CompTIA Security Plus Mock Test Q667

Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?

A. Baseline reporting
B. Input validation
C. Determine attack surface
D. Design reviews


Correct Answer: D
Section: Threats and Vulnerabilities

Explanation:
When implementing systems and software, an important step is the design of the systems and software. The systems and software should be designed to ensure that the system
works as intended and is secure.
The design review assessment examines the ports and protocols used, the rules, segmentation, and access control in the system or application. A design review is basically a check to
ensure that the design of the system meets the security requirements.

Incorrect Answers:
A: A baseline report compares the current status of network systems in terms of security updates, performance or other metrics to a predefined set of standards (the baseline).
Baseline reporting should take place after the systems and software have been designed, the design reviewed and the systems and software have been implemented.
B: Input validation can improve application performance by catching malformed input in the application that could cause problems with the output. For example, if a user is expected to
enter a number into a field in the application, input validation can be used to ensure that the input is numeric and not text. Input validation is a part of application design. It can also be
used to prevent attacks such as cross-site scripting and SQL injection. However, it is not part of general system design.
C: Determining attack surface is a security practice that is performed after a system or software application has been implemented. However, this question is asking about the
development of systems and software. The ‘development’ is performed before the systems are implemented.