Bash, the Crucial Exams Chat Bot
AI Bot
Secure Architecture and Design (CSSLP) Flashcards
ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Flashcards
| Front | Back |
| How can sandboxing enhance application security | By isolating programs in restricted environments to prevent potential threats from affecting the wider system |
| How do design patterns support secure architecture | They provide reusable and tested solutions for common software design and security problems |
| How do privilege escalation controls protect a system | By restricting or monitoring elevated access to prevent attackers from gaining unauthorized privileges |
| How do secure error messages improve security | They provide minimal and non-sensitive information to avoid aiding attackers in exploiting the system |
| How does architecture risk analysis improve security | By identifying and prioritizing risks in the system’s structure and making targeted security improvements |
| How does continuous integration/continuous deployment (CI/CD) support security | By integrating automated security tests and checks throughout the development and deployment process |
| How does data classification enhance secure design | By categorizing data based on sensitivity to apply appropriate protection levels |
| How does dependency scanning improve security | By automatically identifying vulnerabilities in third-party libraries or frameworks used in the system |
| How does input validation improve security | By preventing malicious inputs such as SQL injection and ensuring data integrity and proper processing |
| How does logging and monitoring support secure design | By enabling detection of unauthorized activities and aiding in forensic analysis after an incident |
| How does risk-based authentication enhance security | By adapting authentication requirements based on the context, such as user behavior or location |
| What are common risks when not performing security testing | Undetected vulnerabilities can lead to data breaches, service disruptions, or attacks exploiting weaknesses |
| What are secure APIs | APIs designed to restrict access, validate inputs, and minimize attacks like unauthorized data exposure or injection |
| What are the benefits of security-focused code reviews | They help identify vulnerabilities or deviations from secure coding practices early in development |
| What are the key components of a secure software development lifecycle (SDLC) | Requirements analysis, secure design, secure coding, testing, deployment, and maintenance |
| What does STRIDE stand for in threat modeling | Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege |
| What is attack surface reduction in secure design | Minimizing the system’s exposure to potential attacks by limiting entry points and accessible functionality |
| What is compartmentalization in software design | The practice of isolating system components so compromises in one area won't affect others |
| What is defense in depth | A multi-layered approach to security that ensures if one defense fails, additional layers will still protect the system |
| What is secure architecture review | An in-depth evaluation of the system's design and architecture to identify security gaps and weaknesses |
| What is secure dependency management | The process of analyzing and mitigating risks associated with third-party libraries and frameworks used in software |
| What is the benefit of using automated tools for security testing | They speed up detection of vulnerabilities and provide consistent results during development |
| What is the concept of secure-by-default in design | Designing systems to operate securely out-of-the-box with minimum user configuration |
| What is the difference between static and dynamic analysis in secure design | Static analysis reviews code without execution, while dynamic analysis tests the running application for vulnerabilities |
| What is the goal of secure session management | To control the creation, validation, and destruction of sessions to prevent unauthorized actions |
| What is the goal of threat intelligence in secure architecture | To provide context about potential threats and attackers to better inform design decisions |
| What is the importance of secure deployment practices | They prevent introducing vulnerabilities during software installation and configuration phases |
| What is the importance of secure logging policies | To ensure logs cannot be tampered with or viewed by unauthorized individuals, protecting sensitive information |
| What is the principle of least privilege | Limiting access rights for users, processes, and systems to only what is needed to perform their functions |
| What is the principle of separation of duties | Ensuring no single individual or process has control over all critical aspects of an operation to reduce risk |
| What is the purpose of fail-safe defaults | Ensuring that systems default to a secure state if a failure or error occurs |
| What is the purpose of secure configuration management | To ensure that systems are set up in a secure and consistent manner, reducing misconfigurations |
| What is the role of patch management in secure design | To ensure systems and software remain secure by applying updates that fix vulnerabilities |
| What is the role of secure coding practices in design | They minimize vulnerabilities and reduce the risk of exploitation by following standards and guidelines like OWASP |
| What is the significance of choosing secure protocols | Ensuring communication methods, like HTTPS or TLS, protect data in transit from interception or tampering |
| What is zero trust architecture | An approach where no entity is automatically trusted, and security is enforced across users, devices, and networks |
| Why is cryptography essential in secure design | It protects sensitive data through encryption and ensures confidentiality, integrity, and authenticity of information |
| Why is security retrospection important post-deployment | To evaluate incidents and improve system security based on lessons learned and real-world events |
| Why is threat modeling important in secure design | It helps identify vulnerabilities and guides security measures to mitigate risks early in the development lifecycle |
This deck explores secure software architecture, design principles, and methods to integrate security early in the software development lifecycle.