In the context of secure software, content filters are mechanisms to _________ at the application level, or through application software.Question 1Answera.Maintain that design objectives have been adequately metb.Examine the software for the discovery of flaws in design and implementationc.Identify and prevent malicious traffic (input) from being entered or executedd.Ensure that coding standards are effectively maintainedClear my choiceQuestion 2Not yet answeredPoints out of 1.00Flag questionTipsQuestion textAccording to the principles of software security architecture, developers should try to keep from relying solely on __________ as a means of security when modularizing a design.Question 2Answera.Obfuscationb.Veracityc.Encapsulationd.ImplementationClear my choiceQuestion 3Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn the testing phase of secure software, _________ involve mathematical arguments to test and prove the software's correctness as well as decrease the number of vulnerabilities in the software.Question 3Answera.Dynamic analysesb.Code reviewsc.Exception testsd.Formal methodsClear my choiceQuestion 4Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhich of the following is a method for damage confinement in secure software?Question 4Answera.Implement defense in depth through layered security mechanisms.b.Develop a testing strategy for coding practices.c.Limit default actions in cases of system failures.d.None of the above.Clear my choiceQuestion 5Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhich of the following attributes of software must be confirmed to meet the primary software security testing goal?Question 5Answera.Absence of exploitable weaknesses.b.Predictably secure behavior.c.Security-aware error and exception handling.d.All of the above.

___________ is a strategy in which multiple security measures are set in place to establish protective barriers across multiple layers of a system.Question 16Answera.Open designb.Economy of mechanismc.Separation of privileged.Defense in depthClear my choiceQuestion 17Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding secure software, _________ help developers maintain awareness of common threats and weaknesses in similar applications so that the developers may create software with the appropriate security measures in place.Question 17Answera.Vulnerability databasesb.Input validatorsc.Traceability documentsd.CountermeasuresClear my choiceQuestion 18Not yet answeredPoints out of 1.00Flag questionTipsQuestion textExploits are programs or methods that take advantage of ________, which are weaknesses in a system's design/implementation that allow an attacker to perform some malicious act.Question 18Answera.Countermeasuresb.Workaroundsc.Vulnerabilitiesd.ObfuscationsClear my choiceQuestion 19Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhat is the software trait that provides accountability for developers and is essential for computer forensics investigations?Question 19Answera.Simplicityb.Reliabilityc.Traceabilityd.None of the aboveClear my choiceQuestion 20Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhich of the following is an example of a software error?Question 20Answera.An abnormal condition that occurs when a user interacts with the software in an unexpected way.b.An incorrect line of code.c.A bad calculation that produces incorrect results.d.All of the above.

When developing secure software, which of the following is an important step in secure software design?Question 11Answera.Adopt a risk dispute policy.b.Increase the level of complexity throughout the code.c.Settle high-level technical issues.d.Practice risk transference whenever possible.Clear my choiceQuestion 12Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding secure software, __________ can think like attackers in order to find vulnerabilities that real attackers may seek out, in addition to finding functionality issues, such as bugs, right before the software is released.Question 12Answera.End-usersb.Testersc.Project managersd.DevelopersClear my choiceQuestion 13Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding risk-based testing of secure software, which of the following is NOT a variable in the DREAD modeling formula?Question 13Answera.Discoverabilityb.Damagec.Availabilityd.Affected UsersClear my choiceQuestion 14Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn secure software testing, which one of the following do automated code review tools help to discover?Question 14Answera.Lack of exceptionsb.Isolated implementationsc.Content mutationsd.TraceabilityClear my choiceQuestion 15Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn a way, __________ must act like attackers, they may quickly find simple security vulnerabilities in software systems that would be possible for an attacker to exploit.Question 15Answera.Testersb.End-usersc.Project managersd.Developers

When designing security architecture for software development, creators should do which of the following?Question 18Answera.Rely primarily on obfuscation for security concerns.b.Do not worry about separating functions needing higher privilege from othersc.Decide how much security is enough.d.Do not be too concerned about reducing the damage from hacking activities

___________ can help prevent buffer overflow attacks, or other attacks where an entity enters input into the software. This is performed by ensuring that the input's contents are appropriate and do not contribute to an attack before allowing the input to be accepted.Question 11Answera.Obfuscationb.Input obscurityc.User verificationd.Input validationClear my choiceQuestion 12Not yet answeredPoints out of 1.00Flag questionTipsQuestion textThe ________ phase of the software development lifecycle (SDLC) involves identifying the requirements and overall structure of the software which is the foundation of the development process.Question 12Answera.Maintenanceb.Requirementsc.Implementation (Coding)d.TestingClear my choiceQuestion 13Not yet answeredPoints out of 1.00Flag questionTipsQuestion textAn attacker wanting to elevate their privileges would look to exploit _______ vulnerabilities.Question 13Answera.Admissionb.Authenticationc.Authorizationd.AccessClear my choiceQuestion 14Not yet answeredPoints out of 1.00Flag questionTipsQuestion textThe first phase of the software development lifecycle (SDLC) is _________.Question 14Answera.Releaseb.Testingc.Requirement Specificationd.DesignClear my choiceQuestion 15Not yet answeredPoints out of 1.00Flag questionTipsQuestion textPerhaps the most important trait of software, ________ requires that software adheres to its requirements and specifications, enabling users to trust that the software will work as expected.Question 15Answera.Simplicityb.Validationc.Reliabilityd.Compartmentalization

What is the purpose of security design in architectural design?To define the overall structure and organization of a software systemTo ensure the software meets its functional and non-functional requirementsTo identify potential security risks and design security mechanismsTo optimize algorithms, data structures, and resource usage