CSLLP Secure Software Design 2

Question 1

What is the purpose of an interface design review in secure software development?

Accepted Answer

To identify trust boundaries and validate that security controls are applied at all interfaces

Answer

To evaluate user experience design

Answer

To review API performance characteristics

Answer

To assess database schema design

Question 2

Which cryptographic algorithm is currently recommended by NIST for symmetric encryption?

Accepted Answer

AES

Answer

DES

Answer

3DES

Answer

RC4

Question 3

What security design pattern ensures that a user must provide evidence from at least two distinct authentication factors?

Accepted Answer

Multi-factor authentication (MFA)

Answer

Single sign-on (SSO)

Answer

Role-based access control (RBAC)

Answer

Attribute-based access control (ABAC)

Question 4

Which design approach assigns permissions based on a user's organizational role rather than their individual identity?

Accepted Answer

Role-based access control (RBAC)

Answer

Discretionary access control (DAC)

Answer

Mandatory access control (MAC)

Answer

Attribute-based access control (ABAC)

Question 5

What is the purpose of a certificate authority (CA) in a public key infrastructure (PKI)?

Accepted Answer

To issue and sign digital certificates that bind public keys to identities

Answer

To generate symmetric encryption keys for users

Answer

To store private keys securely on behalf of users

Answer

To perform key exchange during TLS handshakes

Question 6

Which threat modeling methodology focuses on assets, attack surfaces, and mitigations and was developed by Microsoft?

Accepted Answer

STRIDE

Answer

PASTA

Answer

OCTAVE

Answer

VAST