D487: Secure Software Design Questions

What are the two common best principles of software applications in the development process? Choose 2 answers.

Quality code

Secure code

Information security

Integrity

Availability

Quality code

Secure code

"Quality code" is correct. Quality code is efficient code that is easy to maintain and reusable.

"Secure code" is correct. Secure code authorizes and authenticates every user transaction, logs the transaction, and denies all unauthorized requisitions.

What ensures that the user has the appropriate role and privilege to view data?

Authentication

Multi-factor authentication

Encryption

Information security

Authorization

Authorization

Authorization ensures a user's information and credentials are approved by the system.

Which security goal is defined by "guarding against improper information modification or destruction and ensuring information non-repudiation and authenticity"?

Integrity

Quality

Availability

Reliability

Integrity

The data must remain unchanged by unauthorized users and remain reliable from the data entry point to the database and back.

Which phase in an SDLC helps to define the problem and scope of any existing systems and determine the objectives of new systems?

Requirements

Design

Planning

Testing

Planning

The planning stage sets the project schedule and looks at the big picture.

What happens during a dynamic code review?

Programmers monitor system memory, functional behavior, response times, and overall performance.

Customers perform tests to check software meets requirements.

An analysis of computer programs without executing them is performed.

Input fields are supplied with unexpected input and tested.

Programmers monitor system memory, functional behavior, response times, and overall performance.

How should you store your application user credentials in your application database?

Use application logic to encrypt credentials

Store credentials as clear text

Store credentials using Base 64 encoded

Store credentials using salted hashes

Store credentials using salted hashes

Hashing is a one-way process that converts a password to ciphertext using hash algorithms. Password salting adds random characters before or after a password prior to hashing to obfuscate the actual password.

Which software methodology resembles an assembly-line approach?

V-model

Agile model

Iterative model

Waterfall model

Waterfall model

Waterfall model is a continuous software development model in which the development steps flow steadily downwards.

Which software methodology approach provides faster time to market and higher business value?

Iterative model

Waterfall model

V-model

Agile model

Agile model

In the agile model, projects are divided into small incremental builds that provide working software at the end of each iteration and adds value to business.

In Scrum methodology, who is responsible for making decisions on the requirements?

Scrum Team

Product Owner

ScrumMaster

Technical Lead

Product Owner

The Product Owner is responsible for requirements/backlog items and prioritizing them.

What is the reason software security teams host discovery meetings with stakeholders early in the development life cycle?

To determine how much budget is available for new security tools

To meet the development team

To refactor functional requirements to ensure security is included

To ensure that security is built into the product from the start

To ensure that security is built into the product from the start

To correctly and cost-effectively introduce security into the software development life cycle, it needs to be done early.

Why should a security team provide documented certification requirements during the software assessment phase?

Certification is required if the organization wants to move to the cloud.

Depending on the environment in which the product resides, certifications may be required by corporate or government entities before the software can be released to customers.

By ensuring software products are certified, the organization is protected from future litigation.

By ensuring all developers have security certifications before writing any code, teams can forego discovery sessions.

Depending on the environment in which the product resides, certifications may be required by corporate or government entities before the software can be released to customers.

Any new product may need to be certified based on the data it stores, the frameworks it uses, or the domain in which it resides. Those certification requirements need to be analyzed and documented early in the development life cycle.

What are two items that should be included in the privacy impact assessment plan regardless of which methodology is used?Choose 2 answers.

Required process steps

Technologies and techniques

SDL project outline

Threat modeling

Post-implementation signoffs

Required process steps

Technologies and techniques

"Required process steps" is correct. Required process steps explain in more detail which requirements are relevant to developers, detailing what types of data are considered sensitive and how they need to be protected.

"Technologies and techniques" is correct. Technologies and techniques detail techniques for meeting legislative requirements in five categories: Confidentiality, Integrity, Availability, Auditing and Logging, and Authentication.

What are the goals of each SDL deliverable?

Select one of these options for each deliverable:

-Estimate the actual cost of the product

-Identify dependence on unmanaged software

-Map security activities to the development schedule

-Guide security activities to protect the product from vulnerabilities

Product risk profile

SDL project outline

Threat profile

List of third-party software

Estimate the actual cost of the product

Map security activities to the development schedule

Guide security activities to protect the product from vulnerabilities

Identify dependence on unmanaged software

The product risk profile helps management see the actual cost of a product.

The SDL project outline maps security activities to the development schedule.

A threat profile guides the security team on how to protect the product from threats.

The third-party software list identifies all components the product is using that are managed outside the organization.

What is a threat action that is designed to illegally access and use another person's credentials?

Tampering

Spoofing

Elevation of privilege

Information disclosure

Spoofing

Spoofing is a threat action that occurs when the cyber criminal acts as a trusted device to get you to relay secure information.

What are two steps of the threat modeling process?Choose 2 answers.

Survey the application

Decompose the application

Redesign the process to eliminate the threat

Transfer the risk

Identify business requirements

Survey the application

Decompose the application

"Survey the application" is correct. Surveying the application is a way to gain knowledge of how the product works by reading product documentation and interviewing the development team.

"Decompose the application" is correct. Decomposing the application can be done by doing a deep dive into the code and understanding how it works behind the scenes.

What do the "A" and the first "D" in the DREAD acronym represent?Choose 2 answers.

Damage

Affected users

Denial of service

Authentication

Damage

Affected users

"Damage" is correct. Damage represents the first 'D' in DREAD and measures how much damage will be caused if the threat exploit occurs.

"Affected users" is correct. Affected users represents the 'A' in DREAD and measures how many users will be affected.

Which shape indicates each type of flow diagram element?

Select an option for each element:

-Two parallel horizontal lines

-Solid line with an arrow.

-Rectangle

-Dashed line

External elements

Data store

Data flow

Trust boundary

Rectangle

Two parallel horizontal lines

Solid line with an arrow.

Dashed line

A rectangle in a data flow diagram represents an element outside your control and external to your software application.

Two parallel horizontal lines in a data flow diagram represent where data can be stored but not modified.

A single solid line with an arrow in a data flow diagram represents the movement of data within the software.

A single dashed line in a data flow diagram represents scenarios that exist between elements running at different privilege levels or different components running at the same privilege level.

What are the two deliverables of the Architecture phase of the SDL?Choose 2 answers.

Threat modeling artifacts

Policy compliance analysis

Information disclosure

Attack modeling

Application decomposition

Threat modeling artifacts

Policy compliance analysis

"Threat modeling artifacts" is correct. Threat modeling artifacts include data flow diagrams, technical threat modeling reports, high-level executive threat modeling reports, and recommendations for threat analysis.

"Policy compliance analysis" is correct. Policy compliance analysis is a report on compliance with security and non-security policies of the organization.

What SDL security assessment deliverable is used as an input to an SDL architecture process?

SDL project outline

Certification requirements

Product risk profile

Threat profile

Threat profile

Threat profiles created in the Security Assessment phase are used to build the environment in which the product will operate and will include potential threats in order to determine how to avoid them in the final application.

When a software application handles personally identifiable information (PII) data, what will be the Privacy Impact Rating?

P0: No privacy risk

P2: Moderate privacy risk

P3: Low privacy risk

P1: High privacy risk

P1: High privacy risk

High privacy risk occurs when the product or service stores include ongoing transfers of anonymous data.

Which key success factor identifies threats to the software?

Design security analysis

Effective threat modeling

Policy compliance review

Comprehensive security test plan

Effective threat modeling

Effective threat modeling allows the developer the ability to identify threats such as spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege as part of the threat model.

What is the goal of design security review deliverables?

To plan to mitigate, accept, or tolerate risk

To make modifications to the design of software components based on security assessments

To analyze adherence to company policies

To create data flow diagrams, elements, and threat listings

To make modifications to the design of software components based on security assessments

This goal lists changes to the software components and design based on a review from security architects and the assessments team.

Which application scanner component is useful in identifying vulnerabilities such as cookie misconfigurations and insecure configuration of HTTP response headers?

Spider

Virus scanner

Active scanner

Passive scanner

Passive scanner

Passive scanning is used to analyze vulnerability requests and to respond silently as they pass through the web application security tool.

Which type of attack occurs when an attacker uses malicious code in the data sent in a form?

SQL injection

Distributed Denial-of-Service (DDoS)

Cross-site scripting

Man-in-the-middle attack

Cross-site scripting

Cross-site scripting (XSS) attacks are a type of injection in which attackers use scripts that are injected into otherwise benign and trusted websites.

Which tools provide the given functions?

