Question 1

The principle of maintainability includes the tenet that the application is able to run itself.

Accepted Answer

A) True 
 B)False

Question 2

Which principle tells the developer to code multiple layers of types of protection?

Accepted Answer

A)  Fail Securely 
B)  Defense in Depth 
C)  Least Privilege 
D)  Keep It Simple 
A)  Fail Securely 
B)  Defense in Depth 
C)  Least Privilege 
D)  Keep It Simple

Question 3

Which principle tells the developer to allow the user access to only what is need for that user's job?

Accepted Answer

A)  Least Privilege 
B)  Fail Securely 
C)  Keep It Simple 
D)  Defense in Depth 
A)  Least Privilege 
B)  Fail Securely 
C)  Keep It Simple 
D)  Defense in Depth

Question 4

What is attained by creating code that can change meaning on demand?

Accepted Answer

A)  Software security 
B)  Software methodology 
C)  Software process 
D)  Software diversity 
A)  Software security 
B)  Software methodology 
C)  Software process 
D)  Software diversity

Question 5

What is attained by creating code that can be easily modified without affecting the application as a whole?

Accepted Answer

A)  Flexibility 
B)  Understandability 
C)  Maintainability 
D)  Usability 
A)  Flexibility 
B)  Understandability 
C)  Maintainability 
D)  Usability

Question 6

The Information Systems Security Association's (ISSA) main purpose is to promote practices that will ensure the confidentiality, integrity and availability of organizational information resources.

Accepted Answer

A) True 
 B)False

Question 7

CONSTANTS are values that are changeable within a programming language.

Accepted Answer

A) True 
 B)False

Question 8

What is attained by giving the user community training resources, help guides, and user manuals?

Accepted Answer

A)  Readability 
B)  Usability 
C)  Maintainability 
D)  Understandability 
A)  Readability 
B)  Usability 
C)  Maintainability 
D)  Understandability

Question 9

Why is software quality an art form?

Accepted Answer

A)  Can be applied in different ways 
B)  Subjective - means different things 
C)  Various components 
D)  Developers are creative 
A)  Can be applied in different ways 
B)  Subjective - means different things 
C)  Various components 
D)  Developers are creative

Question 10

Quality code means writing software for an intended purpose that must work when needed.

Accepted Answer

A) True 
 B)False

Question 11

What principle might tell the developer to create one server that creates security keys and another server that stores the keys?

Accepted Answer

A)  Least privilege 
B)  Secrets are hard to keep 
C)  Fail securely 
D)  Separation of privilege 
A)  Least privilege 
B)  Secrets are hard to keep 
C)  Fail securely 
D)  Separation of privilege

Question 12

The principle of Least Privilege states that you should give users the least amount of privilege required to perform their use case functionality.

Accepted Answer

A) True 
 B)False

Question 13

What is attained by keeping an application operative when needed?

Accepted Answer

A)  Confidentiality 
B)  Integrity 
C)  Availability 
D)  Trustworthy 
A)  Confidentiality 
B)  Integrity 
C)  Availability 
D)  Trustworthy

Question 14

If complexity can neither be removed nor automated, it should be what?

Accepted Answer

A)  Localized 
B)  Reduced 
C)  Hidden 
D)  Lessened 
A)  Localized 
B)  Reduced 
C)  Hidden 
D)  Lessened

Question 15

Authentication ensures that the user has the appropriate role and privilege to view data.

Accepted Answer

A) True 
 B)False

Question 16

The goal of SWEBOK is to define a clear set of boundaries and materials that make up software development from an engineering perspective.

Accepted Answer

A) True 
 B)False

Question 17

The integrity of the application is defined by the way in which the application accepts, transmits and stores data.

Accepted Answer

A) True 
 B)False

Question 18

Secure code does not allow who to access the software's assets?

