nerdexam
ExamsCAS-002Questions#814
CompTIA

CAS-002 · Question #814

CAS-002 Question #814: Real Exam Question with Answer & Explanation

The correct answer is B: Use well formed standard compliant XML and strict schemas.. Using well-formed, standard-compliant XML with strict schemas provides a proven, secure, and interoperable data exchange format instead of an untested custom one that is difficult to validate and secure.

Question

A recently hired security administrator is advising developers about the secure integration of a legacy in-house application with a new cloud based processing system. The systems must exchange large amounts of fixed format data such as names, addresses, and phone numbers, as well as occasional chunks of data in unpredictable formats. The developers want to construct a new data format and create custom tools to parse and process the data. The security administrator instead suggests that the developers:

Options

  • ACreate a custom standard to define the data.
  • BUse well formed standard compliant XML and strict schemas.
  • COnly document the data format in the parsing application code.
  • DImplement a de facto corporate standard for all analyzed data.

Explanation

Using well-formed, standard-compliant XML with strict schemas provides a proven, secure, and interoperable data exchange format instead of an untested custom one that is difficult to validate and secure.

Common mistakes.

  • A. Creating a custom data standard introduces untested parsing logic that has not undergone the security scrutiny of established formats, increasing the risk of undiscovered vulnerabilities.
  • C. Documenting a data format only within application code is not maintainable, is invisible to security review, and provides no validation or enforcement of data integrity.
  • D. A de facto corporate standard is informal by definition and lacks the rigorous specification and external validation needed to ensure security and interoperability with a cloud system.

Concept tested. Secure data exchange using standard XML schemas

Reference. https://www.w3.org/XML/Schema

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice