508a5

profilejrsmith91

  

Chapter 9

1- How does the source of your software code affect the overall security of the system? Justify your position for a general system.

2- Why is it beneficial to develop a software system in a language that is well known to the development team? What are the risks of using a language that is unknown or less common to them? 

3- What protections can you place within an organization on code that is developed externally? Give examples to support your recommendation.

4- How can modular code developed within an organization be helpful or harmful to the security of the system? Justify your position. 

5- Why is it important to limit the attack surface of the system? Give examples to support your argument. 

Chapter 10

1- Why is it important to probe and attack a system both at rest and in action? Give examples of information that is provided by each that the other could not provide.

2- Why is it important to simulate the deployment environment as closely as possible when performing a penetration test? What could happen if the conditions vary significantly from the live environment?

3- What advantages do actual attackers have over-penetration testers in attempting to compromise a system? Justify your conclusions. 

4- What are the important considerations in choosing a Red Team (or attack team) for your software system? Give examples to justify your position. 

5- What are the risks of using a Red Team that is not qualified? How could this negatively affect system deployment in the live environment?

    • 4 years ago
    • 10
    Answer(1)

    Purchase the answer to view it

    blurred-text
    NOT RATED
    • attachment
      order_130066_338758.doc