CSSLP Question #386: Real Exam Question with Answer & Explanation

The correct answer is B: Decompose your application and be able to identify key items.. Decomposing an application and identifying its key components is the most crucial task during a design security review to understand potential attack surfaces and vulnerabilities.

Secure Software Architecture and Design

Question

Which of the following is the most important task when performing a design security review?

Options

AAttach performance metrics to the review process.
BDecompose your application and be able to identify key items.
CHighlight all security controls used in the system.
DUse standardized graphics to document the data flow.

Explanation

Decomposing an application and identifying its key components is the most crucial task during a design security review to understand potential attack surfaces and vulnerabilities.

Common mistakes.

A. Attaching performance metrics is related to operational efficiency, not the fundamental security review of a design.
C. Highlighting security controls is a subsequent step after understanding the system's components and identifying areas where controls are needed.
D. Using standardized graphics aids documentation but is not the most important analytical task for identifying design security flaws.

Concept tested. Design security review methodology

Reference. https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-decompose-application

Topics

#Design Security Review#Application Decomposition#System Understanding#Security Architecture

Community Discussion

No community discussion yet for this question.

Full CSSLP Practice Browse All CSSLP Questions