CSLLP Secure Software Design

Question 1

Which design principle advocates that components with different trust levels or functions should be isolated from one another?

Accepted Answer

Compartmentalization

Answer

Economy of mechanism

Answer

Separation of duties

Answer

Fail securely

Question 2

A multi-tier architecture that separates presentation, business logic, and data storage is considered a best practice because it:

Accepted Answer

Limits the blast radius of a breach and enforces separation of concerns

Answer

Eliminates the need for input validation

Answer

Reduces the need for authentication

Answer

Speeds up development by reducing code complexity

Question 3

What is the primary security benefit of using parameterized queries in database interactions?

Accepted Answer

They prevent SQL injection by separating SQL logic from user-supplied data

Answer

They improve query performance

Answer

They encrypt database traffic

Answer

They enforce database access controls

Question 4

Which principle states that a system should default to a secure state when it fails or encounters an error?

Accepted Answer

Fail securely

Answer

Least privilege

Answer

Complete mediation

Answer

Open design

Question 5

In cryptographic design, what is the purpose of a salt?

Accepted Answer

To add random data to passwords before hashing, preventing precomputed hash attacks

Answer

To increase encryption speed

Answer

To extend the length of an encryption key

Answer

To compress data before encryption

Question 6

Which architectural pattern uses a single component to handle all requests and enforce consistent security checks before routing to handlers?

Accepted Answer

Front controller pattern

Answer

Observer pattern

Answer

Factory pattern

Answer

Decorator pattern