Accepted Answer

A)  Hackers 
B)  Attackers 
C)  Unauthorized users 
D)  Administrators 
A)  Hackers 
B)  Attackers 
C)  Unauthorized users 
D)  Administrators

Question 19

How can a developer fight back from software attacks?

Accepted Answer

A)  Get tougher 
B)  Get smarter 
C)  Build smarter applications 
D)  Get certified 
A)  Get tougher 
B)  Get smarter 
C)  Build smarter applications 
D)  Get certified

Question 20

An asset is a valued resource that the application has to protect.

Accepted Answer

A) True 
 B)False

The principle of maintainability includes the tenet that the application is able to run itself.

Which principle tells the developer to code multiple layers of types of protection?

Which principle tells the developer to allow the user access to only what is need for that user's job?

What is attained by creating code that can change meaning on demand?

What is attained by creating code that can be easily modified without affecting the application as a whole?

The Information Systems Security Association's (ISSA) main purpose is to promote practices that will ensure the confidentiality, integrity and availability of organizational information resources.

CONSTANTS are values that are changeable within a programming language.

What is attained by giving the user community training resources, help guides, and user manuals?

Why is software quality an art form?

Quality code means writing software for an intended purpose that must work when needed.

What principle might tell the developer to create one server that creates security keys and another server that stores the keys?

The principle of Least Privilege states that you should give users the least amount of privilege required to perform their use case functionality.

What is attained by keeping an application operative when needed?

If complexity can neither be removed nor automated, it should be what?

Authentication ensures that the user has the appropriate role and privilege to view data.

The goal of SWEBOK is to define a clear set of boundaries and materials that make up software development from an engineering perspective.

The integrity of the application is defined by the way in which the application accepts, transmits and stores data.

Secure code does not allow who to access the software's assets?

How can a developer fight back from software attacks?

An asset is a valued resource that the application has to protect.

Why You Need to Learn Secure Programming

Coding in the Sdlc: Not a Solitary Practice

Getting Organized: What to Do on Day One

Software Requirements: Hear What They Say, Know What They Mean, Protect What They Own

Designing for Quality: the Big Picture

Designing for Security

Development Tools: Choose Wisely

Coding in the Cube: Developing Good Habit

Testing for Quality and Security

Maintain Your Software, Maintain Your Career

Filters

Exam 3: Principles of Security and Quality

The principle of maintainability includes the tenet that the application is able to run itself.

Which principle tells the developer to code multiple layers of types of protection?

Which principle tells the developer to allow the user access to only what is need for that user's job?

What is attained by creating code that can change meaning on demand?

What is attained by creating code that can be easily modified without affecting the application as a whole?

The Information Systems Security Association's (ISSA) main purpose is to promote practices that will ensure the confidentiality, integrity and availability of organizational information resources.

CONSTANTS are values that are changeable within a programming language.

What is attained by giving the user community training resources, help guides, and user manuals?

Why is software quality an art form?

Quality code means writing software for an intended purpose that must work when needed.

What principle might tell the developer to create one server that creates security keys and another server that stores the keys?

The principle of Least Privilege states that you should give users the least amount of privilege required to perform their use case functionality.

What is attained by keeping an application operative when needed?

If complexity can neither be removed nor automated, it should be what?

Authentication ensures that the user has the appropriate role and privilege to view data.

The goal of SWEBOK is to define a clear set of boundaries and materials that make up software development from an engineering perspective.

The integrity of the application is defined by the way in which the application accepts, transmits and stores data.

Secure code does not allow who to access the software's assets?

How can a developer fight back from software attacks?

An asset is a valued resource that the application has to protect.

Why You Need to Learn Secure Programming

Coding in the Sdlc: Not a Solitary Practice

Getting Organized: What to Do on Day One

Software Requirements: Hear What They Say, Know What They Mean, Protect What They Own

Designing for Quality: the Big Picture

Designing for Security

Development Tools: Choose Wisely

Coding in the Cube: Developing Good Habit

Testing for Quality and Security

Maintain Your Software, Maintain Your Career

Filters