DESIGN EXAM LATEST 2024 QUESTIONS AND
CORRECT VERIFIED ANSWERS(DETAILED
ANSWERS)|A GRADED
Which due diligence activity for supply chain security should
occur in the initiation phase of the software acquisition life
cycle?
A Developing a request for proposal (RFP) that includes
supply chain security risk management
B Lessening the risk of disseminating information during
disposal
C Facilitating knowledge transfer between suppliers
D Mitigating supply chain security risk by providing user
guidance - ANSWER-A
Which due diligence activity for supply chain security
investigates the means by which data sets are shared and
assessed?
A on-site assessment
,B process policy review
C third-party assessment
D document exchange and review - ANSWER-D
Consider these characteristics:
-Identification of the entity making the access request
-Verification that the request has not changed since its
initiation
-Application of the appropriate authorization procedures
-Reexamination of previously authorized requests by the
same entity
Which security design analysis is being described?
A Open design
B Complete mediation
C Economy of mechanism
D Least common mechanism - ANSWER-B
Which software security principle guards against the
improper modification or destruction of information and
ensures the nonrepudiation and authenticity of information?
,A Quality
B Integrity
C Availability
D Confidentiality - ANSWER-B
What type of functional security requirement involves
receiving, processing, storing, transmitting, and delivering in
report form?
A Logging
B Error handling
C Primary dataflow
D Access control flow - ANSWER-C
Which nonfunctional security requirement provides a way to
capture information correctly and a way to store that
information to help support later audits?
A Logging
B Error handling
C Primary dataflow
D Access control flow - ANSWER-A
, Which security concept refers to the quality of information
that could cause harm or damage if disclosed?
A Isolation
B Discretion
C Seclusion
D Sensitivity - ANSWER-D
Which technology would be an example of an injection flaw,
according to the OWASP Top 10?
A SQL
B API
C XML
D XSS - ANSWER-A
A company is creating a new software to track customer
balance and wants to design a secure application.
Which best practice should be applied?
CORRECT VERIFIED ANSWERS(DETAILED
ANSWERS)|A GRADED
Which due diligence activity for supply chain security should
occur in the initiation phase of the software acquisition life
cycle?
A Developing a request for proposal (RFP) that includes
supply chain security risk management
B Lessening the risk of disseminating information during
disposal
C Facilitating knowledge transfer between suppliers
D Mitigating supply chain security risk by providing user
guidance - ANSWER-A
Which due diligence activity for supply chain security
investigates the means by which data sets are shared and
assessed?
A on-site assessment
,B process policy review
C third-party assessment
D document exchange and review - ANSWER-D
Consider these characteristics:
-Identification of the entity making the access request
-Verification that the request has not changed since its
initiation
-Application of the appropriate authorization procedures
-Reexamination of previously authorized requests by the
same entity
Which security design analysis is being described?
A Open design
B Complete mediation
C Economy of mechanism
D Least common mechanism - ANSWER-B
Which software security principle guards against the
improper modification or destruction of information and
ensures the nonrepudiation and authenticity of information?
,A Quality
B Integrity
C Availability
D Confidentiality - ANSWER-B
What type of functional security requirement involves
receiving, processing, storing, transmitting, and delivering in
report form?
A Logging
B Error handling
C Primary dataflow
D Access control flow - ANSWER-C
Which nonfunctional security requirement provides a way to
capture information correctly and a way to store that
information to help support later audits?
A Logging
B Error handling
C Primary dataflow
D Access control flow - ANSWER-A
, Which security concept refers to the quality of information
that could cause harm or damage if disclosed?
A Isolation
B Discretion
C Seclusion
D Sensitivity - ANSWER-D
Which technology would be an example of an injection flaw,
according to the OWASP Top 10?
A SQL
B API
C XML
D XSS - ANSWER-A
A company is creating a new software to track customer
balance and wants to design a secure application.
Which best practice should be applied?
