to
identify
A. attackers
B. business impact
C. critical assets
D. entry points correct answer D. entry points
During which phase of the software development lifecycle (SDLC) is threat
modeling initiated?
A. Requirements analysis
B. Design
C. Implementation
Software Design Questions with
Accurate Answers
A Man-in-the-Middle (MITM) attack is PRIMARILY an expression of which type of
the following threats?
A. Spoofing
B. Tampering
C. Repudiation
D. Information disclosure correct answer A. Spoofing
At which layer of the Open Systems Interconnect (OSI) model must security
controls be designed to effectively mitigate side channel attacks?
A. Transport
B. Network
C. Data link
D. Physical correct answer D. Physical
Certificate Authority, Registration Authority, and Certificate Revocation Lists are
all part of which of the following?
A. Advanced Encryption Standard (AES)
B. Steganography
C. Public Key Infrastructure (PKI)
D. Lightweight Directory Access Protocol (LDAP) correct answer C. Public Key
Infrastructure (PKI)
, Choose the BEST answer. Configurable settings for logging exceptions, auditing
and credential management must be part of
A. database views
B. security management interfaces
C. global files
D. exception handling correct answer B. security management interfaces
Database triggers are PRIMARILY useful for providing which of the following
detective software assurance capability?
A. Availability
B. Authorization
C. Auditing
D. Archiving correct answer C. Auditing
During a threat modeling exercise, the software architecture is reviewed to
identify
A. attackers
B. business impact
C. critical assets
D. entry points correct answer D. entry points
During which phase of the software development lifecycle (SDLC) is threat
modeling initiated?
A. Requirements analysis
B. Design
C. Implementation
