Secure Software Development Chapter 1: Objectives and Concepts

Questions and Answers

What is the primary focus of the SDLC methodology in software development?

Maximizing the design phase

Minimizing the attack surface area

Accounting for security in each phase (correct)

Improving the coding phase

What is the purpose of threat modeling in the SDLC design phase?

To identify potential vulnerabilities (correct)

To authenticate and manage passwords

To minimize the attack surface area

To analyze security and privacy risks

What is the primary purpose of the testing phase in the SDLC methodology?

To implement the design

To analyze security and privacy risks

To detect potential vulnerabilities (correct)

To maintain software upgrades

What is the main goal of privacy compliance laws?

To meet legal requirements for personal information

Which of the following is NOT a phase of the SDLC methodology?

Deployment phase

What is the primary purpose of enumerations of known software vulnerabilities in the SDLC coding phase?

To check software for vulnerabilities

What is the primary focus of the Agile methodology in software development?

Iterative and incremental development

What is the primary purpose of white-box testing in software development?

To test software with complete knowledge of the internal workings

Which of the following is NOT a type of testing methodology in software development?

Requirements testing

What is the primary purpose of the maintenance phase in the SDLC methodology?

To maintain software upgrades and repairs