Skip to content

This textbook is in beta – content is actively being refined. Report issues or suggestions

14.02 Integrating Security Into The Sdlc - Quiz

Check your understanding

Question 1: According to the section, how much more expensive is it to fix security issues in production versus during the design phase?

  • 10x more expensive
  • 30x more expensive
  • 63x more expensive { data-correct }
  • 100x more expensive

Question 2: Which SDLC phase should include “threat modeling initiation” as a security activity?

  • Requirements & Planning { data-correct }
  • Design & Architecture
  • Implementation & Development
  • Testing & Validation

Question 3: In the STRIDE framework, what does the “T” represent?

  • Trust boundary violations
  • Tampering with data { data-correct }
  • Transaction manipulation
  • Timeout vulnerabilities

Question 4: Which security activity is most appropriate during the Implementation & Development phase?

  • Penetration testing
  • Trust boundary identification
  • Static analysis scanning { data-correct }
  • Security monitoring setup

Question 5: What is the primary benefit of integrating security early in the SDLC rather than adding it later?

  • It eliminates all security vulnerabilities
  • It requires fewer security professionals
  • It’s significantly less expensive and more effective { data-correct }
  • It automatically meets all compliance requirements

Question 6: In the e-learning platform example, which security control was selected to prevent abuse of the API?

  • Multi-factor authentication
  • Database encryption
  • API rate limiting { data-correct }
  • Comprehensive audit logging

Question 7: What type of security testing simulates real-world attacks against a running application?

  • Static analysis
  • Security unit testing
  • Penetration testing { data-correct }
  • Code security reviews

Question 8: Which STRIDE threat category involves an attacker pretending to be someone else?

  • Spoofing identity { data-correct }
  • Tampering with data
  • Repudiation
  • Elevation of privilege

Question 9: In the secure coding example, what technique was used to prevent SQL injection in the get_student_grades function?

  • Input sanitization only
  • Stored procedures
  • Parameterized queries { data-correct }
  • Database encryption

Question 10: During which phase should “security monitoring setup” be implemented?

  • Requirements & Planning
  • Design & Architecture
  • Implementation & Development
  • Deployment & Maintenance { data-correct }

Question 11: What is a “trust boundary” in security architecture?

  • The limit of user trust in the application
  • Where data crosses between security zones { data-correct }
  • The maximum number of trusted users
  • The boundary of the development team’s security knowledge

Question 12: In the threat modeling exercise solution, which threat was ranked as the highest priority?

  • Student accessing other students’ quizzes
  • SQL injection in quiz submission { data-correct }
  • Weak authentication allowing account takeover
  • DoS attacks during exam periods