CSLLP Secure Software Concepts 2

Question 1

Which attack category involves sending more data to a buffer than it can handle, potentially allowing code execution?

Accepted Answer

Buffer overflow

Answer

A buffer overflow occurs when a program writes more data to a buffer than it can hold, which can overwrite adjacent memory and potentially allow an attacker to execute arbitrary code.

Question 2

What is the purpose of a privacy impact assessment (PIA)?

Accepted Answer

To identify and evaluate risks to personal information in a system

Answer

A PIA is a process used to evaluate how personally identifiable information is collected, used, shared, and maintained, identifying privacy risks and mitigation strategies.

Question 3

The principle that every access attempt by a subject to an object must be checked against the access policy is known as:

Accepted Answer

Complete mediation

Answer

Complete mediation requires that every access to every object be checked for authority, preventing attackers from bypassing access controls through caching or assumptions.

Question 4

Which secure design principle advocates for simplicity in security mechanisms to reduce the chance of flaws?

Accepted Answer

Economy of mechanism

Answer

Economy of mechanism states that security designs should be as simple as possible, since complex designs are harder to analyze, implement correctly, and verify.

Question 5

Which security property ensures that data has not been altered in an unauthorized manner?

Accepted Answer

Integrity

Answer

Integrity ensures that data remains accurate and unaltered, detecting any unauthorized modifications made during storage or transmission.

CSLLP - Certified Secure Software Lifecycle Professional Practice Test

CSLLP - Certified Secure Software Lifecycle Professional Practice Test

CSLLP Secure Software Concepts 2