Which of the following patterns does it include?

The DARPA paper defines various procedural patterns to perform secure system development
practices. Which of the following patterns does it include? Each correct answer represents a
complete solution. Choose three.

The DARPA paper defines various procedural patterns to perform secure system development
practices. Which of the following patterns does it include? Each correct answer represents a
complete solution. Choose three.

A.
Hidden implementation

B.
Document the server configuration

C.
Patch proactively

D.
Red team the design

E.
Password propagation

Explanation:
The following procedural patterns are defined by the DARPA paper in order to
perform secure software development practices: Build the server from the ground up: It includes
the following features: Build the server from the ground up. Identify the default installation of the
operating system and applications. Support hardening procedures to remove unnecessary
services. Identify a vulnerable service for ongoing risk management. Choose the right stuff: It
defines guidelines to select right commercial off-the-shelf (COTS) components and decide
whether to use and build custom components. Document the server configuration: It supports the
creation of an initial configuration baseline and tracks all modifications made to servers and
application configurations.
Patch proactively: It supports in applying patches as soon as they are available rather than waiting
until the systems cooperate. Red team the design: It supports an independent security
assessment from the perspective of an attacker in the quality assurance or testing stage. An
independent security assessment is helpful in addressing a security issue before it occurs.
pattern is applicable to software assurance in general. Hidden implementation limits the ability of

propagation is not defined in the DARPA paper. This pattern is applicable to aspects of
authentication in a Web application. Password propagation provides an alternative by requiring
that a user’s authentication credentials be verified by the database before providing access to that
user’s data.



Leave a Reply 0

Your email address will not be published. Required fields are marked *