{"id":15,"date":"2021-01-17T05:21:09","date_gmt":"2021-01-16T17:54:36","guid":{"rendered":"https:\/\/exampracticetests.com\/ISC\/CSSLP\/secure-software-lifecycle-professional-csslp-question007\/"},"modified":"2021-01-17T05:26:52","modified_gmt":"2021-01-17T05:26:52","slug":"secure-software-lifecycle-professional-csslp-question007","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/ISC\/CSSLP\/secure-software-lifecycle-professional-csslp-question007\/","title":{"rendered":"Secure Software Lifecycle Professional &#8211; CSSLP &#8211; Question007"},"content":{"rendered":"<div class=\"question\">Microsoft software security expert Michael Howard defines some heuristics for determining code review in &quot;A Process for Performing Security Code Reviews&quot;. Which of the following heuristics increase the application&#039;s attack surface? Each correct answer represents a complete solution. Choose all that apply. <br \/><strong><br \/>A.<\/strong> Code written in C\/C++\/assembly language <br \/><strong>B.<\/strong> Code listening on a globally accessible network interface <br \/><strong>C.<\/strong> Code that changes frequently <br \/><strong>D.<\/strong> Anonymously accessible code <br \/><strong>E.<\/strong> Code that runs by default <br \/><strong>F.<\/strong> Code that runs in elevated context<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>BDEF<\/strong><\/div>\n<p><strong>Explanation:<\/strong> <\/p>\n<div class=\"explanation\">\nExplanation: Microsoft software security expert Michael Howard defines the following heuristics for determining code review in &#8220;A Process for Performing Security Code Reviews&#8221;: Old code: Newer code provides better understanding of software security and has lesser number of vulnerabilities. Older code must be checked deeply. Code that runs by default: It must have high quality, and must be checked deeply than code that does not execute by default. Code that runs by default increases the application&#8217;s attack surface. Code that runs in elevated context: It must have higher quality. Code that runs in elevated privileges must be checked deeply and increases the application&#8217;s attack surface. Anonymously accessible code: It must be checked deeply than code that only authorized users and administrators can access, and it increases the application&#8217;s attack surface. Code listening on a globally accessible network interface: It must be checked deeply for security vulnerabilities and increases the application&#8217;s attack surface. Code written in C\/C++\/assembly language: It is prone to security vulnerabilities, for example, buffer overruns. Code with a history of security vulnerabilities: It includes additional vulnerabilities except concerted efforts that are required for removing them. Code that handles sensitive data: It must be checked deeply to ensure that data is protected from unintentional disclosure. Complex code: It includes undiscovered errors because it is more difficult to analyze complex code manually and programmatically. Code that changes frequently: It has more security vulnerabilities than code that does not change frequently.<\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft software security expert Michael Howard defines some heuristics for determining code review in &quot;A Process for Performing Security Code Reviews&quot;. Which of the following heuristics increase the application&#039;s attack surface? Each correct answer represents a complete solution. Choose all that apply. A. Code written in C\/C++\/assembly language B. Code listening on a globally accessible [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[353,10,3],"class_list":["post-15","post","type-post","status-publish","format-standard","hentry","category-secure-software-lifecycle-professional-csslp","tag-choices","tag-question-007","tag-secure-software-lifecycle-professional-csslp"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/ISC\/CSSLP\/wp-json\/wp\/v2\/posts\/15","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/ISC\/CSSLP\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/ISC\/CSSLP\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/CSSLP\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/CSSLP\/wp-json\/wp\/v2\/comments?post=15"}],"version-history":[{"count":1,"href":"https:\/\/exampracticetests.com\/ISC\/CSSLP\/wp-json\/wp\/v2\/posts\/15\/revisions"}],"predecessor-version":[{"id":366,"href":"https:\/\/exampracticetests.com\/ISC\/CSSLP\/wp-json\/wp\/v2\/posts\/15\/revisions\/366"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/ISC\/CSSLP\/wp-json\/wp\/v2\/media?parent=15"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/CSSLP\/wp-json\/wp\/v2\/categories?post=15"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/CSSLP\/wp-json\/wp\/v2\/tags?post=15"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}