[CCCure CISSP] Q3April-13 Some cccure Quiz question doubts

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] Q3April-13 Some cccure Quiz question doubts

Amlan Deb

Hi guys,
 
I have some doubts regarding some cccure Quiz questions and concepts mentioned below. Would really appreciate it if you could take out some time and help me with them.
 
Thanks,
Amlan
 

Doubt#3
========
(This one involves 2 questions and explanations which are mentioned below)
 

100. 

1.     Question: 1454 | Difficulty: 5/5 | Relevancy: 3/3

Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options?

o      Detailed design

o      Implementation

o     Product design

o      Software plans and requirements

You did not provide any answer to this question. Please review details below.

The Product design phase deals with incorporating security specifications, adjusting test plans and data, determining access controls, design documentation, evaluating encryption options, and verification.

Implementation is incorrect because it deals with Installing security software, running the system, acceptance testing, security software testing, and complete documentation certification and accreditation (where necessary).

Detailed design is incorrect because it deals with information security policy, standards, legal issues, and the early validation of concepts.

software plans and requirements is incorrect because it deals with addressesing threats, vulnerabilities, security requirements, reasonable care, due diligence, legal liabilities, cost/benefit analysis, level of protection desired, test plans.

Sources:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 252).

KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Security Life Cycle Components, Figure 7.5 (page 346).

Last modified - J. Hajec 8/23/2007

Thanks to Weerayut Cheewornmongkhol for pointing out a problem with this question.

Contributor: Christian Vezina

Covered topic: <A title="System development life cycle - The period of time that begins when a system is conceived and ends when it is no longer available for use." href="javascript:void(0)">System development life cycle

 

102. 

1.     Question: 1456 | Difficulty: 5/5 | Relevancy: 3/3

At which of the following phases of a software development life cycle are security and access controls normally designed?

o      Coding

o      Product design

o      Software plans and requirements

o     Detailed design

You did not provide any answer to this question. Please review details below.

The detailed design phase covers designing security controls commensurate with legal requirements, designing access controls, employing encryption, where defined, adapting security test plans, detailed documentation of the design, considering business continuity issues, finalizing the user GUI, and verification.

Product design is incorrect because it deals with incorporating security specifications, adjusting test plans and data,
determining access controls, design documentation, evaluating encryption options, and verification.

Coding is incorrect because it deals with developing information security-related code, implementing unit testing, incorporating other modules or units, supporting the business continuity plan, and developing documentation.

software plans and requirements is incorrect because it deals with addressesing threats, vulnerabilities, security requirements, reasonable care, due diligence, legal liabilities, cost/benefit analysis, level of protection desired, test plans.

Sources:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 252).

KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Security Life Cycle Components, Figure 7.5 (page 346).

Edited by Glen Chandler

 

My doubt: Qs. 100 definition of Detailed design doesn’t even include Access Control and suddenly in Qs.102 we find Access Control to be part of both Product design and Detailed design?

 

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org