CSSLP Domain 1 – Secure Software Concepts

Question 1

1. What are the three components of the CIA Triad, and what does each represent?

Answer 1

Confidentiality (prevent unauthorized disclosure), Integrity (prevent unauthorized modification), Availability (ensure reliable access).

Question 2

2. Define the three elements of AAA in security management.

Answer 2

Authentication (verify identity), Authorization (grant access rights), Accounting/Auditing (track user actions).

Question 3

3. What control combination ensures non-repudiation in software systems?

Answer 3

Proper configuration of authentication, authorization, and auditing/logging mechanisms.

Question 4

4. What does the Bell-LaPadula model enforce?

Answer 4

Confidentiality through the ‘no read up, no write down’ rules.

Question 5

5. What is the main focus of the Biba model?

Answer 5

Integrity through the ‘no write up, no read down’ rules.

Question 6

6. How does the Clark-Wilson model maintain integrity?

Answer 6

By enforcing well-formed transactions using Transformation Processes (TPs) and Integrity Verification Processes (IVPs).

Question 7

7. Which principle limits system access rights to the minimum necessary?

Answer 7

Least Privilege.

Question 8

8. What is the main goal of Separation of Duties?

Answer 8

To prevent fraud or abuse by dividing responsibilities among multiple individuals.

Question 9

9. What is the principle of Defense in Depth?

Answer 9

Using multiple, overlapping, and diverse layers of security controls to protect systems.

Question 10

10. What does the Fail-Safe principle require when a system fails?

Answer 10

It should default to a secure state (e.g., deny access).

Question 11

11. Why is Economy of Mechanism important in secure design?

Answer 11

Simplicity improves understanding, reduces attack surface, and minimizes misconfigurations.

Question 12

12. Define Complete Mediation.

Answer 12

All access requests are checked every time; authorization cannot be bypassed.

Question 13

13. What is meant by Open Design in security?

Answer 13

System security should not depend on secrecy of design; rely on secrecy of keys instead.

Question 14

14. What is the purpose of the Least Common Mechanism principle?

Answer 14

To prevent inadvertent data sharing between users by minimizing shared mechanisms.

Question 15

15. Why is Psychological Acceptability critical to system security?

Answer 15

Users must find controls reasonable and usable to avoid bypassing them.

Question 16

16. What does the Weakest Link principle suggest?

Answer 16

A system’s security is only as strong as its weakest component or process.

Question 17

17. Define Leveraging Existing Components and its risk.

Answer 17

Reusing tested components can improve security and efficiency, but creates monoculture risks if a flaw is found.

Question 18

18. What is a Single Point of Failure (SPOF)?

Answer 18

A single component whose failure can cause complete system failure; redundancy removes SPOFs.

Question 19

19. What are the three main types of access control models?

Answer 19

Mandatory Access Control (MAC), Discretionary Access Control (DAC), and Role-Based Access Control (RBAC).

Question 20

20. What differentiates MAC from DAC?

Answer 20

MAC restricts access based on classification and clearance; DAC allows owners to grant access.

Question 21

21. How does Attribute-Based Access Control (ABAC) differ from Role-Based?

Answer 21

ABAC uses attributes (user, object, environment) instead of predefined roles to grant access.

Question 22

22. What is the purpose of Session Management?

Answer 22

To ensure communication channels are secure and resistant to hijacking.

Question 23

23. What is Exception Management and why is it important?

Answer 23

Handling all exceptions safely to prevent leakage of system details or insecure states.

Question 24

24. What is Configuration Management in security?

Answer 24

Protecting configuration items from unauthorized changes, ensuring traceability and control.

Question 25

25. Which secure design principle best mitigates privilege escalation attacks?

Answer 25

Least Privilege, supported by Complete Mediation and Separation of Duties.

Question 26

Explain the difference between security governance and security management. (Domain 1)

Answer 26

Security governance defines direction, roles, and policies at a strategic level; security management operationalizes those policies day to day.

Question 27

Describe the importance of aligning software security goals with business objectives. (Domain 1)

Answer 27

Alignment ensures security supports business value delivery rather than obstructing it, balancing risk and opportunity.

