ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During a requirements workshop, the security architect is asked to label several backlog items. Which of the following proposed backlog items is most clearly a non-functional security requirement rather than a functional one?
If a user enters an incorrect password five times, the account shall be locked for 30 minutes.
All sensitive data transmitted between components shall be encrypted using only TLS 1.3.
The system shall display the previous successful login time immediately after authentication.
Users shall be able to generate a one-time passcode to confirm high-risk transactions.
A non-functional security requirement specifies how the system must operate or the quality attributes it must possess, such as encryption standards or performance levels. Requiring that "all sensitive data transmitted between components shall be encrypted using only TLS 1.3" dictates a quality of the system's operation (the cryptographic standard to be used) and does not describe user-visible behavior. The other statements describe specific behaviors the system must perform for or in response to a user (locking an account after failed logins, displaying the last login time, or providing one-time passcodes), making them functional security requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is TLS 1.3 considered a non-functional requirement in the given example?
Open an interactive chat with Bash
What is the difference between functional and non-functional requirements?
Open an interactive chat with Bash
Can functional security requirements also impact the system's non-functional properties?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Requirements
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .