Question: Which is primary security concerns with source code versioning?
What is Version Control and why its used?
- Configuration Management has a direct influence on the level of software assurance and this applies to both development and deployment.
- One of the main reasons for using version control, is that it is a very convenient and robust way to ensure that development teams are working with the correct version of the code.
Every change is tracked so there is a permanent record of the software, as the project has progressed.
This allows us to roll back to previous versions, if necessary.
The primary security concerns, with source code versioning, are “File locks” and “Checkouts”.
- Any version control software must have a “Checkout” feature, where a developer can checkout the code, while preventing other developers from modifying that same code while it’s checked out.
Under a distributed model, version control software allows multiple developers to work on the same codes inconcurrently and merge those changes back in a separate step.
The objective is to ensure that developers are not overwriting code modifications made by other developers and to unmade the management of all aspects of version control.
- Common version control software includes “Git”.
“Git” is a type of distributive version control, where each developer works with their own local repository, with changes being shared with other developers in a separate step.
“Git” is also open source.
Question: Which statements are accurately describe the spiral software development model?
Ans – Contains elements of waterfall model
Contains elements of an iterative model
Question: Where must any new software critical to the business be documented?
Ans – Disaster recovery plan
Business continuity plan
Question: Which documentation regarding end-of-life policies offers guidance for disposal or replacement of a product?
Ans – Sunsetting criteria
Question: How must access control for a new product be set?
Ans – Access control must be explicitly set
Question: What do the so-called SD3 initiatives for software security stand for?
Ans – Secure in deployment
Secure by default
Secure by design
Question: What is the name of the structured and methodical process for evaluating software’s technical functionality?
Ans – Verification and validation
Question: What is the risk that remains after security controls have been applied?
Ans – Residual risk
Question: Which of these are considered software defects?
Ans – Vulnerabilities
Question: What technique for physically destroying media involves separating the media into its component parts?
Ans – Disintegration
Question: Which of these are considered security related milestones?
Ans – Construction of a threat model
Question: What framework aligns security solutions with critical business initiatives?
Ans – SABSA