-SonarQube

-JIRA

-Dynatrace

-Jenkins

Question 6a:

Self-managed, automatic code review product

Question 6b:

Open-source automation server

Question 6c:

Proprietary issue tracking product

Question 6d:

AI-powered management solution

SonarQube

This tool systematically helps to deliver clean code by analyzing 30+ programming languages and integrates with the continuous integration pipeline and DevOps platform.

Jenkins

This tool enables developers around the world to reliably build, test, and deploy their software.

JIRA

This tool is developed by Atlassian and allows bug tracking and agile project management.

Dynatrace

This tool is a full-stack, automated performance and infrastructure management solution.

A new application is released, and users perform initial testing on the application.Which type of testing are the users performing?

Alpha testing

Unit testing

Beta testing

Integration testing

Beta testing

Beta testing samples the intended audience to try the product out and analyze its functionality.

What is a non-system-related component in software security testing attack surface validation?

Inputs

Network

Users

Architecture

Users

Users are not part of the software application and are external.

What are the advantages of the following security analysis tools?

-Tests a specific operational deployment

-Testing in a random approach

-Access to the actual instructions the software will be guessing

-Requires no supporting technology

Question 10a:

Static code analysis

Question 10b:

Dynamic code analysis

Question 10c:

Fuzz testing

Question 10d:

Manual source code review

Access to the actual instructions the software will be guessing

Without having to guess or interpret behavior, this method gives full access to the software's possible behaviors.

Tests a specific operational deployment

By having specific areas to test, this method can identify infrastructure, configuration, and patch errors more easily.

Testing in a random approach

By having a closed testing system, this method can find bugs that would often be missed by the human eye.

Requires no supporting technology

By having a flexible approach, this method can be applied to a variety of situations.

Which practice in the Ship (A5) phase of the security development cycle verifies whether the product meets security mandates?

Open-source licensing review

Code-assisted penetration testing

Final security review

A5 policy compliance analysis

A5 policy compliance analysis

A5 policy compliance analysis ensures that products have met requirements, undergone compliance activities at each SDL phase, and passed quality gates before release.

Which post-release support activity defines the process to communicate, identify, and alleviate security threats?

PRSA3: Post-release certifications

PRSA1: External vulnerability disclosure response

PRSA4: Internal review for new product combinations or cloud deployments

PRSA2: Third-party reviews

PRSA1: External vulnerability disclosure response

The external vulnerability disclosure response (PRSA1) defines processes to evaluate and mitigate security vulnerabilities discovered post-release. It also details how the organization will communicate to customers.

What are two core practice areas of the OWASP Security Assurance Maturity Model (OpenSAMM)?Choose 2 answers.

Governance

Construction

Results

Objective

Governance

Construction

"Governance" is correct. Governance focuses on the processes and activities related to organizational software development activities within OpenSAMM practice areas.

"Construction" is correct. Construction focuses on the processes and activities related to creating software within development projects within OpenSAMM practice areas.

Which practice in the Ship (A5) phase of the security development cycle uses tools to identify weaknesses in the product?

Final privacy review

Vulnerability scan

Remediation report

Customer engagement framework

Vulnerability scan

Vulnerability scanning tools use databases of threat signatures to identify vulnerabilities in applications.

Which post-release support activity should be completed when companies are joining together?

Post-release certifications

Third-party security reviews

Internal review

Security architectural reviews

Security architectural reviews

Review of software during a merger or acquisition to ensure that software is secure during the merging process.

Which of the Ship (A5) deliverables of the security development cycle are performed with the given actions?

-White-box security test

-Analyze activities and standards

-License compliance

-Release and ship

Question 6a:

A5 Policy compliance analysis

Question 6b:

Code-assisted penetration testing

Question 6c:

Open-source licensing review

Question 6d:

Final security review

Analyze activities and standards

During this practice, processes are standardized at each phase of the SDL/SDLC.

White-box security test

During this practice, actions of a hacker are simulated to uncover vulnerabilities.

License compliance

During this practice, licensing requirements must be managed to ensure that there is no delay of current release and ship dates.

Release and ship

During this practice, regression testing occurs to ensure that a change in one part of the software does not change other parts of the software.

How can you establish your own SDL to build security into a process appropriate for your organization's needs based on the given environments?

-Continuous integration and continuous deployment

-API invocation processes

-Iterative development

-Enables and improves business activities

Question 7a:

Agile

Question 7b:

DevOps

Question 7c:

Cloud

Question 7d:

Digital enterprise

Iterative development

This method uses requirements and solutions evolving through collaboration.

