ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CSSLP All Questions

View all questions & answers for the CSSLP exam
Go to Exam

Exam CSSLP topic 2 question 32 discussion

Actual exam question from ISC's CSSLP
Question #: 32
Topic #: 2
[All CSSLP Questions]

The Data and Analysis Center for Software (DACS) specifies three general principles for software assurance which work as a framework in order to categorize various secure design principles. Which of the following principles and practices does the General Principle 1 include? Each correct answer represents a complete solution. Choose two.

  • A. Principle of separation of privileges, duties, and roles
  • B. Assume environment data is not trustworthy
  • C. Simplify the design
  • D. Principle of least privilege
Show Suggested Answer Hide Answer
Suggested Answer: Principle of least privilege Principle of separation of privileges, duties, and roles Principle of separation of domains Answer: B is incorrect. Assume environment 🗳️
General Principle 1- Minimize the number of high-consequence targets includes the following principles and practices:
by 74gjd_37 at Sept. 30, 2023, 7:39 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
74gjd_37
5 months, 2 weeks ago
Selected Answer: AD
The General Principle 1 includes the following principles and practices: A. Principle of separation of privileges, duties, and roles D. Principle of least privilege So the correct answer is A and D.
upvoted 1 times
74gjd_37
5 months, 2 weeks ago
General Principle 1 of DACS emphasizes on ensuring the correct execution of software functions without being affected by security vulnerabilities. This principle generally includes three practices: The Principle of Least Privilege: A process or system should be given only the minimum access rights and permissions necessary to complete its designated task. Separation of Duties, Privileges, and Roles: A single user should not have authorization for all aspects of a system; rather different users with different roles and responsibilities must work together collaboratively in order to achieve the intended outcome. Assume Environment Data is Potentially Hostile: One cannot assume that input data from external sources will always be clean and accurate; hence all inputs must be validated before processing them in order to avoid potential threats coming from malicious attacks or errors, committed either intentionally by human beings or accidentally due to hardware issues etc.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago