Certified Secure Software Lifecycle Professional-Set 1

Question: Which is primary security concerns with source code versioning?

Authentication

What is Version Control and why its used?
  • Configuration Management has a direct influence on the level of software assurance and this applies to both development and deployment.
  • One of the main reasons for using version control, is that it is a very convenient and robust way to ensure that development teams are working with the correct version of the code.
    Every change is tracked so there is a permanent record of the software, as the project has progressed.
    This allows us to roll back to previous versions, if necessary.
    The primary security concerns, with source code versioning, are “File locks” and “Checkouts”.
  • Any version control software must have a “Checkout” feature, where a developer can checkout the code, while preventing other developers from modifying that same code while it’s checked out.
    Under a distributed model, version control software allows multiple developers to work on the same codes inconcurrently and merge those changes back in a separate step.
    The objective is to ensure that developers are not overwriting code modifications made by other developers and to unmade the management of all aspects of version control.
  • Common version control software includes “Git”.
    “Git” is a type of distributive version control, where each developer works with their own local repository, with changes being shared with other developers in a separate step.
    “Git” is also open source.

Question: Which statements are accurately describe the spiral software development model?

Ans – Contains elements of waterfall model

Contains elements of an iterative model

Question: Where must any new software critical to the business be documented?

Ans – Disaster recovery plan

Business continuity plan

Question: Which documentation regarding end-of-life policies offers guidance for disposal or replacement of a product?

Ans – Sunsetting criteria

Question: How must access control for a new product be set?

Ans – Access control must be explicitly set

Question: What do the so-called SD3 initiatives for software security stand for?

Ans – Secure in deployment

Secure by default

Secure by design

Question: What is the name of the structured and methodical process for evaluating software’s technical functionality?

Ans – Verification and validation

Question: What is the risk that remains after security controls have been applied?

Ans – Residual risk

Question: Which of these are considered software defects?

Ans – Vulnerabilities

Behavioral anomalies

Question: What technique for physically destroying media involves separating the media into its component parts?

Ans – Disintegration

Question: Which of these are considered security related milestones?

Ans – Construction of a threat model

Code reviews

Question: What framework aligns security solutions with critical business initiatives?

COBIT

SABSA

Ans – SABSA