Continuous integration and continuous deployment

This method involves teams working together as partners as they learn how their product operates in the real world.

API invocation processes

This method uses new ways of data to rethink how applications are built, deployed, and used.

Enables and improves business activities

This method involves digitizing systems rapidly and dramatically.

Which phase of penetration testing allows for remediation to be performed?

Evaluation and plan

Identify

Deploy

Assess

Deploy

During this phase, the penetration test is executed, and any issues will be resolved.

Which key deliverable occurs during post-release support?

Security testing reports

Customer engagement framework

Third-party reviews

Remediation report

Third-party reviews

Third-party reviews are security assessments from outside groups (other than internal testing teams)

Which business function of OpenSAMM is associated with the following core practices?

-Policy and compliance

-Threat assessment

-Code review

-Vulnerability management

Question 10a:

Governance

Question 10b:

Construction

Question 10ac:

Verification

Question 10d:

Deployment

Policy and compliance

Sets up a security and compliance control and audit framework

Threat assessment

Accurately identifies and characterizes potential attacks on software.

Code review

Assesses the organization's source code, which helps discover vulnerabilities.

Vulnerability management

Establishes processes for managing internal and external weakness reports.

What is software security?

Data transmission security by using HTTPS and SSL

Security that websites use, such as Web Application Firewall to block and monitor HTTP traffic

Security that networks use, such as a firewall allowing only intended traffic

Security that deals with securing the foundational programmatic logic of the underlying software

Security that deals with securing the foundational programmatic logic of the underlying software

Software security focuses on the early stages of the software development life cycle (SDLC) and the underlying code of a given application.

Which part of the CIA goals keeps unauthorized users from accessing confidential information?

Integrity

Confidentiality

Availability

Information security

Confidentiality

This part of the CIA model preserves authorized restrictions on information to protect personal privacy and proprietary information.

What are the three primary tools basic to the security development life cycle?Choose 3 answers.

Fuzzing or fuzz testing

Static analysis testing

Dynamic analysis testing

Software security architects

Measurement model

Fuzzing or fuzz testing

Static analysis testing

Dynamic analysis testing

"Fuzzing or fuzz testing" is correct. Fuzz testing is automated or semi-automated testing that provides invalid, unexpected, or random data to the computer software program.

"Static analysis testing" is correct. Static analysis analyzes computer software without executing programs.

"Dynamic analysis testing" is correct. Dynamic analysis analyzes computer software while executing programs.

In which phase of the SDLC should the software security team be involved?

Planning

Support and Sustain

Design and Development

Release and Launch

Concept

Concept

During the concept phase, initial details are discussed and conceptualized. It is crucial for the security team to be a part of these discussions to integrate security throughout the entire process.

What determines the order of items in a product backlog in Scrum?

Order is decided by the Scrum Team

Order is decided by the ScrumMaster

Order is decided by the project manager

Order is decided based on value of the items being delivered

Order is decided based on value of the items being delivered

Order is decided based on the value of the item/requirement in the backlog as it helps business when the item is done and business can start using it. The Product Owner decides the order of items in the backlog.

Why is the Waterfall methodology most useful for smaller projects?

When a project is smaller, it can easily be turned back upwards after the coding phase is complete.

When a project is smaller, the risk of changing requirements and scope is lower.

When a project is smaller, it doesn't need any time for reflection.

When a project is smaller, there is an emphasis on empowering teams with collaborative decision-making.

When a project is smaller, the risk of changing requirements and scope is lower.

The Waterfall method works with each stage being clearly defined. The project builds on itself, and in smaller projects, this creates a clearer and easily definable path.

What is the product risk profile?

A security assessment deliverable that lists education requirements for product and operations teams

A security assessment deliverable that maps activities to the development schedule

A security assessment deliverable that guides SDL activities to mitigate issues

A security assessment deliverable that estimates the actual cost of the product

A security assessment deliverable that estimates the actual cost of the product

Looking at products from different perspectives allows management to determine the actual cost of a product, which includes selling it in different markets, and liabilities that might be incurred.

A software security team member has been tasked with creating a deliverable that provides details on where and to what degree sensitive customer information is collected, stored, or created within a new product offering.What does the team member need to deliver in order to meet the objective?

Threat profile

Privacy impact assessment

Metrics template

SDL project plan

Privacy impact assessment

A software security team member has been tasked with creating a threat model for the login process of a new product.What is the first step the team member should take?

