CSLLP Secure Software Concepts 2

Question 1

Which attack category involves sending more data to a buffer than it can handle, potentially allowing code execution?

Accepted Answer

Buffer overflow

Answer

SQL injection

Answer

Cross-site scripting

Answer

Directory traversal

Question 2

What is the purpose of a privacy impact assessment (PIA)?

Accepted Answer

To identify and evaluate risks to personal information in a system

Answer

To test software performance under load

Answer

To assess physical security of data centers

Answer

To measure compliance with encryption standards

Question 3

The principle that every access attempt by a subject to an object must be checked against the access policy is known as:

Accepted Answer

Complete mediation

Answer

Open design

Answer

Psychological acceptability

Answer

Economy of mechanism

Question 4

Which secure design principle advocates for simplicity in security mechanisms to reduce the chance of flaws?

Accepted Answer

Economy of mechanism

Answer

Separation of privilege

Answer

Fail securely

Answer

Least common mechanism

Question 5

Which security property ensures that data has not been altered in an unauthorized manner?

Accepted Answer

Integrity

Answer

Availability

Answer

Confidentiality

Answer

Non-repudiation

Question 6

A trusted computing base (TCB) refers to:

Accepted Answer

The set of all hardware, firmware, and software critical to enforcing the security policy

Answer

An external audit firm that validates software security

Answer

The baseline configuration of a hardened operating system

Answer

A cryptographic module certified by NIST