Question 28

Define assurance in the context of software security. (Domain 1)

Answer 28

Assurance is confidence that software performs securely as intended, based on evidence such as testing, validation, and process maturity.

Question 29

Explain why software assurance is critical for compliance. (Domain 1)

Answer 29

It demonstrates that the organization systematically prevents vulnerabilities and manages risk across the SDLC, satisfying regulatory expectations.

Question 30

Describe how risk management integrates with secure software concepts. (Domain 1)

Answer 30

Risk management identifies, analyzes, and mitigates threats to software assets, guiding design and control decisions.

Question 31

Explain how culture impacts software security. (Domain 1)

Answer 31

A strong security culture promotes awareness, accountability, and secure behaviors across roles, reducing human-related risk.

Question 32

Define the term 'vulnerability' in software systems. (Domain 1)

Answer 32

A vulnerability is a weakness in design, code, configuration, or process that could be exploited by a threat actor.

Question 33

Identify the role of the CISO in promoting secure software concepts. (Domain 1)

Answer 33

The CISO champions governance, aligns policies with SDLC practices, and ensures teams have resources to embed security.

Question 34

Explain the role of policies, standards, and guidelines in software security. (Domain 1)

Answer 34

Policies define 'what' must be done, standards define 'how,' and guidelines provide flexible recommendations to support compliance.

Question 35

Describe how separation of duties reduces insider threat. (Domain 1)

Answer 35

By dividing critical functions among individuals, no single person can perform or conceal malicious actions without detection.

Question 36

Explain why the principle of least privilege is essential in development environments. (Domain 1)

Answer 36

It limits developer access to only necessary systems and data, reducing risk of accidental or malicious modification.

Question 37

Define the term 'control objective' and give an example. (Domain 1)

Answer 37

A control objective defines the purpose of a control; for example, 'ensure only authorized code is deployed to production.'

Question 38

Describe how auditability supports accountability. (Domain 1)

Answer 38

Auditable logs enable traceability of actions, linking them to specific users or systems to prove accountability.

Question 39

Explain how threat intelligence contributes to secure software concepts. (Domain 1)

Answer 39

It informs developers and architects about emerging attack vectors, enabling proactive design adjustments and testing.

Question 40

Define the term 'security domain' and its purpose. (Domain 1)

Answer 40

A security domain is a logical boundary within which security policies are enforced consistently to control access and data flow.

Question 41

Explain how business impact analysis relates to software security. (Domain 1)

Answer 41

It determines which software assets are most critical and what controls are required to maintain acceptable risk levels.

Question 42

Describe the concept of due care in software security. (Domain 1)

Answer 42

Due care is the demonstration that reasonable measures were taken to protect systems and data from foreseeable risks.

Question 43

Define due diligence in secure software development. (Domain 1)

Answer 43

Due diligence is the ongoing effort to maintain compliance and effectiveness of security measures over time.

Question 44

Explain the relationship between security policy enforcement and accountability. (Domain 1)

Answer 44

Enforcement ensures policies are followed; accountability ensures individuals are responsible for compliance outcomes.

Question 45

Describe how threat agents differ from threat events. (Domain 1)

Answer 45

A threat agent is the entity initiating an attack; a threat event is the specific occurrence or action taken.

Question 46

Define residual risk in the context of secure software. (Domain 1)

Answer 46

Residual risk is the remaining risk after controls have been applied and mitigations are in place.

Question 47

Explain how security design principles apply to cloud-based software. (Domain 1)

Answer 47

Principles like least privilege, defense in depth, and fail-safe defaults remain fundamental but must adapt to shared responsibility models.

Question 48

Describe why change control is a foundational security concept. (Domain 1)

Answer 48

Change control ensures that only authorized, tested, and approved modifications occur, preserving system integrity.

Question 49

Explain the role of continuous monitoring in maintaining software assurance. (Domain 1)

Answer 49

Continuous monitoring detects new threats, vulnerabilities, and deviations from baselines, sustaining assurance between releases.

Question 50

Define the concept of security architecture alignment. (Domain 1)

Answer 50

Security architecture alignment ensures that software controls and design are consistent with organizational architecture and strategy.