Reference validation mechanism and toe security functions

Assignment Help Computer Network Security
Reference no: EM13879274

Part I:

1. There are three Parts

2. For the descriptive questions (Parts II and III), you should provide answers in your words.

However, when you use the words of others in any answers, you must use quotation marks and attribute the source right there following APA style recommendations.

You must provide a separate reference section for each descriptive question following APA style recommendations.

For the descriptive questions, correctness, logical flow, grammar, and proper references are all important in that order.

3. You may use any resources in addition to the textbook, such as other books, articles, and the Web.

Part I: Multiple Choice questions

1. What is software assurance?

a. a methodology that provides the framework for secure software b. a tool that can be used to produce secure software c. a theorem prover technique to produce secure software d. a CMMI process to produce reliable software

2. What are two ways a developer can sustain secure code during software maintenance?

a. Create a Change Control Board and conduct threat analysis on each change request. b. Go to training for advanced hacking techniques and read journals on security topics. c. Work closely with the business analysts with each requirement and continue with the peer reviews. d. Read journals and web sites that repot on latest attacks.

3. Validation is the process to ensure that:

a. the requirements meet the needs. b. the design meets the requirements. c. the implementation meets the requirements. d. the implementation faithfully satisfies the design.

4. Verification is the process to ensure that:

a. the requirements meet the needs. b. the design meets the requirements. c. the implementation meets the requirements. d. the implementation faithfully satisfies the design.

5. The NRL taxonomy classifies flaws using multiple dimensions that include (choose all that apply):

a. where the flaw occurs b. the programmer who introduced the flaw c. the organization that introduced the flaw d. the time the flaw was introduced

6. Having a software assurance plan ensures which of the following?

a. secure code b. that a process is in place within the development life cycle that tests for security vulnerabilities c. that the software is safe from attacks d. that the development has tested for security vulnerabilities before releasing the software product

7. Which of the following defines a functional test script?

a. a document created by the project management team that specifies what needs to be tested, how to test, and who test it b. step-by-step instructions that are specifically created for testing the security of the application c. step-by-step instructions that depict a specific scenario or situation that the use case will encounter as well as the expected result d. a document that contains test output

8. Which of the following is not a technique for secure coding?

a. validating request data b. error handling c. self-monitoring d. diversity e. minimizing number of lines of code

9. Which tool will help in the following situation? There are five developers on the team and they have trouble synchronizing their code. Currently, they are emailing their files and merging them ad hoc.

a. IDE b. Version Control c. Build Tool d. Merge Tool

10. Which tool will help analyze the following situation? The application seems to take longer to reply after the code executes the database calls

a. IDE b. Debugger c. Profiler d. Memory Monitor

11. Why should developers collaborate with business analysts?

a. Refine system requirements including security requirements while creating design documentation as each requirement is discussed. b. Look for weaknesses and unknowns in the requirements documentation. c. Get tips for secure coding. d. Install and configure development tools

12. To help understand a use case, the developer walks through each step of tasks and activities and makes sure all relevant requirements are covered. What is this type of analyzing called?

a. Thinking like the application b. Use case interrogation c. Subjective analysis d. Objective analysis

13. As a developer of application, what is the most relevant element you should know about an attack?

a. Who the attacker is. b. What motivates the attacker. c. What preconditions in the applications have to be met for the attacker to succeed. d. Where did the attack originate from.

14. Into which of the eight design principles by Saltzer and Schroeder does the following design fit? The developers should design their code so that proper authorization is checked when the initial request is sent to the server and again when the response is sent back to the client.

a. Fail-safe b. Complete mediation c. Least privilege d. Keep it simple

15. Into which of the eight design principles by Saltzer and Schroeder does the following design fit? The developers designed their code so that no update transaction can execute unless the request comes from a security administrator who is using the update screen from application xxx

a. Fail-safe b. Complete mediation c. Keep it simple d. Least privilege

16. To address failing securely, what should be built into the code (choose all that apply)?

a. Proper error handling b. Self-detection of a failure c. Separation of GUI requirements from database requirements d. Separation of GUI requirements from business requirements

17. When software development goes through all stages, a small chunk of requirements at a time, it is said to be coded using what methodology?

a. Waterfall b. Object-oriented c. Spiral d. Iterative

18. When software development goes through all stages from start to finish in one swoop, it is said to be coded using what methodology?

a. Waterfall b. Object-oriented c. Spiral d. Iterative

19. The main goal of secure software development process is to:

a. develop code quickly b. develop efficient code c. write quality code that handles known vulnerabilities and follow good security design and coding practices d. assure that code does not have any bugs

20. The most critical step in designing an effective auditing system in an enterprise to detect security violations is:

a. have a good understanding of the attacks that could be directed at the enterprise b. have a good understanding of the computing needs of users or employees who will be using the various systems in the enterprise c. have a good understanding of the policies to be enforced d. have a good understanding of the communication requirements of various systems in the enterprise

Part II: Questions requiring a short description, no more than 1 page (double-spaced) per question

1. Bishop, Chapter 21, p. 610 - Problem # 4 - What are the conceptual differences between a reference validation mechanism, a trusted computing base, and the TOE Security Functions?

2. Bishop, Chapter 18, p. 495 - Problem # 7 - A company develops a new security product using the extreme programming software development methodology - programmers code, then test, then add more code, then test, and continue the iteration. Every day, they test the code base as a whole. The programmers work in pair when writing code to ensure that at least two people review the code. The company does not adduce any additional evidence of assurance. How will you explain to the management of this company why their software is not a high assurance software.

Part III: 1 question requiring no more than 2 pages (double-spaced). There are two secure software development methodologies that are popular:

1. Microsoft Security Development Lifecycle (see https://www.microsoft.com/en-us/sdl/; also see the attached Simplified Implementation of the Microsoft SDL document)

2. OWASP CLASP (see https://www.owasp.org/index.php/CLASP_Concepts; also see the attached overview presentation of CLASP)

Pick one of these two methodologies. Explain what the methodology is, how well it addresses security concerns in the life cycle and what are its drawbacks if any. Feel free to use other resources.

Verified Expert

Reference no: EM13879274

Questions Cloud

Case- iams and eukanuba understand people who love pets : Case- Iams and Eukanuba Understand people who love Pets. Why would consumers continue spending on their pets even during an economic downturn? Explain your answer in terms of consumes baying behavior concepts\
Prepare a production cost report for the month ended march : Aromatic Company for its line of perfume products for the month ended March 3. Prepare a production cost report for the month ended March 31, using the average cost method.
Determine the ratio uo-umax : Water flows steadily through the round pipe in the figure. The entrance velocity is Vo. The exit velocity approximates turbulent flow, u = umax(1 - r/R) 1/7. Determine the ratio Uo/umax for this incompressible flow.
Write a for loop that computes the sum of all integers : Write a for loop that computes the sum of all integers from 1 to 10
Reference validation mechanism and toe security functions : What are the conceptual differences between a reference validation mechanism, a trusted computing base, and the TOE Security Functions and How will you explain to the management of this company why their software is not a high assurance software.
Briefly describe the steps j j should take to report : Briefly describe the steps J J should take to report the change
What is the tax treatment of the scholarship : What is the tax treatment of the scholarship? Is Andrew required to include it as income on his tax return? Is Andrew eligible for the education credits?
Determine the total pressure drop : The mercury manometer reads a 6-in height. The pressure drop p2 - p1 is partly due to friction and partly due to gravity. Determine the total pressure drop and also the part due to friction only. Which part does the manometer read? Why?
Indicated that actual claims were less than expected : 1.In 2012, Quapau Products introduced a new line of hot water heaters that carry a one year warranty against manufacturer's defects. Based on industry experience,

Reviews

Write a Review

 

Computer Network Security Questions & Answers

  A detailed description of what worms and trojan horses

a detailed description of what worms and Trojan horses

  Explain problems nats create for ipsec security

Discuss some of the problems NATs create for IPsec security. Solve problems by using IPv6? Why deployment of IPv6 has been slow to date. What is needed to accelerate its deployment

  Write the symbolic logic for the 3des decryption

How would you protect the passwords on your system using some of the mechanisms we have studied? Discuss implementation strategies and explain your decisions.

  Protocol stack for wap2

WAP protocol, cellular network infrastructure, SSL protect against eavesdropping, network datagrams (packets) be protected at the network layer, pin and fingerprint, Certificate Revocation, Public Key Infrastructure, modern symmetric algorithm bl..

  Is there a significance to caribbean island of nevis

Does it have the characteristic of being one way or can this number be end result of some other rule if so which rule?

  Fraud and risk factors and enterprise systems

Review the Fraud Risk Factors. Choose one (1) factor which you believe is the most important. Justify your response. Next, choose one (1) factor and determine two (2) policies that a company could put in place in order to counter the risk factor i..

  Corporate governance and a company''s cybersecurity posture

Analyze the connection between corporate governance and a company's cybersecurity posture. Provide at least three (3) points to justify whether or not there is an impactful relationship between corporate governance and a company's cybersecurity po..

  Write a program in to find the largest value of k

Write a program in to find the largest value of k such that there exists a k-core in a given undirected graph G = (V, E). Also print out the nodes in the largest k-core.

  Find the checksum at the sender site

This problem shows a special case in checksum handling. A sender has two data items to send: Ox4567 and OxBA98. What is the value of the checksum?

  Use a two-stage transposition technique to encrypt

Use a two-stage transposition technique to encrypt the following message using the key "Decrypt". Ignore the comma and the period in the message

  Why is the authentication header mode ipsec incompatible

Design and explain any issues or problems - Why is the authentication header (AH) mode of IPSec incompatible with network address translation schemes

  Explaining ethical issues and the abuse of privacy

Search the Internet for good examples of cases that involve ethical issues and the abuse of privacy. Provide a review and analysis of your findings.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd