Preview

01 - Defensive Design Techniques

 1. Application software often requires a user to input information into a system. This might include input like:

  A username/password entry

  Input into a search box

  All of the above

  Contact details

 2. Defensive design is the practice of…

  defending a computer against viruses using anti virus software

  ensuring that there are physical defenses in places e.g. shields over the computer

  None of the above apply

  anticipating every possible way that the end user could make a mistake during data input

 3. During the defensive design process, methods are put in place to …

  eliminate all hackers at source

  eliminate accidental or deliberate misuse of the system

  eliminate people

  eliminate the use of any unauthorised passwords

 4. Which of the following should NOT occur, if your defensive design procedures have been effective?

  program behaving in an unintended fashion

  program crashing

  program breaching security and having personal details revealed

  All of the above should not occur if defensive design has been effectively put in place

 5. Large companies like SONY have been subject to huge attacks. Their systems were clearly not as _______ as they thought they were.

  clean

  coded

  hacker-friendly

  robust

 6. Input Validation is one way of ensuring defensive design. What is validation?

  Ensuring that all inputs are exactly the same and that no one can be flexible with their answers

  Ensuring that the data input by the end user is valid and acceptable (e.g. male is valid for gender)

  Ensuring that the data input by the user is correct in every way (e.g check that the user has spelt their name right)

  Ensuring that the end user is a valid human being by performing a validation facial check

 7. An example of data validation is:

  Double checking every single entry to ensure the end user hasn't lied about their age.

  None of the above apply

  Checking to see if the answer to a question (e.g. 2+2) is absolutely correct (not accepting any other answer other than 4)

  Using a drop down menu to allow users to select 'Male', 'Female' for Gender.

 8. Some validation methods include: 
Length Check
Range Check
Format Check
Type Check
Presence Check

  None of the above are validation methods

  All of the above

  All except 'length' check are validation methods

  All except 'presence check' are validation methods

 9. Another method for validating data and stopping attacks is to clean up the data that is inputted so that it is ready for the application to use. This is called:

  Input sanitisation

  Input clearning

  Input meganitting

  Input anti-attacking

 10. Data sanitisation trims or strips strings, removing unwanted characters from strings for example:

  None of the above apply

  a look up menu would be provided for a user to select from valid answers

  in dav%e, the % would be removed to leave 'dave'

  if a user input a number it would automatically be deleted

 11. Data sanitisation would ensure that …

  the input is correct and contains only the permitted characters, letters and symbols.

  the input is always text and not numbers

  the input is never entered in another language

  the input is always entered into a drop down menu

 12. One example of defensive design and anitipating misuse is:

  protecting against invalid data entry by blacking out all text boxes

  hiring physical body guards to protect the network

  protecting against a brute force attack by only allowing a password to be entered three times

  protecting against hackers by disabling the webiste altogether

 13. Another example of anticipating misuse is what twitter does - in this case:

  allowing users to post the same tweet up to forty times

  allowing passwords to be entered up to 1 million times for security purposes

  identifying duplicate tweets (if you send it twice) and removing the second identical tweet

  allowing users to delete other user's accounts

 14. ______________ is a coding method to check that a user is who they say they are and allowed to accesses the program.

  Anihilation

  Mitigation

  Authentication

  Mihilification

 15. The simplest form of authentication could be:

  None of the above

  entering a usernamd and password and checking it against a database of agreed user entries

  allowing all users to use the same username and password

  entering a passwod up to four million times

 16. Authentication methods include :

  All of the above

  patterns to recognise

  image scanners

  passwords send to phones

 17. Authentication also occurs when you access a website, you request access to the ___________ which hosts the page.

  physical location

  validation routine

  server

  human being

 18. What is one example of where authentication is required?

  getting past the security guard at Microsoft

  facebook login

  None of the above

  network cables requiring clearning

 19. Maintainability is also important if a program is going to be robust. Two ways of ensuring maintainable programs is to have good:

  databases and secure buildings

  passwords and code syntax

  users and moral human beings

  comments and indentation

 20. Converting large numbers to smaller numbers is a method for planning for misuse

  FALSE

  TRUE


Report an error