Wk-3 Quiz
nrvamcni143
quiz-3.docxWhich is an approach for mitigating tampering?
|
|
a. |
Tripwire |
|
|
b. |
Reference monitor |
|
|
c. |
Both A and B |
|
|
d. |
Neither A nor B |
The high-trust side of an API needs to do the following:
|
|
a. |
Disconnect users after 5 minutes |
|
|
b. |
Perform all security checks inside the trust boundary |
|
|
c. |
Both A and B |
|
|
d. |
Neither A nor B |
Which is an audience for external security notes?
|
|
a. |
Agents |
|
|
b. |
Customers |
|
|
c. |
API Callers |
|
|
d. |
Both B and C |
Which is an approach for mitigating denial of service?
|
|
a. |
DNS hosting |
|
|
b. |
Stenography |
|
|
c. |
Traffic filtering |
|
|
d. |
All of the above |
Which is an approach for mitigating spoofing?
|
|
a. |
Two-factor authentication |
|
|
b. |
Kerberos authentication |
|
|
c. |
Both A and B |
|
|
d. |
Neither A nor B |
Good security design involves:
|
|
a. |
Hiring brilliant programmers |
|
|
b. |
Both C and D |
|
|
c. |
Enforcement of the customer/vendor trust boundary |
|
|
d. |
Minimizing risk through appropriate design |
Which is an approach for mitigating repudiation?
|
|
a. |
Device fingerprinting |
|
|
b. |
IP address geolocation |
|
|
c. |
IPSEC |
|
|
d. |
Both A and B |
Which is the best way to address threats to a system?
|
|
a. |
IP Filtering |
|
|
b. |
Standard, well-tested products and features |
|
|
c. |
Customer solutions |
|
|
d. |
A but not C |
What is the most important task that designers of new technology can perform?
|
|
a. |
Implement SHA-3 |
|
|
b. |
Keep their design secret |
|
|
c. |
Isolate their solution from the Internet |
|
|
d. |
Define and communicate trust relationships |
The best time to threat model is:
|
|
a. |
Both B and C |
|
|
b. |
At the start of a project |
|
|
c. |
As you work through the features |
|
|
d. |
B but not C |
