JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.
CASE .NET M3 Exam Prep
Secure Application Design and Architecture
Sign in to Google
to save your progress.
Learn more
* Indicates required question
Security negligence at design and architecture phase may lead to vulnerabilities that are difficult to detect and expensive to fix.
*
10 points
True
False
Which of the following are true about Secure Application Design principles?
*
10 points
It helps to derive secure architectural decisions.
It helps to eliminate design and architectural flaws.
The state of practices or guidelines that should be enforced on developers during development phase.
All of the above.
None of the Above.
Which of the following is true about Threat Modelling?
*
10 points
It is performed at the Requirement phase of the SDL.
It is an Agile approach that allows the developer to rate the risks based on the architecture and implementation of the application.
It is an Iterative process that starts at the testing phase of the application and iterates throughout the application lifecycle until all possible risks to the application are identified.
All of the Above.
None of the Above.
What is the purpose of the STRIDE Model?
*
10 points
Categorises the application threats based on the goals and purpose pf the attack. It includes countermeasures.
Categorises the application threats based on the goals and purpose pf the attack. It does not include countermeasures.
Used to rate the various security threats by calculating risks of each threat. (DREAD)
Is an information risk evaluation method that enables organizations to determine risks factors. (OCTAVE).
None of the Above.
Which of the following are true about the DREAD model?
*
10 points
Is an information risk evaluation method that enables organizations to determine risks factors.
Categorises the application threats based on the goals and purpose of the attack. It includes countermeasures.
Categorises the application threats based on the goals and purpose pf the attack. It does not include countermeasures.
Used to rate the various security threats by calculating risks of each threat.
None of the Above.
Regarding Design Secure Application Architecture, which of the following are true?
*
10 points
A typical web application comprises of 1 tier.
Security at one tier is enough, because the attacker must break all tiers to compromise the application.
Design web application is not compatible with defense in depth principle.
A single-tiered application includes input validation, database abstraction, server configuration, web application firewalls ,data encryption, OS hardening.
All of the Above.
None of the Above
Security vigilance at design phase enables detecting potential security flaws late in the SDLC.
*
10 points
True
False
Secure design of an application is based on security requirements identified in the previous phase of the SDLC.
*
10 points
True
False
Secure design is not challenging , as designing required security controls does not obstruct the business functionality requirements.
*
10 points
True
False
What is the goal of the Secure Design Process?
*
10 points
Developers Identifying the threats for stakeholders to understand and mitigate the risks associated with the threats (Identifying the threats for developers to understand and mitigate the risks associated with the threats)
Enforcing secure design principles that force developers to consider security while coding.
Designing an architecture independent of the possible threats .
All of the Above.
None of the Above
Submit
Page 1 of 1
Clear form
This content is neither created nor endorsed by Google. -
Terms of Service
-
Privacy Policy
Does this form look suspicious?
Report
Forms
Help and feedback
Help Forms improve
Report
