Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?
A.
Baseline reporting
B.
Input validation
C.
Determine attack surface
D.
Design reviews
Explanation:
When implementing systems and software, an important step is the design of the systems and software. The systems and software should be designed to ensure
that the system works as intended and is secure.
The design review assessment examines the ports and protocols used, the rules, segmentation, and access control in the system or application. A design review is
basically a check to ensure that the design of the system meets the security requirements.Incorrect Answers:
A: A baseline report compares the current status of network systems in terms of security updates, performance or other metrics to a predefined set of standards
(the baseline). Baseline reporting should take place after the systems and software have been designed, the design reviewed and the systems and software have
been implemented. Therefore, this answer is incorrect.
B: Input validation can improve application performance by catching malformed input in the application that could cause problems with the output. For example, if a
user is expected to enter a number into a field in the application, input validation can be used to ensure that the input is numeric and not text. Input validation is a
part of application design. It can also be used to prevent attacks such as cross-site scripting and SQL injection. However, it is not part of general system design.
Therefore, this answer is incorrect.
C: Determining attack surface is a security practice that is performed after a system or software application has been implemented. However, this question is
asking about the development of systems and software. The `development’ is performed before the systems are implemented.
Therefore, this answer is incorrect.