Certified Information Systems Security Professional (CISSP) — Question 263

Which of the following is a secure design principle for a new product?

Answer options

• A. Restrict the use of modularization.
• B. Do not rely on previously used code.
• C. Build in appropriate levels of fault tolerance.
• D. Utilize obfuscation whenever possible.

Correct answer: C

Explanation

The correct answer is C, as building in appropriate levels of fault tolerance ensures that the product can handle errors gracefully, thereby maintaining security and reliability. Options A and B introduce limitations or risks that can compromise design quality, while option D, while it may add security, does not address foundational design principles as effectively as fault tolerance.