Identify threats

Survey the application

Decompose the application

Identify security objectives

Identify security objectives

An organization must pinpoint what their highest leverage of security objectives is before the software security team can begin creating the threat model for the product.

What are three parts of the STRIDE methodology?Choose 3 answers.

Spoofing

Elevation

Tampering

Trike

Threat source

Vulnerability

Spoofing

Elevation

Tampering

"Spoofing" is correct. Spoofing describes illegally accessing and using another user's credentials.

"Elevation" is correct. Elevation describes gaining privileged access to resources to gain unauthorized access to information.

"Tampering" is correct. Tampering describes maliciously changing or modifying persistent data.

Which software security testing technique tests the software from an external perspective?

Source code analysis

White box

Gray box

Black box

Black box

Black box testing tests with no prior knowledge of the software. During this phase, only binary executable or intermediate byte code is analyzed.

Which security design principle states that an entity should be given the minimum privileges and resources for a minimum period of time for a task?

Defense in depth

Least privilege

Economy of mechanism

Separation of duties

Least privilege

By providing the least amount of privilege, opportunities for unauthorized access to sensitive information are eliminated.

After the developer is done coding a functionality, when should code review be completed?

After the functionality is tested

Wait for other functionality to be completed

After the functionality is deployed

Within hours or the same day

Within hours or the same day

A programmer who wrote the code has thought through the functionality, but as time passes by the programmer may not remember the details of what or why they have coded.

What is the order that code reviews should follow in order to be effective?

-Perform preliminary scan

-Review code for security issues

-Identify security code review objectives

-Review for security issues unique to the architecture

Question 2a:

Step 1

Question 2b:

Step 2

Question 2c:

Step 3

Question 2d:

Step 4

Identify security code review objectives

Establish goals and constraints for the review as the foundation for the overall plan.

Perform preliminary scan

Complete a static analysis to find any initial security issues.

Review code for security issues

Review any vulnerabilities that were detected.

Review for security issues unique to the architecture

Experts apply their knowledge of the business to identify vulnerabilities and reduce the likelihood of false or negative positives.

Which activity in the Ship (A5) phase of the security development cycle sets requirements for quality gates that must be met before release?

Open-source licensing review

Vulnerability scan

Code-assisted penetration testing

A5 policy compliance analysis

A5 policy compliance analysis

A5 policy compliance analysis verifies that the product meets security mandates and that compliance activities have been performed at each SDL phase.

The company's website uses querystring parameters to filter products by category. The URL, when filtering on a product category, looks like this: company.com/products?category=2.If the security team saw a URL of company.com/products?category=2 OR 1=1 in the logs, what assumption should they make?

An attacker is attempting to enter invalid characters in a textbox on the products page.

An attacker is attempting to use SQL injection to gain access to information.

An attacker is attempting to force the application to throw an exception so they may view exploitable information.

An attacker is attempting to access the system using credentials that do not belong to them.

An attacker is attempting to use SQL injection to gain access to information.

An SQL injection attack attempts to gain access to information with malformed query parameters.

Which post-release support activity (PRSA) details the process for investigating, mitigating, and communicating findings when security vulnerabilities are discovered in a software product?

Internal review for new product combinations or cloud deployment

Third-party reviews

Post-release certifications

External vulnerability disclosure response

External vulnerability disclosure response

The external vulnerability disclosure response (PRSA1) defines processes to evaluate and mitigate security vulnerabilities discovered after release. It also details how the organization will communicate to customers.

Which post-release support key success factor says that any change or component reuse should trigger security development life cycle activities?

Post-release certifications

SDL cycle for any architectural changes or code reuses

External vulnerability disclosure response process

Third-party reviews

SDL cycle for any architectural changes or code reuses

Any architectural change, code change, or code/component reuse should trigger SDL activities.

Which step will you find in the SANS Institute Cyber Defense seven-step recipe for conducting threat modeling and application risk analysis?

Threat assessment

Conduct a BSIMM assessment

Demonstrate improvement

Brainstorm threats from adversaries

Brainstorm threats from adversaries

Brainstorm threats from adversaries is step 4 in the SANS Institute recipe.

In which OpenSAMM core practice area would one find environment hardening?

Governance

Deployment

Verification

Construction

Deployment

The deployment core practice area contains environment hardening, vulnerability management, and operational enablement.