ISC2-CSSLP Domain 4: Secure Software Architecture and Design Welcome to your ISC2-CSSLP Domain 4: Secure Software Architecture and Design 1. CSSLP: Secure Software Architecture and Design Which of the following design patterns is MOST effective in preventing SQL injection attacks in a software application? A. Singleton Pattern B. Factory Method Pattern C. Data Access Object (DAO) Pattern D. Observer Pattern None 2. CSSLP: Secure Software Architecture and Design In the context of secure software design, what is the primary purpose of implementing a 'security facade'? A. To provide a single, unified API that abstracts the complexity of underlying security mechanisms. B. To continuously monitor and log all system activities for security auditing. C. To enforce fine-grained access control to system resources. D. To encrypt data at rest and in transit within the application. None 3. CSSLP: Secure Software Architecture and Design Which principle of secure design ensures that a system's security does not depend solely on the secrecy of its implementation or its components? A. Principle of Least Privilege B. Principle of Fail-Safe Defaults C. Principle of Open Design D. Principle of Defense in Depth None 4. CSSLP: Secure Software Architecture and Design In secure software architecture, which of the following best describes the concept of 'defense in depth'? A. The use of multiple security controls at different points in the software to mitigate risk. B. Implementing security measures at the network perimeter only. C. Relying on a single, strong layer of security to protect all assets. D. Focusing security efforts solely on high-risk components of the software. None 5. CSSLP: Secure Software Architecture and Design Which of the following secure design principles helps to ensure that a system gracefully degrades its functionality in the face of attacks? A. Principle of Least Privilege B. Principle of Fail-Secure C. Principle of Economy of Mechanism D. Principle of Complete Mediation None 6. CSSLP: Secure Software Architecture and Design In secure software design, the use of an 'input validation framework' primarily serves to: A. Optimize the performance of database queries. B. Ensure that all user inputs are checked against a set of defined security rules before processing. C. Encrypt user inputs to secure data in transit. D. Provide a user-friendly interface for inputting data. None 7. CSSLP: Secure Software Architecture and Design Which of the following architectural patterns is MOST beneficial for ensuring data confidentiality and integrity in a multi-tier software application? A. Microkernel Pattern B. Broker Pattern C. Model-View-Controller (MVC) Pattern D. Layered Pattern None 8. CSSLP: Secure Software Architecture and Design In the context of secure software design, 'compartmentalization' is used to: A. Enhance the user experience by customizing the UI based on user roles. B. Reduce the software's memory footprint to improve performance. C. Isolate different components or modules to contain failures and prevent security breaches from spreading. D. Merge all security functions into a single module to simplify security management. None 9. CSSLP: Secure Software Architecture and Design What is the main security advantage of implementing the 'Principle of Least Privilege' in software design? A. It ensures that all users have the permissions they need to perform their tasks efficiently. B. It minimizes the potential damage by restricting access rights for users to the bare minimum necessary to perform their duties. C. It simplifies the codebase by removing unnecessary functions. D. It accelerates development timelines by reducing the complexity of access control implementations. None 10. CSSLP: Secure Software Architecture and Design Secure software architecture aims to integrate security into the design process. Which of the following approaches is LEAST effective in achieving this objective? A. Conducting threat modeling during the early phases of design. B. Postponing security considerations until the testing phase. C. Utilizing secure coding standards and guidelines. D. Implementing security requirements as non-functional requirements. None 11. CSSLP: Secure Software Architecture and Design The 'security by obscurity' strategy is generally considered inadequate for secure software design because: A. It relies on publicizing the source code for peer review. B. It depends on the secrecy of design or implementation details as the main method of providing security. C. It increases the complexity and cost of software development. D. It mandates the use of open standards for encryption algorithms. None 12. CSSLP: Secure Software Architecture and Design In secure software architecture, the concept of 'immutable objects' is applied to: A. Allow objects to change state in response to user inputs. B. Prevent the modification of an object's state after it has been created. C. Facilitate dynamic changes to the software's user interface. D. Enhance the modifiability of the software to accommodate future requirements. None 13. CSSLP: Secure Software Architecture and Design Which secure design principle is MOST effective in mitigating the risks associated with cross-site scripting (XSS) vulnerabilities? A. Principle of Complete Mediation B. Principle of Least Common Mechanism C. Principle of Secure Defaults D. Principle of Data Validation and Sanitization None 14. CSSLP: Secure Software Architecture and Design In the context of secure software design, 'Trust Boundaries' are used to: A. Define the perimeter where the software interfaces with external systems or users. B. Specify the encryption algorithms used in data transmission. C. Identify the users who have administrative access to the software. D. Determine the geographical location of the server hosting the software. None 15. CSSLP: Secure Software Architecture and Design The adoption of the 'Microservices Architecture' in secure software design can enhance security through: A. Increased system complexity, making it harder for attackers to understand the system. B. Centralization of security controls, simplifying security management. C. Isolation of service failures, preventing a single point of compromise from affecting the entire system. D. Reduction of code reuse, minimizing the propagation of vulnerabilities. None 16. CSSLP: Secure Software Architecture and Design What is the primary benefit of implementing 'Rate Limiting' in a web application's architecture? A. It ensures equitable server resource allocation among users. B. It prevents denial-of-service attacks by limiting the frequency of requests from a single source. C. It enhances the application's response time by queuing requests. D. It reduces the overall traffic to the website, lowering hosting costs. None 17. CSSLP: Secure Software Architecture and Design Secure software architecture leverages 'Encryption at Rest' to protect data by: A. Encrypting data only while it is being transmitted over the network. B. Encrypting data only when it is being processed by the application. C. Encrypting data stored on disk to prevent unauthorized access. D. Encrypting the entire runtime environment of the software. None 18. CSSLP: Secure Software Architecture and Design Which of the following is a key security benefit of the 'Strangler Fig Pattern' in software architecture? A. It allows for the gradual replacement of old code with new, more secure implementations. B. It encrypts data in transit between different components of the application. C. It centralizes user authentication in a single component of the application. D. It decreases the time required to develop new features by reusing existing code. None 19. CSSLP: Secure Software Architecture and Design In secure software architecture, the principle of 'Separation of Duties' is employed to: A. Assign different security roles and responsibilities to separate software modules. B. Divide a program into client-side and server-side components for better performance. C. Ensure that all software tasks are executed by a central processing unit. D. Implement different user interfaces for administrators and regular users. None 20. CSSLP: Secure Software Architecture and Design What is the primary purpose of 'Content Security Policy' (CSP) in the context of secure web application design? A. To define which external resources can be loaded and executed by the web application. B. To ensure that all content on the website is optimized for mobile devices. C. To compress content to reduce load times and bandwidth usage. D. To automatically update web content based on user preferences. None 1 out of 20 Time is Up! Time's up
