Certified Secure Software Lifecycle Professional (CSSLP) — Question 88

The Data and Analysis Center for Software (DACS) specifies three general principles for software assurance which work as a framework in order to categorize various secure design principles. Which of the following principles and practices does the General Principle 1 include? Each correct answer represents a complete solution. Choose two.

Answer options

• A. Principle of separation of privileges, duties, and roles
• B. Assume environment data is not trustworthy
• C. Simplify the design
• D. Principle of least privilege

Correct answer: B

Explanation

General Principle 1 emphasizes the need to consider the reliability of environment data, which is why option B is correct. The other options, while important in secure design, do not align with the specific focus of General Principle 1 on data trustworthiness.