Secure-Software-Design Practice Test

Which secure coding best practice says to assume all incoming data should be considered untrusted and should be validated to ensure the system only accepts valid data?

A. General coding practices

B. Input validation

C. Session management

D. System configuration

Which security assessment deliverable identities unmanaged code that must be kept up to date throughout the life of the product?

A. Threat profile

B. Metrics template

C. Product risk profile

D. List of third-party software

Using a web-based common vulnerability scoring system (CVSS) calculator, a security response team member performed an assessment on a reported vulnerability in the user authentication component of the company's now product. The base score of the vulnerability was 8.3 and changed to 9.4 after adjusting temporal and environmental metrics.

Which rating would CVSS assign this vulnerability?

A. High seventy

B. Critical severity

C. Medium severity

D. Low seventy

What are the three primary goals of the secure software development process?

A. Performance, reliability, and maintainability

B. Cost, speed to market, and profitability

C. Redundancy, scalability, and portability

D. Confidentiality, integrity, and availability

The software security team is performing security testing for a new software product that is close to production release. They are concentrating on integrations between the new product and database servers, web servers, and web services.

Which security testing technique is being used?

A. Fuzz testing

B. Dynamic code analysis

C. Binary fault injection

D. Binary code analysis