Bash, the Crucial Exams Chat Bot
AI Bot
Secure Architecture and Design (CSSLP) Flashcards
ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Flashcards
| Front | Back |
| How can sandboxing enhance application security | By isolating programs in restricted environments to prevent potential threats from affecting the wider system |
| How do design patterns support secure architecture | They provide reusable and tested solutions for common software design and security problems |
| How do privilege escalation controls protect a system | By restricting or monitoring elevated access to prevent attackers from gaining unauthorized privileges |
| How do secure error messages improve security | They provide minimal and non-sensitive information to avoid aiding attackers in exploiting the system |
| How does architecture risk analysis improve security | By identifying and prioritizing risks in the system’s structure and making targeted security improvements |
| How does continuous integration/continuous deployment (CI/CD) support security | By integrating automated security tests and checks throughout the development and deployment process |
| How does data classification enhance secure design | By categorizing data based on sensitivity to apply appropriate protection levels |
| How does dependency scanning improve security | By automatically identifying vulnerabilities in third-party libraries or frameworks used in the system |
| How does input validation improve security | By preventing malicious inputs such as SQL injection and ensuring data integrity and proper processing |
| How does logging and monitoring support secure design | By enabling detection of unauthorized activities and aiding in forensic analysis after an incident |
| How does risk-based authentication enhance security | By adapting authentication requirements based on the context, such as user behavior or location |
| What are common risks when not performing security testing | Undetected vulnerabilities can lead to data breaches, service disruptions, or attacks exploiting weaknesses |
| What are secure APIs | APIs designed to restrict access, validate inputs, and minimize attacks like unauthorized data exposure or injection |
| What are the benefits of security-focused code reviews | They help identify vulnerabilities or deviations from secure coding practices early in development |
| What are the key components of a secure software development lifecycle (SDLC) | Requirements analysis, secure design, secure coding, testing, deployment, and maintenance |
| What does STRIDE stand for in threat modeling | Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege |
| What is attack surface reduction in secure design | Minimizing the system’s exposure to potential attacks by limiting entry points and accessible functionality |
| What is compartmentalization in software design | The practice of isolating system components so compromises in one area won't affect others |
| What is defense in depth | A multi-layered approach to security that ensures if one defense fails, additional layers will still protect the system |
| What is secure architecture review | An in-depth evaluation of the system's design and architecture to identify security gaps and weaknesses |
| What is secure dependency management | The process of analyzing and mitigating risks associated with third-party libraries and frameworks used in software |
| What is the benefit of using automated tools for security testing | They speed up detection of vulnerabilities and provide consistent results during development |
| What is the concept of secure-by-default in design | Designing systems to operate securely out-of-the-box with minimum user configuration |
| What is the difference between static and dynamic analysis in secure design | Static analysis reviews code without execution, while dynamic analysis tests the running application for vulnerabilities |
| What is the goal of secure session management | To control the creation, validation, and destruction of sessions to prevent unauthorized actions |
| What is the goal of threat intelligence in secure architecture | To provide context about potential threats and attackers to better inform design decisions |
| What is the importance of secure deployment practices | They prevent introducing vulnerabilities during software installation and configuration phases |
| What is the importance of secure logging policies | To ensure logs cannot be tampered with or viewed by unauthorized individuals, protecting sensitive information |
| What is the principle of least privilege | Limiting access rights for users, processes, and systems to only what is needed to perform their functions |
| What is the principle of separation of duties | Ensuring no single individual or process has control over all critical aspects of an operation to reduce risk |
| What is the purpose of fail-safe defaults | Ensuring that systems default to a secure state if a failure or error occurs |
| What is the purpose of secure configuration management | To ensure that systems are set up in a secure and consistent manner, reducing misconfigurations |
| What is the role of patch management in secure design | To ensure systems and software remain secure by applying updates that fix vulnerabilities |
| What is the role of secure coding practices in design | They minimize vulnerabilities and reduce the risk of exploitation by following standards and guidelines like OWASP |
| What is the significance of choosing secure protocols | Ensuring communication methods, like HTTPS or TLS, protect data in transit from interception or tampering |
| What is zero trust architecture | An approach where no entity is automatically trusted, and security is enforced across users, devices, and networks |
| Why is cryptography essential in secure design | It protects sensitive data through encryption and ensures confidentiality, integrity, and authenticity of information |
| Why is security retrospection important post-deployment | To evaluate incidents and improve system security based on lessons learned and real-world events |
| Why is threat modeling important in secure design | It helps identify vulnerabilities and guides security measures to mitigate risks early in the development lifecycle |
Front
How does input validation improve security
Click the card to flip
Back
By preventing malicious inputs such as SQL injection and ensuring data integrity and proper processing
Front
How do privilege escalation controls protect a system
Back
By restricting or monitoring elevated access to prevent attackers from gaining unauthorized privileges
Front
What are the key components of a secure software development lifecycle (SDLC)
Back
Requirements analysis, secure design, secure coding, testing, deployment, and maintenance
Front
What is the principle of least privilege
Back
Limiting access rights for users, processes, and systems to only what is needed to perform their functions
Front
What is the importance of secure deployment practices
Back
They prevent introducing vulnerabilities during software installation and configuration phases
Front
What is the principle of separation of duties
Back
Ensuring no single individual or process has control over all critical aspects of an operation to reduce risk
Front
Why is security retrospection important post-deployment
Back
To evaluate incidents and improve system security based on lessons learned and real-world events
Front
What is the purpose of fail-safe defaults
Back
Ensuring that systems default to a secure state if a failure or error occurs
Front
How does continuous integration/continuous deployment (CI/CD) support security
Back
By integrating automated security tests and checks throughout the development and deployment process
Front
What is the role of secure coding practices in design
Back
They minimize vulnerabilities and reduce the risk of exploitation by following standards and guidelines like OWASP
Front
What is zero trust architecture
Back
An approach where no entity is automatically trusted, and security is enforced across users, devices, and networks
Front
What is the goal of threat intelligence in secure architecture
Back
To provide context about potential threats and attackers to better inform design decisions
Front
What is secure dependency management
Back
The process of analyzing and mitigating risks associated with third-party libraries and frameworks used in software
Front
Why is cryptography essential in secure design
Back
It protects sensitive data through encryption and ensures confidentiality, integrity, and authenticity of information
Front
How does dependency scanning improve security
Back
By automatically identifying vulnerabilities in third-party libraries or frameworks used in the system
Front
What is the role of patch management in secure design
Back
To ensure systems and software remain secure by applying updates that fix vulnerabilities
Front
What is secure architecture review
Back
An in-depth evaluation of the system's design and architecture to identify security gaps and weaknesses
Front
How can sandboxing enhance application security
Back
By isolating programs in restricted environments to prevent potential threats from affecting the wider system
Front
What does STRIDE stand for in threat modeling
Back
Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege
Front
What is the importance of secure logging policies
Back
To ensure logs cannot be tampered with or viewed by unauthorized individuals, protecting sensitive information
Front
How do design patterns support secure architecture
Back
They provide reusable and tested solutions for common software design and security problems
Front
What are the benefits of security-focused code reviews
Back
They help identify vulnerabilities or deviations from secure coding practices early in development
Front
What is the difference between static and dynamic analysis in secure design
Back
Static analysis reviews code without execution, while dynamic analysis tests the running application for vulnerabilities
Front
How does architecture risk analysis improve security
Back
By identifying and prioritizing risks in the system’s structure and making targeted security improvements
Front
What is the concept of secure-by-default in design
Back
Designing systems to operate securely out-of-the-box with minimum user configuration
Front
What is defense in depth
Back
A multi-layered approach to security that ensures if one defense fails, additional layers will still protect the system
Front
What is the benefit of using automated tools for security testing
Back
They speed up detection of vulnerabilities and provide consistent results during development
Front
What are secure APIs
Back
APIs designed to restrict access, validate inputs, and minimize attacks like unauthorized data exposure or injection
Front
What is compartmentalization in software design
Back
The practice of isolating system components so compromises in one area won't affect others
Front
How do secure error messages improve security
Back
They provide minimal and non-sensitive information to avoid aiding attackers in exploiting the system
Front
What is the goal of secure session management
Back
To control the creation, validation, and destruction of sessions to prevent unauthorized actions
Front
What is the significance of choosing secure protocols
Back
Ensuring communication methods, like HTTPS or TLS, protect data in transit from interception or tampering
Front
Why is threat modeling important in secure design
Back
It helps identify vulnerabilities and guides security measures to mitigate risks early in the development lifecycle
Front
How does logging and monitoring support secure design
Back
By enabling detection of unauthorized activities and aiding in forensic analysis after an incident
Front
What is the purpose of secure configuration management
Back
To ensure that systems are set up in a secure and consistent manner, reducing misconfigurations
Front
How does risk-based authentication enhance security
Back
By adapting authentication requirements based on the context, such as user behavior or location
Front
What are common risks when not performing security testing
Back
Undetected vulnerabilities can lead to data breaches, service disruptions, or attacks exploiting weaknesses
Front
How does data classification enhance secure design
Back
By categorizing data based on sensitivity to apply appropriate protection levels
Front
What is attack surface reduction in secure design
Back
Minimizing the system’s exposure to potential attacks by limiting entry points and accessible functionality
1/39
This deck explores secure software architecture, design principles, and methods to integrate security early in the software development lifecycle.