You are evaluating alternatives to the physical access control system of the computer room. Which of the following provides the highest level of security?
A. Press PIN code on the keypad
B. Input Employee ID and password to the keypad
C. Swipe a contact ID card and input the PIN code
D. Input Employee ID first, then scan the fingerprint
Engineering refers to applying knowledge and skills to understand and manage stakeholders’ requirements, propose and implement a solution to address those requirements, and utilize and support that solution to create value persistently until its retirement.
~ Wentz Wu
interdisciplinary approach governing the total technical and managerial effort required to transform a set of stakeholder needs, expectations, and constraints into a solution and to support that solution throughout its life.
Source: ISO/IEC/IEEE 15288:2015 Systems and software engineering — System life cycle processes
application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software; that is, the application of engineering to software.
Source: ISO/IEC/IEEE 12207:2017 Systems and software engineering — Software life cycle processes
You are a member of the software development team following the waterfall model. The customer has signed off the user requirements specification. Your team has finished and is reviewing the architectural and detailed designs. To identify security flaws, which of the following is the best vehicle?
A. Common Weakness Enumeration (CWE)
B. Security Content Automation Protocol (SCAP)
C. Common Vulnerabilities and Exposures (CVE)
D. Common Vulnerability Scoring System (CVSS)
Your company has 400 employees. One-fourth of them are assembly workers; Alice is responsible for calculating their wages and storing them in the relational database table, Payrolls, which contains all the employees’ salaries. Alice learned that she received the lowest salary among all employees by submitting the SQL query, SELECT MIN(Salary) FROM Payrolls. She is complaining about this to her boss. Which of the following is the primary cause of the confidentiality issue?
D. Improper database normalization
Your web application received a token from a subject, Alice@WentzWu.com, issued by a SAML-like ID provider. Which of the following is an assertion that best supports attribute-based access control?
Which of the following Agile approaches or frameworks provides the most programming practices?
A. The waterfall model
C. Extreme Programming (XP)
Your company starts an in-house software development project for the customer relationship management solution. Which of the following activities is least likely conducted during the software development life cycle?
A. Resale the solution to external entities
B. Develop the business case for the project
C. Implement the solution without threat modeling
D. Reject the solution after user acceptance testing
Voice and data messages in telecommunication are encrypted for security concerns. Which of the following cryptographic algorithms was designed to protect confidentiality while preserved a back door for law enforcement?
As the architect of the software development team, you and your team are conducting threat modeling. Which of the following is the first action you should take?
A. Calculate residual risk.
B. Prepare use cases and data flow diagrams.
C. Implement input validation, error handling, and logging.
D. Identify threats per OWASP Top 10 Web Application Security Risks.