Secure Software Lifecycle Professional – CSSLP – Question128 - Secure Software Lifecycle Professional

The Data and Analysis Center for Software (DACS) specifies three general principles for software assurance which work as a framework in order to categorize various secure design principles. Which of the following principles and practices does the General Principle 1 include? Each correct answer represents a complete solution. Choose two.

A. Principle of separation of privileges, duties, and roles
B. Assume environment data is not trustworthy
C. Simplify the design
D. Principle of least privilege

Correct Answer: AD

Explanation:

Explanation: General Principle 1- Minimize the number of high-consequence targets includes the following principles and practices: Principle of least privilege Principle of separation of privileges, duties, and roles Principle of separation of domains Answer: B is incorrect. Assume environment data is not trustworthy principle is included in the General Principle 2. Answer: C is incorrect. Simplify the design principle is included in the General Principle 3.