CSSLP Question #161: Real Exam Question with Answer & Explanation

The correct answer is A: It is employed in a layer that relies outside of the software code or uses attributes of the code.. Declarative security applies security policies at runtime by relying on configurations outside the software code or using code attributes, with decisions based on explicit statements.

Secure Software Concepts

Question

Which of the following statements are true about declarative security? Each correct answer represents a complete solution. Choose all that apply.

Options

AIt is employed in a layer that relies outside of the software code or uses attributes of the code.
BIt applies the security policies on the software applications at their runtime.
CIn this security, authentication decisions are made based on the business logic.
DIn this security, the security decisions are based on explicit statements.

Explanation

Declarative security applies security policies at runtime by relying on configurations outside the software code or using code attributes, with decisions based on explicit statements.

Common mistakes.

C. Authentication and authorization decisions in declarative security are typically based on predefined roles or permissions specified in configuration, not on the application's business logic, which is more characteristic of programmatic security.

Concept tested. Software Security - Declarative Security

Reference. https://learn.microsoft.com/en-us/previous-versions/aspnet/ms972960(v=msdn.10)?redirectedfrom=MSDN

Topics

#Declarative Security#Security Policies#Application Security Controls

Community Discussion

No community discussion yet for this question.

Full CSSLP Practice Browse All CSSLP Questions