Fault tolerance is (C) is correct because it covers the availability aspect. Obfuscation is not a design principle and the rest of them don't make sense!
At first I was going with D because I thought fault tolerance was about systems design and adding more complents. However, in software it just means that the application is designed to "fail graciously" . That is the application will continue to work despite an error
obfuscation ! having built fault tolerance system does not help the weaknesses within the Software code, and obfuscation means to make the SW code hard to understand if compromised, meaning more secure more work for the hackers.
The correct answer is C. Build in appropriate levels of fault tolerance. Building in fault tolerance is a secure design principle because it helps ensure that a product can continue to function even if a component fails or is compromised. This is an important aspect of security, as it helps prevent attackers from exploiting vulnerabilities in the product to gain unauthorized access or cause other types of harm. Restricting the use of modularization, not relying on previously used code, and utilizing obfuscation whenever possible can also be important security measures, but they are not necessarily secure design principles in and of themselves.
CISSP Official Student Guide 6th ed, page 253 - "Secure coding techniques: Use of proper cryptographic algorithms, static and dynamic code analysis and obfuscation techniques in the deployment of code may reduce the risk of some of the common forms of compromise noted above (...vulnerabilities)."
I have to change to BDSec's point - CISSP Official Study Guide pg 343 - Fault tolerance is the ability of a system to suffer a fault but continue to operate. Fault tolerance is achieved by adding redundant components such as additional disks within a redundant array of independent disks (RAID) (a.k.a. redundant array of independent disks (RAID)(a.k.a. redundant array of inexpensive disks (RAID)) array, or additional servers within a failover clustered configuration. Fault tolerance is an essential element of security design. It is also considered part of avoiding single points of failure and the implementation of redundancy. For more details on fault tolerance, redundant servers, RAID, and failover solutions, see Chapter 18, "Disaster Recovery Planning."
C. Build in appropriate levels of fault tolerance.
Fault tolerance refers to the ability of a system to continue functioning properly in the event of the failure of one or more of its components. By building in appropriate levels of fault tolerance, the system can continue to operate even in the event of a failure, reducing the risk of data loss and downtime. This can help to ensure the continuity of operations and the availability of the system, which are important for security and reliability.
On the other hand, the other options given may not be considered as secure design principle, as Restricting the use of modularization can make it harder to maintain and update the system, not relying on previously used code can make it harder to ensure compatibility and stability, and Utilizing obfuscation whenever possible can make it harder to debug and troubleshoot the system.
C.
I will go with C. Below is the phrase from Official Study Guide,
While security through obscurity is typically not considered a valid security measure, it may still have value in some cases.
Hence D is not an answer. Every application need to have exception handling (kind of fault tolerance). Improper handling of errors can introduce a variety of security problems.
I will choose B. The previous source code would outdated or exposed to vulnerability like zero days. I don't choose D because one of the design principle is "keep it simple and open". I don't choose C because one of the design principle is "Fail securely".
I think D.
Code is often obfuscated to protect intellectual property or trade secrets, and to prevent an attacker from reverse engineering a proprietary software program. Encrypting some or all of a program's code is one obfuscation method. The main advantages of obfuscation are Secrecy, Efficiency (some obfuscation techniques, like unused code removal, have the effect of shrinking the program and making it less resource intensive to run) and Security (obfuscation is a built-in security method, sometimes referred to as application self-protection. It is well-suited for protecting applications that run in an untrusted environment and that contain sensitive information). One of the main disadvantages of obfuscation is it is also by malware writers to evade antivirus programs.
https://www.techtarget.com/searchsecurity/definition/obfuscation#:~:text=Obfuscation%20means%20to%20make%20something,code%20is%20one%20obfuscation%20method.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
BDSec
Highly Voted 2 years, 2 months agojackdryan
1 year, 6 months agoprojtfer
Highly Voted 2 years, 1 month agoeboehm
Most Recent 7 months, 2 weeks agoMoose01
1 year ago74gjd_37
1 year, 2 months agoRVoigt
1 year, 9 months agoRVoigt
1 year, 9 months agoDee83
1 year, 10 months agoMr_Zaw
1 year, 10 months agosomkiatr
1 year, 10 months agosomkiatr
1 year, 10 months agoHava_2013
2 years agooudmaster
1 year, 11 months agoJamati
2 years agoJAckThePip
2 years, 1 month agostickerbush1970
2 years, 2 months ago