CSLLP Secure Software Requirements 2

Question 1

What is the purpose of requirements traceability in secure software development?

Accepted Answer

To link security requirements to design decisions, code, and tests ensuring nothing is missed

Answer

To track bugs from development to production

Answer

To monitor runtime behavior of deployed applications

Answer

To manage software licensing compliance

Question 2

Which of the following best describes personally identifiable information (PII)?

Accepted Answer

Information that can be used to identify, contact, or locate a specific individual

Answer

Any data stored in a database

Answer

Encrypted data that cannot be read without a key

Answer

Any data transmitted over a network

Question 3

A system that processes payment card data must comply with which standard?

Accepted Answer

PCI DSS

Answer

HIPAA

Answer

SOX

Answer

FERPA

Question 4

What is the purpose of a data flow diagram (DFD) in security requirements analysis?

Accepted Answer

To visualize how data moves through a system, identifying trust boundaries and sensitive data flows

Answer

To model database schema relationships

Answer

To document API endpoint specifications

Answer

To track software version changes

Question 5

Which approach to security requirements gathers input from stakeholders to identify what the system must NOT do to prevent harm?

Accepted Answer

Misuse case analysis

Answer

Use case analysis

Answer

Functional decomposition

Answer

Formal verification

Question 6

Which US regulation protects the privacy of student education records and limits disclosure of personally identifiable information?

Accepted Answer

FERPA

Answer

COPPA

Answer

HIPAA

Answer

GLBA