Secure Software Design Practice
Questions with Multiple Choice and
Correct Answers 2025
A ,software ,firm ,is ,planning ,to ,develop ,a ,web-based ,project ,with ,a ,team ,of ,up
,to ,eight ,people.
What ,is ,a ,relevant ,software ,methodology ,to ,apply ,where ,others' ,roles ,may ,be
,filled ,by ,the ,same ,people, ,including ,a ,project ,manager ,and ,business ,expert?
A. ,Crystal ,orange ,web
B. ,Waterfall
C. ,Crystal ,orange
D. ,Crystal ,Clear
E. ,Scrum ,- ,CORRECT ,ANSWER-E. ,Scrum
Which ,system ,development ,methodology ,provides ,a ,resource ,to ,entry-level
,developers ,with ,limited ,exposure?
A. ,joint ,application ,development
B. ,agile ,model
C. ,waterfall ,model
D. ,extreme ,programming ,- ,CORRECT ,ANSWER-C. ,waterfall ,model
A ,company ,is ,developing ,a ,web ,application ,for ,employees. ,The ,web ,application
,must ,meet ,the ,following ,requirements: ,
,
• ,Employees ,must ,be ,able ,to ,use ,the ,web ,application ,to ,track ,shipments. ,
• ,The ,web ,application ,must ,be ,able ,to ,store ,personal ,information ,and ,shipment
,details. ,
• ,Although ,the ,web ,application ,will ,be ,accessible ,outside ,of ,the ,company's
,intranet, ,employees' ,information ,must ,be ,secure. ,
,
Which ,process ,should ,be ,used ,to ,make ,certain ,that ,the ,web ,application ,meets
,these ,requirements?
A. ,redundancy ,in ,the ,data
B. ,SDLC ,agile ,model
C. ,SDLC ,waterfall ,model
, D. ,software ,assurance ,- ,CORRECT ,ANSWER-D. ,software ,assurance
A ,development ,team ,has ,chosen ,the ,waterfall ,methodology ,as ,an ,SDLC
,approach. ,This ,methodology ,was ,chosen ,because ,of ,the ,limited ,experience ,of
,the ,team, ,but ,waterfall ,has ,several ,security ,considerations. ,
,
Match ,each ,phase ,of ,the ,waterfall ,methodology ,to ,its ,appropriate ,security
,concern.
Requirements ,analysis
Design
Construction/implementation
Testing
Installation
Operation ,- ,CORRECT ,ANSWER-Requirements ,analysis ,- ,Define ,security
,features
Design ,- ,Misuse ,cases/vulnerability ,mapping
Construction/implementation ,- ,Secure ,coding ,practices
Testing ,- ,Penetration ,assessment
Installation ,- ,Final ,security ,review
Operation ,- ,Periodic ,security ,review ,and ,updates
Which ,core ,element ,of ,cybersecurity ,is ,implemented ,through ,the ,following
,secure ,software ,design ,features?
Off-site ,backup
Public ,key
Hash
Message ,digest ,- ,CORRECT ,ANSWER-Off-site ,backup ,= ,Availability
Public ,key ,= ,Confidentiality
Hash ,= ,Integrity
Message ,digest ,= ,Integrity
Which ,core ,element ,of ,cybersecurity ,is ,implemented ,through ,the ,following
,secure ,software ,design ,features?
Cryptography ,= ,
Non-repudiation ,= ,
Redundancy ,= ,
Digital ,signatures ,= ,- ,CORRECT ,ANSWER-Cryptography ,= ,Confidentiality
Non-repudiation ,= ,Integrity
Redundancy ,= ,Availability
Digital ,signatures ,= ,Integrity
What ,is ,a ,common ,attack ,scenario ,faced ,by ,web ,servers?
A. ,Malformed ,queries ,that ,attempt ,to ,extract ,sensitive ,data
Questions with Multiple Choice and
Correct Answers 2025
A ,software ,firm ,is ,planning ,to ,develop ,a ,web-based ,project ,with ,a ,team ,of ,up
,to ,eight ,people.
What ,is ,a ,relevant ,software ,methodology ,to ,apply ,where ,others' ,roles ,may ,be
,filled ,by ,the ,same ,people, ,including ,a ,project ,manager ,and ,business ,expert?
A. ,Crystal ,orange ,web
B. ,Waterfall
C. ,Crystal ,orange
D. ,Crystal ,Clear
E. ,Scrum ,- ,CORRECT ,ANSWER-E. ,Scrum
Which ,system ,development ,methodology ,provides ,a ,resource ,to ,entry-level
,developers ,with ,limited ,exposure?
A. ,joint ,application ,development
B. ,agile ,model
C. ,waterfall ,model
D. ,extreme ,programming ,- ,CORRECT ,ANSWER-C. ,waterfall ,model
A ,company ,is ,developing ,a ,web ,application ,for ,employees. ,The ,web ,application
,must ,meet ,the ,following ,requirements: ,
,
• ,Employees ,must ,be ,able ,to ,use ,the ,web ,application ,to ,track ,shipments. ,
• ,The ,web ,application ,must ,be ,able ,to ,store ,personal ,information ,and ,shipment
,details. ,
• ,Although ,the ,web ,application ,will ,be ,accessible ,outside ,of ,the ,company's
,intranet, ,employees' ,information ,must ,be ,secure. ,
,
Which ,process ,should ,be ,used ,to ,make ,certain ,that ,the ,web ,application ,meets
,these ,requirements?
A. ,redundancy ,in ,the ,data
B. ,SDLC ,agile ,model
C. ,SDLC ,waterfall ,model
, D. ,software ,assurance ,- ,CORRECT ,ANSWER-D. ,software ,assurance
A ,development ,team ,has ,chosen ,the ,waterfall ,methodology ,as ,an ,SDLC
,approach. ,This ,methodology ,was ,chosen ,because ,of ,the ,limited ,experience ,of
,the ,team, ,but ,waterfall ,has ,several ,security ,considerations. ,
,
Match ,each ,phase ,of ,the ,waterfall ,methodology ,to ,its ,appropriate ,security
,concern.
Requirements ,analysis
Design
Construction/implementation
Testing
Installation
Operation ,- ,CORRECT ,ANSWER-Requirements ,analysis ,- ,Define ,security
,features
Design ,- ,Misuse ,cases/vulnerability ,mapping
Construction/implementation ,- ,Secure ,coding ,practices
Testing ,- ,Penetration ,assessment
Installation ,- ,Final ,security ,review
Operation ,- ,Periodic ,security ,review ,and ,updates
Which ,core ,element ,of ,cybersecurity ,is ,implemented ,through ,the ,following
,secure ,software ,design ,features?
Off-site ,backup
Public ,key
Hash
Message ,digest ,- ,CORRECT ,ANSWER-Off-site ,backup ,= ,Availability
Public ,key ,= ,Confidentiality
Hash ,= ,Integrity
Message ,digest ,= ,Integrity
Which ,core ,element ,of ,cybersecurity ,is ,implemented ,through ,the ,following
,secure ,software ,design ,features?
Cryptography ,= ,
Non-repudiation ,= ,
Redundancy ,= ,
Digital ,signatures ,= ,- ,CORRECT ,ANSWER-Cryptography ,= ,Confidentiality
Non-repudiation ,= ,Integrity
Redundancy ,= ,Availability
Digital ,signatures ,= ,Integrity
What ,is ,a ,common ,attack ,scenario ,faced ,by ,web ,servers?
A. ,Malformed ,queries ,that ,attempt ,to ,extract ,sensitive ,data
