Certified Secure Software Lifecycle Professional (CSSLP) — Question 30

Which of the following statements are true about declarative security? Each correct answer represents a complete solution. Choose all that apply.

Answer options

• A. It is employed in a layer that relies outside of the software code or uses attributes of the code.
• B. It applies the security policies on the software applications at their runtime.
• C. In this security, authentication decisions are made based on the business logic.
• D. In this security, the security decisions are based on explicit statements.

Correct answer: C

Explanation

The correct answer is C because declarative security focuses on making authentication decisions based on business logic rather than hard-coded rules. Options A and B describe aspects of security but do not specifically pertain to the principles of declarative security. Option D, while related to security decisions, does not accurately capture the essence of how declarative security operates.