Appendix A. Answers to Assessment Questions

  1. The level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software, is the definition of:

    1. Software risk

    2. Software impact

    3. Software assurance

    4. Software accountability

    Answer: C

    Option C is the definition of assurance from the U.S. Department of Defense (DoD) Software Assurance Initiative. Options A, B, and D are made-up distracters.

  2. Seven complementary elements that support information assurance are confidentiality, integrity, availability, authentication, authorization, accountability, and:

    1. Repudiation

    2. Auditing

    3. Operations

    4. Acquisition

    Answer: B

    Options A, C, and D are not directly involved with the support of assurance.

  3. A form of confidentiality breach that is accomplished by studying the volume, rate, source, and destination of transmitted messages is:

    1. Inference analysis

    2. Covert channel analysis

    3. Messaging analysis

    4. Traffic analysis

    Answer: D

    Option D is correct by the definition of traffic analysis. Options A and C are made-up distracters, and option B refers to hidden data transfer paths.

  4. An unauthorized and unintended communication path that provides for exchange of information is a:

    1. Secret link

    2. Covert channel

    3. Covert encryption

    4. Communication pipe

    Answer: B

    The correct option is B.

  5. The ability of an entity to use and correlate information protected at one level of security to uncover information that is protected at a higher security level is called: ...

Get The CSSLP™ Prep Guide: Mastering the Certified Secure Software Lifecycle Professional now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.