Secure Software Design and Development MCQs with Answers

Semester Exam Secure Software Design and Development InternationalEasy

Which statement best describes the purpose of privacy regulation?

A. compiler warning messages B. screen resolution guidelines C. rules for choosing icons only D. legal and policy requirements controlling collection, processing and protection of personal data

Correct Answer: D. legal and policy requirements controlling collection, processing and protection of personal data

Semester Exam Secure Software Design and Development InternationalEasy

For a semester exam, which option is correct about security in the SDLC?

A. integrating security requirements, design, coding, testing and maintenance throughout development B. checking security only after a breach C. using no threat modeling D. publishing source code publicly by default

Correct Answer: A. integrating security requirements, design, coding, testing and maintenance throughout development

Semester Exam Secure Software Design and Development InternationalEasy

In secure software design and development, what is meant by OWASP code review guide?

A. guidance for reviewing source code to find security weaknesses B. a database indexing tool only C. a social media calendar D. a hardware repair checklist

Correct Answer: A. guidance for reviewing source code to find security weaknesses

Semester Exam Secure Software Design and Development InternationalMedium

Which statement best describes the purpose of DREAD?

A. an encryption cipher B. a cloud deployment region C. a risk rating method considering damage, reproducibility, exploitability, affected users and discoverability D. a software license type

Correct Answer: C. a risk rating method considering damage, reproducibility, exploitability, affected users and discoverability

Semester Exam Secure Software Design and Development InternationalEasy

For a semester exam, which option is correct about privacy regulation?

A. screen resolution guidelines B. legal and policy requirements controlling collection, processing and protection of personal data C. rules for choosing icons only D. compiler warning messages

Correct Answer: B. legal and policy requirements controlling collection, processing and protection of personal data

Semester Exam Secure Software Design and Development InternationalEasy

In secure software design and development, what is meant by risk management?

A. removing all documentation B. accepting every risk blindly C. identifying, analyzing, prioritizing and treating security risks D. ignoring vulnerabilities

Correct Answer: C. identifying, analyzing, prioritizing and treating security risks

Semester Exam Secure Software Design and Development InternationalEasy

Which statement best describes the purpose of OWASP code review guide?

A. guidance for reviewing source code to find security weaknesses B. a database indexing tool only C. a social media calendar D. a hardware repair checklist

Correct Answer: A. guidance for reviewing source code to find security weaknesses

Semester Exam Secure Software Design and Development InternationalMedium

For a semester exam, which option is correct about DREAD?

A. a cloud deployment region B. an encryption cipher C. a software license type D. a risk rating method considering damage, reproducibility, exploitability, affected users and discoverability

Correct Answer: D. a risk rating method considering damage, reproducibility, exploitability, affected users and discoverability

Semester Exam Secure Software Design and Development InternationalEasy

In secure software design and development, what is meant by compliance?

A. using only informal practices B. meeting required laws, regulations, standards and organizational policies C. ignoring audit evidence D. deleting logs always

Correct Answer: B. meeting required laws, regulations, standards and organizational policies

Semester Exam Secure Software Design and Development InternationalEasy

Which statement best describes the purpose of risk management?

A. removing all documentation B. ignoring vulnerabilities C. identifying, analyzing, prioritizing and treating security risks D. accepting every risk blindly

Correct Answer: C. identifying, analyzing, prioritizing and treating security risks

Semester Exam Secure Software Design and Development InternationalEasy

For a semester exam, which option is correct about OWASP code review guide?

A. a database indexing tool only B. guidance for reviewing source code to find security weaknesses C. a social media calendar D. a hardware repair checklist

Correct Answer: B. guidance for reviewing source code to find security weaknesses

Semester Exam Secure Software Design and Development InternationalMedium

In secure software design and development, what is meant by OSSTMM?

A. an image editing tool B. a mobile app store C. a methodology manual for structured open source security testing D. a relational database language

Correct Answer: C. a methodology manual for structured open source security testing