Question 2 Language agnostic methods for protecting software systems include secure software design concepts as below. Match the concept with the (possibly partial) explanation.

1. Least privilege 2. Seperation of duties 3. Economy of mechanism 4. Open design A. 1️⃣ A user or process is given only the minimum level of access rights that is necessary to complete an assigned operation during a minimum amount of time
   B. 4️⃣ Unlike security by obscurity, we make implementation details independent from the design
   C. 2️⃣ The successful completion of a task should depend on two or more conditions and all need to be met
   D. 3️⃣ Keep the software design and the implementation details simple in order to reduce the attack surface of the software

Question 3 The benefits of designing security early in the SDLC include:

1. ✅ Substantial cost savings 2. ✅ Business logic flows addressed 3. All client requirements satisfied 4. ✅ Resiliant and recoverable software 5. ✅ Minimal re-design needed 6. Testing becomes easy 7. ✅ Quality software with less security errors

Question 9 Order the functionality classes in a software assurance methodology such that they match the software development life cycle

1️⃣ Governance
2️⃣ Construction
3️⃣ Verification
4️⃣ Deployment

Question 1 The major benefits of symmetric key cryptography are/is:
NOTE: Wrong choices give negative points

1. Easy to manage and exchange keys 2. Small numbers of keys are required 3. ✅ Speed 4. Provides non-repudiation 5. ✅ Good for large volumes of data

Question 4 Language agnostic methods for protecting software systems include secure software design concepts as below.

1. The successful completion of a task should depend on two or more conditions and all ned to be met. 2. Unlike security by obscurity, we make implementation details independent from the design. 3. Keep the software design and the implementation details simple in order to reduce the attack surface of the software. 4. A user or process is given only the minimum level of access rights that is necessary to complete an assigned operation during a minimum amount of time. Match the values: 1. Seperation of duties 2. Open design 3. Economy of mechanism 4. Least privilege

Question 5 Place the following software development life cycle stages starting from the beginning of the software development project.

6. 1️⃣ Requirements specification. 2. 2️⃣ Design 4. 3️⃣ Construction (a.k.a implementation or coding). 5. 4️⃣ Testing and debugging (a.k.a verification). 1. 5️⃣ Installation 3. 6️⃣ Maintenance

Question 9 In public key cryptography which of the following are true?
NOTE: Wrong choices give negative points

1. The public key can be used both for encryption and decryption. 2. The public key can be used only for decryption. 3. ✅ The private key can be used only for decryption. 4. The private key can be used both for encryption and decryption. 5. The private key can be used only for encryption. 6. ✅ The public key can be used only for encryption.

Question 13 In GDPR the concept of Processing is very important. Which of the following operations are regarded by GDPR as forms of processing?
NOTE: Wrong choices give negative points

1. ✅ Retrieval 2. Dissemination 3. Adaptation 4. ✅ Organization 5. ✅ Logging 6. ✅ Erasure 7. ✅ Use 8. ✅ Structuring 9. Disclosure 10. Consultation

Question 14 What kind of activities are common for the second stage of the Code Review Process?
NOTE: Wrong choices give negative points

1. Collect developer documentation. 2. ✅ Perform interview(s) with the developer(s). 3. ✅ Get access to the source code (when possible). 4. Define the goal of the review.

Question 17 Which of the following properties are provided by public key cryptography?
NOTE: Wrong choices give negative points

1. ✅ Confidentiality. 2. ✅ Integrity assurance. 3. ✅ Repudiation. 4. ✅ Authentication. 5. Access control.

Question 24 Extended Validation Certificates are useful against:
NOTE: Wrong choices give negative points

1. Cryptographic attacks. 2. SQL injection attack. 3. ✅ MITM attacks. 4. ✅ Phishing attacks.

Question 27 Good modular programming is related to which of the following concepts?
NOTE: Wrong choices give negative points
Select one or more alternatives:

1. ✅ High cohesion. 2. Broad access rights. 3. Interconnected. 4. Multiple purpose. 5. ✅ Loosely coupled.

