Consider the following scenario:You are working as a security professional for a school district. An application developer with the school district created an app that connects students to educational resources. You’ve been assigned to evaluate the security of the app.Using an attacker mindset, which of the following steps would you take to evaluate the application? Select two answers.1 pointEvaluate how the app handles user data.Ensure the app's login form works.Integrate the app with existing educational resources.Identify the types of users who will interact with the app.
Question
Consider the following scenario:You are working as a security professional for a school district. An application developer with the school district created an app that connects students to educational resources. You’ve been assigned to evaluate the security of the app.Using an attacker mindset, which of the following steps would you take to evaluate the application? Select two answers.1 pointEvaluate how the app handles user data.Ensure the app's login form works.Integrate the app with existing educational resources.Identify the types of users who will interact with the app.
Solution
The two steps that you would take to evaluate the application from a security perspective, using an attacker mindset, would be:
-
Evaluate how the app handles user data: This involves understanding how the app collects, stores, and processes user data. You would look for potential vulnerabilities that could be exploited to gain unauthorized access to sensitive information. This could include weak encryption methods, insecure data storage, or inadequate access controls.
-
Identify the types of users who will interact with the app: Understanding the user base can help identify potential attack vectors. For example, if the app is used by both students and teachers, an attacker might try to gain access to a teacher's account to manipulate grades or access sensitive information. By identifying the types of users, you can better anticipate potential security threats and take steps to mitigate them.
Similar Questions
Question 9Which of the following are reasons that security teams practice an attacker mindset? Select three answers.1 pointTo uncover vulnerabilities that should be monitoredTo exploit flaws in an application's codebaseTo find insights into the best security controls to useTo identify attack vectors
What does a security mindset enable a security analyst to do when protecting their organization? Select two answers. 1 分Evaluate employee retention Approve social media connections from security professionalsEvaluate risks and identify potential system breachesRecognize what they are defending
Fill in the blank: A security mindset helps a security analyst _____.1 分reinforce the expectations of security stakeholdersapply for an engineering rolerecognize the difference between physical security and cybersecuritydefend against constant pressure from cyber attackers
第 4 个问题Which of the following examples describes the use of a security mindset? Select two answers.1 分Exercising suspicion before opening email attachmentsDownloading email attachments from unknown sendersReusing passwords for multiple accountsReporting suspicious emails
You are working in the early stages of the UX design process for an app. You want to ensure you keep the most vulnerable users on the happy path in your design. How should you do this?1 pointIdentify the user flow that is the easiest and most efficient to follow that accomplishes the app’s objective. Create personas and user stories that account for a wide variety of users and problems. Come up with ideas and tips to provide users as they seek to accomplish the app’s objective. Build a site map that will help guide users to the end objective of the app.
Upgrade your grade with Knowee
Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.