SophiaPretty
$14/per page/Negotiable
subject : security architecture and design
it contains
TRUE/FALSE
QUESTIONS
1. Key exchange is so important that you should write your own to avoid bugs in other people’s libraries.
True
False
2- DESIST is a variant of STRIDE created by Gunnar Peterson, which stands for Disagreement, Elevation of privilege, Spoofing, Information Disclosure, Service denial, and Tampering.
True
False
3 Your grade on the discussion board is based on participation. Each discussion board assignment is worth 20 points. However, in order to receive full credit for these posts, you must fulfill some basic requirements:
Initial post should be a minimum of 150 words
Reply posts should be 50 words or more
Posts should be relevant to the topic being discussed, but should also attempt to introduce a new point of view or piece of information or otherwise further the discussion
Posts should use correct grammar, punctuation and vocabulary appropriate for a university-level course. Misuse of the discussion boards will not be tolerated.
True
False
4- What’s the best way to accept risk in an internal software project? (Choose the best answer)
A. Developers do this all the time
B. File a bug
C. Discuss the decision with management
D. Via a modal dialog
5- IPSec, DNSSec, SSH host keys, Kerberos, Windows domain authentication, and SSL with PKI are 5 ways to strongly authenticate a remote machine.
True
False
6- Attack trees work well as a building block for threat enumeration in the three-step framwork.
True
False
7- Which of these activities most effectively help you find threats as you start a project? (Choose all that can be defended as “most effective”)
A. Creating a model of the project
B. Thinking about your assets
C. Thinking about attackers
D. Doing a breadth-first pass for threats
E. Doing a depth-first analysis of threats
F. Thinking about new threats which apply to your mitigations
G. Checking your design and model still match
8- ____ are easier to create that _______ but they tend to be less attention-grabbing.
A. Graphical Representations, Outline Representations
B. Outline Representations, Graphical Representations
C. Representations, Graphical
D. Graphical, Representations
9- A Literature review is roughly consulting the library to learn what has happened in the past.
True
False
10- Which of the following can have integrity protections applied to them?
A. Disk
B. People
C. Network
D. Memory
E. The web
F. iPads
Question 11
Which of the following must you include as you track threats you discover?
A. Where the threat applies or manifests
B. Who discovered is
C. What the threat it
D. What you’re going to do about it
Question 12
Which of these is not privacy? (Select all that are poor definitions)
A. Lots of land with trees & bushes
B. Curtains or venetian blinds
C. Unlisted phone numbers, mailboxes
D. Swiss bank accounts
E. Freedom from surveillance/NSA
F. Anonymity
G. Right to be left alone
H. A property you can achieve by simply applying security technologies
Question 13
SSL, SSH, IPSec are two distinct technologies for protecting network traffic from tampering
True
False
Question 14
In addition to your initial post, you must reply to at least TWO other student’s post by Sunday at 11:59 PM ET
True
False
Question 15
Who’s in the best position to mitigate a threat? (choose one)
A. The developer
B. A sysadmin
C. A well trained user
Question 16
STRIDE is LESS useful with a repertoire of more detailed threats to draw on.
True
False
Question 17
A root node is important in creating an attack tree because it (root node) is the last step in creating an attack tree.
True
False
Question 18
You can authenticate a person’s access to a file.
True
False
Question 19
STRIDE can be a very useful mnemonic when looking for threats, and it's PERFECT.
True
False
Question 20
List 2 methods to build visual models of your system.
Question 37
Which of these is a first-order threat?
A. Kicking in a door
B. SQL Injection
C. ASLR bypasses
D. Playing chess
Question 36
A checklist helps people avoid common problems, but the modeling of threats has already been done when the checklist is created.
True
False
Question 35
What is a threat? (Provide 2 explanations.)
Question 34
Which of these activities most effectively help you find threats as you get close to delivery? (Choose all that can be defended as “most effective”)
A. Creating a model of the project
B. Thinking about your assets
C. Thinking about attackers
D. Doing a breadth-first pass for threats
E. Doing a depth-first analysis of threats
F. Thinking about new threats which apply to your mitigations
G. Checking your design and model still match
Question 33
Which of these is not an appropriate way to address a threat? (choose one)
A. Fix it
B. Accept it
C. Document it internally so you can manage it in the next release
D. Transfer the risk
Question 32
Which of these is not a good prioritization strategy? (choose all that are never the best choice)
A. Wait and see
B. Randomly fix issues
C. Easy fixes first
D. DREAD
E. NEAT
F. Cost/damage estimation on your customer’s behalf
G. Bug
Question 31
Elevation of privilege is allowing someone to do something they're authorized to do.
True
False
[Question 30
In the Star Wars mnemonic, what threat does Luke Skywalker embody?
Question 29
Which of these steps in augmented contextual integrity most resemble other threat modeling?
A. Describe the new practice in information flows
B. Identify the prevailing context
C. Identify information subjects, senders, & recipients
D. Identify transmission principles
E. Locate applicable norms, identify significant changes
F. Prima facie assessment
G. Evaluation
Question 28
Which of these provide a STRIDE-like set of privacy harms?
A. Loius Brandeis, The Right to Privacy
B. Allan Westin, Privacy and Freedom
C. Daniel Solove, Understanding Privacy
D. Helen Nissenbaum, Privacy in Context
Question 27
Which of these organizations provide explicit guidance on privacy in their protocols?
A. ISO
B. ITU
C. IATA
D. IOC
E. IETF
Question 26
When should you create your own mitigation? (Choose one)
A. Whenever you’re bored
B. When you expect that the performance impact of a standard approach will be high
C. When you’ve tested the standard approaches, and they have unacceptable downsides
D. After you’ve fuzzed
Question 25
Which of these activities most effectively help you find threats as you develop individual features? (Choose all that can be defended as “most effective”)
A. Creating a model of the project
B. Thinking about your assets
C. Thinking about attackers
D. Doing a breadth-first pass for threats
E. Doing a depth-first analysis of threats
F. Thinking about new threats which apply to your mitigations
G. Checking that your design and model still match
Question 24
In order to receive credit, your initial post to the discussion board questions must by WEDNESDAY at midnight ET.
True
False
Question 23
You can strongly authenticate a machine by checking the hostname.
True
False
Question 22
A checklist can help you avoid whatever set of problems the checklist creators included, but it is unlikely to help you think about security.
True
False
Question 21
Which of the following techniques apply to every API?
A. Perform security checks where it’s fastest
B. Copy before validation
C. Validate data for all possible attacks
D. Report all errors
E. Report errors carefully
F. The code is the best documentation of what happens where
Question 38
What are the 3 most essential questions to ask in threat modeling?
Question 37
Which of these is a first-order threat?
A. Kicking in a door
B. SQL Injection
C. ASLR bypasses
D. Playing chess
MUTIPLE CHOICES
Attachments: