DRAG DROPDrag and drop the appropriate external constructs in front of their respective functions.

Solution:
There are two types of compositional constructs: 1.External constructs: The various types of external constructs are as follows: Cascading: In this type of external construct, one system gains the input from the output of another system. Feedback: In this type of external construct, one system provides the input to another system, which in turn feeds back to the input of the first system. Hookup: In this type of external construct, one system communicates with another system as well as with external entities. 2.Internal constructs: The internal constructs include intersection, union, and difference.

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

"Enhancing the Development Life Cycle to Produce Secure Software" summarizes the tools and practices that are helpful in producing secure software. What are these tools and practices? Each correct answer represents a complete solution. Choose three.

1. A. Leverage attack patterns
2. B. Compiler security checking and enforcement
3. C. Tools to detect memory violations
4. D. Safe software libraries
5. E. Code for reuse and maintainability

Correct Answer: BCD
The tools and practices that are helpful in producing secure software are summarized in the report "Enhancing the Development Life Cycle to Produce Secure Software". The tools and practices are as follows: Compiler security checking and enforcement Safe software libraries Runtime error checking and safety enforcement Tools to detect memory violations Code obfuscation Answer A and E are incorrect. These are secure coding principles and practices of defensive coding.

Which of the following statements are true about declarative security? Each correct answer represents a complete solution. Choose all that apply.

1. A. It is employed in a layer that relies outside of the software code or uses attributes of the code.
2. B. It applies the security policies on the software applications at their runtime.
3. C. In this security, authentication decisions are made based on the business logic.
4. D. In this security, the security decisions are based on explicit statements.

Correct Answer: ABD
Declarative security applies the security policies on the software applications at their runtime. In this type of security, the security decisions are based on explicit statements that confine security behavior. Declarative security applies security permissions that are required for the software application to access the local resources and provides role-based access control to an individual software component and software application. It is employed in a layer that relies outside of the software code or uses attributes of the code. Answer B is incorrect. In declarative security, authentication decisions are coarse- grained in nature from an operational or external security perspective.

Which of the following are examples of passive attacks? Each correct answer represents a complete solution. Choose all that apply.

1. A. Dumpster diving
2. B. Placing a backdoor
3. C. Eavesdropping
4. D. Shoulder surfing

Correct Answer: ACD
In eavesdropping, dumpster diving, and shoulder surfing, the attacker violates the confidentiality of a system without affecting its state. Hence, they are considered passive attacks.

The LeGrand Vulnerability-Oriented Risk Management method is based on vulnerability analysis and consists of four principle steps. Which of the following processes does the risk assessment step include? Each correct answer represents a part of the solution. Choose all that apply.

1. A. Remediation of a particular vulnerability
2. B. Cost-benefit examination of countermeasures
3. C. Identification of vulnerabilities
4. D. Assessment of attacks

Correct Answer: BCD
Risk assessment includes identification of vulnerabilities, assessment of losses caused by threats materialized, cost-benefit examination of countermeasures, and assessment of attacks. Answer A is incorrect. This process is included in the vulnerability management.