CSSLP Domain 2 - Secure Software Requirements Questions and Answers 100% Pass

CSSLP Domain 2 - Secure Software Requirements Questions and Answers 100% Pass Which of the following MUST be addressed by software security requirements? Choose the BEST answer. A. Technology used in building the application B. Goals and objectives of the organization C. Software quality requirements. D. External auditor requirements - Correct Answer ️️ -B. Goals and objectives of the organization Which of the following types of information is exempt from confidentiality requirements? A. Directory information B. Personally identifiable information (PII) C. User's card holder data D. Software architecture and network diagram - Correct Answer ️️ -A. Directory information Requirements that are identified to protect against the destruction of information or the software itself are commonly referred to as A. confidentiality requirements B. integrity requirements C. availability requirements D. authentication requirements - Correct Answer ️️ -C. availability requirements The amount of time by which business operations need to be restored to service levels as expectd by the business when there is a security breach or disaster is known as A. Maximum Tolerable Downtime (MTD) B. Mean Time Before Failure (MTBF) C. Minimum Security Baselinee (MSB) D. Recovery Time Objective (RTO) - Correct Answer ️️ -D. Recovery Time Objective (RTO) The use of an individual's physical characteristics such as retinal blood patterns and fingertips for validating and verifying the user's identity if referred to as A. biometric authentication B. forms authentication C. digest authentication D. integrated authentication - Correct Answer ️️ -A. biometric authentication Which of the following policies is MOST likely to include the following requirement? "All software processing financial transactions need to use more than one factor to verify the identity of the entity requesting access" A. Authorization B. Authentication C. Auditing D. Availability - Correct Answer ️️ -B. Authentication A means of restricting access to objects based on the identity of subjects and/or groups to which they belong, as mandated by the requested resource owner is the definition of A. Non-discretionary Access Control (NDAC) B. Discretionary Access Control (DAC) C. Mandatory Access Control (MAC) D. Role based Access Control - Correct Answer ️️ -B. Discretionary Access Control (DAC) Requirements which when implemented can help to build a history of events that occurred in the software are known as A. authentication requirements B. archiving requirements C. accountability requirements D. authorization requirements - Correct Answer ️️ -C. accoun