D487: Secure Software Design Questions AND
|\ |\ |\ |\ |\ |\
ANSWERS
What are the two common best principles of software
|\ |\ |\ |\ |\ |\ |\ |\ |\
applications in the development process? Choose 2 answers.
|\ |\ |\ |\ |\ |\ |\
Quality code |\
Secure code |\
Information security |\
Integrity
Availability
Quality code |\
Secure code |\
"Quality code" is correct. Quality code is efficient code that is
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
easy to maintain and reusable.
|\ |\ |\ |\
"Secure code" is correct. Secure code authorizes and
|\ |\ |\ |\ |\ |\ |\ |\
authenticates every user transaction, logs the transaction, and |\ |\ |\ |\ |\ |\ |\ |\
denies all unauthorized requisitions.
|\ |\ |\
What ensures that the user has the appropriate role and privilege
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to view data?
|\ |\ |\
Authentication
Multi-factor authentication |\
Encryption
Information security |\
Authorization
Authorization
Authorization ensures a user's information and credentials are|\ |\ |\ |\ |\ |\ |\ |\
approved by the system. |\ |\ |\
,Which security goal is defined by "guarding against improper
|\ |\ |\ |\ |\ |\ |\ |\ |\
information modification or destruction and ensuring information
|\ |\ |\ |\ |\ |\ |\
non-repudiation and authenticity"? |\ |\
Integrity
Quality
Availability
Reliability
Integrity
The data must remain unchanged by unauthorized users and
|\ |\ |\ |\ |\ |\ |\ |\ |\
remain reliable from the data entry point to the database and
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
back.
Which phase in an SDLC helps to define the problem and scope
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
of any existing systems and determine the objectives of new
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
systems?
Requirements
Design
Planning
Testing
Planning
The planning stage sets the project schedule and looks at the big
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
picture.
|\
What happens during a dynamic code review?
|\ |\ |\ |\ |\ |\
Programmers monitor system memory, functional behavior, |\ |\ |\ |\ |\ |\
response times, and overall performance.
|\ |\ |\ |\
Customers perform tests to check software meets requirements.
|\ |\ |\ |\ |\ |\ |\
An analysis of computer programs without executing them is
|\ |\ |\ |\ |\ |\ |\ |\ |\
performed.
Input fields are supplied with unexpected input and tested.
|\ |\ |\ |\ |\ |\ |\ |\
Programmers monitor system memory, functional behavior, |\ |\ |\ |\ |\ |\
response times, and overall performance.
|\ |\ |\ |\
, How should you store your application user credentials in your
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
application database? |\
Use application logic to encrypt credentials
|\ |\ |\ |\ |\
Store credentials as clear text
|\ |\ |\ |\
Store credentials using Base 64 encoded
|\ |\ |\ |\ |\
Store credentials using salted hashes
|\ |\ |\ |\
Store credentials using salted hashes
|\ |\ |\ |\
Hashing is a one-way process that converts a password to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
ciphertext using hash algorithms. Password salting adds random
|\ |\ |\ |\ |\ |\ |\ |\
characters before or after a password prior to hashing to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
obfuscate the actual password. |\ |\ |\
Which software methodology resembles an assembly-line
|\ |\ |\ |\ |\ |\
approach?
V-model
Agile model |\
Iterative model |\
Waterfall model |\
Waterfall model |\
Waterfall model is a continuous software development model in
|\ |\ |\ |\ |\ |\ |\ |\ |\
which the development steps flow steadily downwards.
|\ |\ |\ |\ |\ |\
Which software methodology approach provides faster time to
|\ |\ |\ |\ |\ |\ |\ |\
market and higher business value?
|\ |\ |\ |\
Iterative model |\
Waterfall model |\
V-model
Agile model |\
Agile model |\
In the agile model, projects are divided into small incremental
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
|\ |\ |\ |\ |\ |\
ANSWERS
What are the two common best principles of software
|\ |\ |\ |\ |\ |\ |\ |\ |\
applications in the development process? Choose 2 answers.
|\ |\ |\ |\ |\ |\ |\
Quality code |\
Secure code |\
Information security |\
Integrity
Availability
Quality code |\
Secure code |\
"Quality code" is correct. Quality code is efficient code that is
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
easy to maintain and reusable.
|\ |\ |\ |\
"Secure code" is correct. Secure code authorizes and
|\ |\ |\ |\ |\ |\ |\ |\
authenticates every user transaction, logs the transaction, and |\ |\ |\ |\ |\ |\ |\ |\
denies all unauthorized requisitions.
|\ |\ |\
What ensures that the user has the appropriate role and privilege
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to view data?
|\ |\ |\
Authentication
Multi-factor authentication |\
Encryption
Information security |\
Authorization
Authorization
Authorization ensures a user's information and credentials are|\ |\ |\ |\ |\ |\ |\ |\
approved by the system. |\ |\ |\
,Which security goal is defined by "guarding against improper
|\ |\ |\ |\ |\ |\ |\ |\ |\
information modification or destruction and ensuring information
|\ |\ |\ |\ |\ |\ |\
non-repudiation and authenticity"? |\ |\
Integrity
Quality
Availability
Reliability
Integrity
The data must remain unchanged by unauthorized users and
|\ |\ |\ |\ |\ |\ |\ |\ |\
remain reliable from the data entry point to the database and
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
back.
Which phase in an SDLC helps to define the problem and scope
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
of any existing systems and determine the objectives of new
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
systems?
Requirements
Design
Planning
Testing
Planning
The planning stage sets the project schedule and looks at the big
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
picture.
|\
What happens during a dynamic code review?
|\ |\ |\ |\ |\ |\
Programmers monitor system memory, functional behavior, |\ |\ |\ |\ |\ |\
response times, and overall performance.
|\ |\ |\ |\
Customers perform tests to check software meets requirements.
|\ |\ |\ |\ |\ |\ |\
An analysis of computer programs without executing them is
|\ |\ |\ |\ |\ |\ |\ |\ |\
performed.
Input fields are supplied with unexpected input and tested.
|\ |\ |\ |\ |\ |\ |\ |\
Programmers monitor system memory, functional behavior, |\ |\ |\ |\ |\ |\
response times, and overall performance.
|\ |\ |\ |\
, How should you store your application user credentials in your
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
application database? |\
Use application logic to encrypt credentials
|\ |\ |\ |\ |\
Store credentials as clear text
|\ |\ |\ |\
Store credentials using Base 64 encoded
|\ |\ |\ |\ |\
Store credentials using salted hashes
|\ |\ |\ |\
Store credentials using salted hashes
|\ |\ |\ |\
Hashing is a one-way process that converts a password to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
ciphertext using hash algorithms. Password salting adds random
|\ |\ |\ |\ |\ |\ |\ |\
characters before or after a password prior to hashing to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
obfuscate the actual password. |\ |\ |\
Which software methodology resembles an assembly-line
|\ |\ |\ |\ |\ |\
approach?
V-model
Agile model |\
Iterative model |\
Waterfall model |\
Waterfall model |\
Waterfall model is a continuous software development model in
|\ |\ |\ |\ |\ |\ |\ |\ |\
which the development steps flow steadily downwards.
|\ |\ |\ |\ |\ |\
Which software methodology approach provides faster time to
|\ |\ |\ |\ |\ |\ |\ |\
market and higher business value?
|\ |\ |\ |\
Iterative model |\
Waterfall model |\
V-model
Agile model |\
Agile model |\
In the agile model, projects are divided into small incremental
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