Question 29 Which of the following types of malware are of proliferative type?
NOTE: Wrong choices give negative points

1. Spyware 2. ✅ Worm 3. Adware 4. ✅ Virus 5. Rootkit

Question 30 Three aspects need to coexist in order for race conditions to appear. Which ones are those?
NOTE: Wrong choices give negative points

Select one or more alternatives: 1. ✅ Concurrency aspect 2. Acccess control aspect 3. ✅ Shared object 4. Encryption aspect 5. ✅ Change of state aspect

Question 36 The benefits of designing security early in the SDLC include:
NOTE: Wrong choices give negative points

Select one or more alternatives: 1. Testing becomes easy. 2. ✅ Quality software with less security errors. 3. ✅ Substantial cost savings. 4. Business logic flows addressed. 5. ✅ Minimal re-design needed. 6. All client requirements satisfied. 7. ✅ Resilient and recoverable software.

Question 38 When doing threat modelling one needs to rank the risk of threats. One risk ranking categorization framework is DREAD, which stands for

(order the following) 5. 1️⃣ Damage potential 2. 2️⃣ Reproducibility 3. 3️⃣ Exploitability 4. 4️⃣ Affected users 1. 5️⃣ Discoverability

Question 39 Three common assumptions made about sessions are: NOTE: Wrong choices give negative points
Select one or more alternatives:

1. IPSec is used for the entire time. 2. ✅ The client is authenticated. 3. Communication within the session is unidirectional. 4. ✅ The communication within the session is secure. 5. ✅ No other entities than the authenticated ones are active in the session. 6. The session ID is strong, usually based on MAC addresses or reverse-DNS results.

Question 40 Which of the following is NOT part of a DFD?
Select one alternative:

1. Data store 2. Process 3. ✅ External entity 4. Trust boundary 5. Data flow 6. Attack surface

Question 44 Microsoft has introduced a goal-based model for identifying threats called STRIDE. This stands for

(order the following) 6. 1️⃣ Spoofing 4. 2️⃣ Tampering 5. 3️⃣ Repudiation 1. 4️⃣ Information disclosure 2. 5️⃣ Denial of service 3. 6️⃣ Elevation of privilege

Question 46 Mechanisms/principles that are related to protecting data at rest include:
NOTE: Wrong choices give negative points
Select one or more alternatives:

1. ✅ Avoid hard coding secrets in code 2. ✅ Use salting for passwords 3. ✅ Allow to easily replace the cryptographic algorithms 4. Protect backups and logs 5. Do not rely on encryption on the wire

Question 2 Which of the following types of malware are of proliferative type?
Wrong selections may give negative points.
Select one or more alternatives: 1. Adware 2. ✅ Worm 3. Spyware 4. ✅ Virus 5. Rootkit

Question 3 What does a DPO (Data Protection Officer) do?
Wrong selections may give negative points.
Select one or more alternatives:

1. Decides which data to collect 2. ✅ Advises the controller on privacy aspects. 3. ✅ Helps with implementing privacy-by-design. 4. ✅ Monitors the controller for compliance. 5. ✅ Helps in cooperations with authorities.

Question 6 In GDPR the concept of Processing is very important. Which of the following operations are regarded by GDPR as forms of processing?
Wrong selections may give negative points.
Select one or more alternatives:

1. ✅ Disclosure 2. ✅ Consultation 3. ✅ Use 4. ✅ Adaptation 5. ✅ Erasure 6. ✅ Structuring 7. ✅ Retrieval 8. ✅ Organization 9. ✅ Dissemination

Question 14 Place the functionality classes in a software assurance methodology (displayed as the column headers) such that they match their order in the software development life cycle (displayed on the side as the row headers).

(match the following) A. Earliest - 4. Verification B. Early - 1. Construction C. Later - 2. Deployment D. Latest - 3. Governance

1. Construction 2. Deployment 3. Governance 4. Verification

Question 17 The figure below is closest to which of the following concepts?

1. ✅ Key management 2. Secure file management 3. Trusted platform module usage process 4. SDLC

Question 21 Microsoft has introduced a goal-based model for identifying threats called STRIDE. This stands for

(order the following) 6. 1️⃣ Spoofing 4. 2️⃣ Tampering 5. 3️⃣ Repudiation 1. 4️⃣ Information disclosure 2. 5️⃣ Denial of service 3. 6️⃣ Elevation of privilege

Question 35 When doing threat modelling one needs to rank the risk of threats. One risk ranking categorization framework is DREAD, which stands for

(order the following) 5. 1️⃣ Damage potential 2. 2️⃣ Reproducibility 3. 3️⃣ Exploitability 4. 4️⃣ Affected users 1. 5️⃣ Discoverability

Question 38 Which of the following properties are provided by public key cryptography? (Wrong selections may give negative points.)

1. ✅ Non-repudiation 2. ✅ Authentication 3. ✅ Access control 4. ✅ Integrity assurance. 5. ✅ Confidentiality.

Question 39 Regarding the place where input validation should be performed, which of the following claims are true?
Wrong selections may give negative points.
Select one or more alternatives:

1. ✅ Input validation should always be done for those critical receivers, like a DBMS. 2. Can validate on both the client and the receiver. 3. ✅ Input validation should be done at least on the receiver side. 4. Input validation on the client side is enough. EKSAMEN 2023 Which of the following is a feature of most recent operating systems (OS) that makes it difficult for an attacker to guess the memory address of the program as it makes the memory address different each time the program is executed? Select one alternative: Executable Space Protection (ESP). Data Execution Prevention (DEP). Safe Security Exception Handler (/SAFESEH). Address Space Layout Randomization (ASLR).IIKG2001 1 Software Security Three common assumptions made about sessions are: NOTE: Wrong choices give negative points Select one or more alternatives: IPSec is used for the entire time. The client is authenticated. The session ID is strong, usually based on MAC addresses or reverse-DNS results. The communication within the session is secure. Communication within the session is unidirectional. No other entities than the authenticated ones are active in the session. Good modular programming is related to which of the following concepts? NOTE: Wrong choices give negative points Select one or more alternatives: Loosely coupled. Interconnected. Multiple purpose. High cohesion. Broad access rights.IIKG2001 1 Software Security Extended Validation Certificates are useful against: NOTE: Wrong choices give negative points Select one or more alternatives: Cryptographic attacks. MITM attacks. Phishing attacks. SQL injection attack. Regarding the place where input validation should be performed, which of the following claims are FALSE? Select one alternative: Input validation on the client side is enough. Input validation should always be done for those critical receivers, like a DBMS. Can validate on both the client and the receiver. Input validation should be done at least on the receiver side User education is the best defense against this type of threat agent. Mere documentation and help guides are insufficient measures, if they are not used appropriately. Select one alternative: Organized cybercriminals. Hacktivists. Script kiddies. Ignorant user. Insider. The WEAKEST algorithm among the following ones is: Select one alternative: Rijndael AES RC6 DES Blowfish When distributing signed software on the Internet one uses ( Extended Validation Certificate, Server Certificate, Personal Certificate, Software Publisher Certificate). Software Publisher Certificate Mechanisms/principles that are related to protecting data at rest include: NOTE: Wrong choices give negative points Select one or more alternatives: Use salting for passwords. Allow to replace easily the cryptographic algorithms. Do not rely only on encryption on the wire. Avoid hard coding secrets in code. Protect backups and logs. The process of removing private information from sensitive data sets is referred to as (Formatting, Anonymization, Sanitization, Degaussing). Using multifactor authentication is effective in mitigating which of the following application security risks? Select one alternative: Injection flows. Buffer overflow. Cross-Site Scripting (XSS). Man-in-the-Middle (MITM). Anonymization The benefits of designing security early in the SDLC include: NOTE: Wrong choices give negative points Select one or more alternatives: Substantial cost savings. Business logic flows addressed. Testing becomes easy. Resilient and recoverable software. Quality software with less security errors. All client requirements satisfied. Minimal re-design needed. A race condition is defined as: Select one alternative: Two concurrent executions that depend on a shared resource in order to make progress. A common variable that is used by two or more processes. A condition upon which the execution of the thread stops. Two concurrent threads that communicate. Cryptographic agility means: Select one alternative: That the application uses only recommended cryptographic algorithms, such as those found in the Microsoft's SDL documentation. That the application is designed to allow for easily swapping the cryptographic algorithms. That the application uses fast cryptographic algorithms. That the application uses custom developed cryptographic algorithms. The FIRST step in the Protection Needs Elicitation (PNE) process is to (do model information management, identify least privilege applications, engage the customer, conduct threat modeling and analysis). When software is able to withstand attacks from a threat agent and not violate the security policy it is said to be exhibiting which of the following attributes? Select one alternative: Redundancy. Resiliency. Reliability. Recoverability. engage the customer In public key cryptography which of the following are true? NOTE: Wrong choices give negative points Select one or more alternatives: The private key can be used only for encryption. The private key can be used both for encryption and decryption. The public key can be used only for decryption. The public key can be used both for encryption and decryption. The public key can be used only for encryption. The private key can be used only for decryption. The PRIMARILY element used for authentication purposes in a Single Sign On (SSO) implementation between two different companies is (RBAC session, Kerberos ticket, Security Assert Markup Language (SAML) token, One Time Password). Security Assert Markup Language (SAML) token In GDPR the concept of Processing is very important. Which of the following operations are regarded by GDPR as forms of processing? NOTE: Wrong choices give negative points Select one or more alternatives: Retrieval Organization Use Dissemination Structuring Consultation Adaptation Erasure Disclosure Logging Which of the following is an activity that can be performed to clarify requirements with the business users using diagrams that model the expected behavior of the software? Select one alternative: Use case modeling. Data modeling. Misuse case modeling. Threat modeling. Which of the following are sources of input that need to be validated? NOTE: Wrong choices give negative points Select one or more alternatives: Internal module. User. External service. External library. Audit logs can be used for all the following, EXCEPT one. Which one? Select one alternative: Providing evidentiary information. Detecting the actions that were undertaken. Assuring that the user cannot deny their actions. Preventing a user from performing some unauthorized operations. During a threat modeling exercise, the software architecture is reviewed to identify (business impact, critical assets, attackers, entry points). entry points Which of the following is NOT part of a DFD? Select one alternative: External entity. Process. Trust boundary. Data flow. Data store. Attack surface. Implementing CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a means to protect against: Select one alternative: SQL Injection. Cross-Site Request Forgery (CSRF). Cross-Site Scripting (XSS). Insecure cryptographic storage. The process of eliciting concrete software security requirements from high level regulatory and organizational directives and mandates in the requirements phase of the SDLC is also known as (Threat modeling, Misuse case generation, Subject-object modeling, Policy decomposition). Policy decomposition John is part of the "author" role and also part of the "approver" role, so that he can quickly approve and publish his posts on the company's blog. Does this violate any of the following principles? Select one alternative: Complete mediation. Least common mechanism. Separation of duties. Least privilege. In GDPR, the Right to be Informed is BEST related to which of the following privacy principles? Select one alternative: Lawfulness Security Consent Retention Programming in the style of "On Error Resume Next" breaks with which principle? Select one alternative: Fail securely. Complete mediation. Open design. Defense in depth. During which phase of the software development lifecycle is threat modelling initiated? Select one alternative: Coding/Implementation Requirements analysis Operations Design What does a DPO do? NOTE: Wrong choices give negative points Select one or more alternatives: Advises the controller on privacy aspects. Helps in cooperations with authorities. Decides which data to collect. Monitors the controller for compliance. Helps with implementing privacy-by-design. Which of the following properties can be achieved using public key cryptography? NOTE: Wrong choices give negative points Select one or more alternatives: Access control. Repudiation. Confidentiality. Integrity assurance. Authentication. Verbose error messages and unhandled exceptions can result in which of the following software security threats? Select one alternative: Tampering. Spoofing. Repudiation. Information disclosure. Which of the following types of malware are of proliferative type? NOTE: Wrong choices give negative points Select one or more alternatives: Rootkit Spyware Worm Virus Adware Three aspects need to coexist in order for race conditions to appear. Which ones are those? NOTE: Wrong choices give negative points Select one or more alternatives: Change of state aspect. Access control aspect. Encryption aspect. Shared object aspect. Concurrency aspect. What kind of activities are common for the second stage of the Code Review Process? NOTE: Wrong choices give negative points Select one or more alternatives: Define the goal of the review. Perform interview(s) with the developer(s). Collect developer documentation. Get access to the source code (when possible). There are several code auditing strategies. To which of the strategies below does the following activity best belong to? "Analyze the source code directly, e.g., by tracing inputs, to gain understanding of the application and find vulnerabilities." Select one alternative: Candidate points Design generalization Code comprehension Forward tracing The major benefits of symmetric key cryptography are/is: NOTE: Wrong choices give negative points Select one or more alternatives: Good for large volumes of data. Easy to manage and exchange keys. Provides non-repudiation. Speed. Small number of keys are required. Which of the following is the PRIMARY reason for an application to be susceptible to a Man-in-the-Middle (MITM) attack? Select one alternative: Lack of encryption. Improper session management. Improper archiving. Lack of auditing. In symmetric key cryptography system with n users, how many keys need to be generated? Select one alternative: Exponentially many. Polynomially many. The following are different names used for the same security design principle: Least Privilege and Least Common Mechanism. Select one alternative: False True Place the following software development life cycle stages starting from the beginning of the software development project. Drag and drop the left on the correct place on the right. Parity bit checking mechanism can be used for all of the following EXCEPT (Integrity assurance, Error detection, Input validation, Message corruption). Input validation Requirements specification. Design. Construction (a.k.a implementation or coding). Testing and debugging (a.k.a verification). Installation. Maintenance. Code signing can provide all of the following EXCEPT one. Which one is it? Select one alternative: Authentication of users. Anti-tampering protection. Runtime permissions for code. Authenticity of code origin. Which of the following is a covert mechanism that assures confidentiality? Select one alternative: Masking Steganography Encryption Hashing Which of the following transport layer technologies can BEST mitigate session hijacking and replay attacks in a local area network (LAN)? Select one alternative: Digital Rights Management (DRM). Data Loss Prevention (DLP). Secure Sockets Layer (SSL). Internet Protocol Security (IPSec). When a customer attempts to log into their bank account, the costumer is required to enter a nonce from the token device that was issued to the customer by the bank. This type of authentication is also known as which of the following? Select one alternative: Knowledge based authentication. Characteristic based authentication. Two factor authentication. Ownership based authentication. The property of software to withstand attacks that attempt to modify or alter data in an unauthorized manner is referred to as (Integrity, Confidentiality, Availability, Authorization). When software is purchased from a third party instead of being built in-house, it is imperative to have software requirements explicitly specified in which of the following? Select one alternative: Service Level Agreements (SLA). Non-compete Agreements. Non-Disclosure Agreements (NDA). Project plan. Integrity Which of the following is LEAST LIKELY to be identified by misuse case modeling? Select one alternative: Mis-actors. Race conditions. Attacker's perspective. Negative requirements. Place the following software development life cycle stages starting from the beginning of the software development project. Drag and drop the left on the correct place on the right. 1. Requirements specification. 2. Design. 3. Construction (a.k.a implementation or coding). 4. Testing and debugging (a.k.a verification). 5. Installation. 6. Maintenance.