nerdexam
ExamsCSSLPQuestions#401
(ISC)2(ISC)2

CSSLP · Question #401

CSSLP Question #401: Real Exam Question with Answer & Explanation

The correct answer is C: Data movement and storage. A Data Flow Diagram (DFD) visually represents how data moves through a system, illustrating processes, data stores, external entities, and the flow of information between them.

Secure Software Architecture and Design

Question

What aspect of a system does a data flow diagram most clearly represent?

Options

  • ACloud IAM
  • BPotential attack scenarios
  • CData movement and storage
  • DUser privilege assignments

Explanation

A Data Flow Diagram (DFD) visually represents how data moves through a system, illustrating processes, data stores, external entities, and the flow of information between them.

Common mistakes.

  • A. Cloud IAM (Identity and Access Management) defines user permissions and access controls, which are not directly visualized by a DFD.
  • B. While DFDs can be used as a basis for threat modeling by identifying data flows and trust boundaries, they do not inherently represent potential attack scenarios themselves.
  • D. User privilege assignments are part of access control mechanisms and are not the primary focus or clear representation of a DFD.

Concept tested. Purpose of Data Flow Diagrams (DFD)

Reference. https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-dfd

Topics

#Data Flow Diagram (DFD)#System analysis#Software design#Data movement

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CSSLP PracticeBrowse All CSSLP Questions