Preview

01 - Defensive Design Techniques

 1. Application software often requires a user to input information into a system. This might include input like:

  A username/password entry

  Contact details

  Input into a search box

  All of the above

 2. Defensive design is the practice of…

  defending a computer against viruses using anti virus software

  anticipating every possible way that the end user could make a mistake during data input

  ensuring that there are physical defenses in places e.g. shields over the computer

  None of the above apply

 3. During the defensive design process, methods are put in place to …

  eliminate the use of any unauthorised passwords

  eliminate accidental or deliberate misuse of the system

  eliminate people

  eliminate all hackers at source

 4. Which of the following should NOT occur, if your defensive design procedures have been effective?

  program breaching security and having personal details revealed

  program behaving in an unintended fashion

  All of the above should not occur if defensive design has been effectively put in place

  program crashing

 5. Large companies like SONY have been subject to huge attacks. Their systems were clearly not as _______ as they thought they were.

  robust

  hacker-friendly

  coded

  clean

 6. Input Validation is one way of ensuring defensive design. What is validation?

  Ensuring that the data input by the end user is valid and acceptable (e.g. male is valid for gender)

  Ensuring that the end user is a valid human being by performing a validation facial check

  Ensuring that the data input by the user is correct in every way (e.g check that the user has spelt their name right)

  Ensuring that all inputs are exactly the same and that no one can be flexible with their answers

 7. An example of data validation is:

  Using a drop down menu to allow users to select 'Male', 'Female' for Gender.

  Double checking every single entry to ensure the end user hasn't lied about their age.

  Checking to see if the answer to a question (e.g. 2+2) is absolutely correct (not accepting any other answer other than 4)

  None of the above apply

 8. Some validation methods include: 
Length Check
Range Check
Format Check
Type Check
Presence Check

  All except 'length' check are validation methods

  All except 'presence check' are validation methods

  All of the above

  None of the above are validation methods

 9. Another method for validating data and stopping attacks is to clean up the data that is inputted so that it is ready for the application to use. This is called:

  Input clearning

  Input sanitisation

  Input meganitting

  Input anti-attacking

 10. Data sanitisation trims or strips strings, removing unwanted characters from strings for example:

  a look up menu would be provided for a user to select from valid answers

  if a user input a number it would automatically be deleted

  in dav%e, the % would be removed to leave 'dave'

  None of the above apply

 11. Data sanitisation would ensure that …

  the input is always text and not numbers

  the input is never entered in another language

  the input is correct and contains only the permitted characters, letters and symbols.

  the input is always entered into a drop down menu

 12. One example of defensive design and anitipating misuse is:

  protecting against hackers by disabling the webiste altogether

  protecting against a brute force attack by only allowing a password to be entered three times

  hiring physical body guards to protect the network

  protecting against invalid data entry by blacking out all text boxes

 13. Another example of anticipating misuse is what twitter does - in this case:

  allowing users to delete other user's accounts

  identifying duplicate tweets (if you send it twice) and removing the second identical tweet

  allowing users to post the same tweet up to forty times

  allowing passwords to be entered up to 1 million times for security purposes

 14. ______________ is a coding method to check that a user is who they say they are and allowed to accesses the program.

  Authentication

  Mihilification

  Mitigation

  Anihilation

 15. The simplest form of authentication could be:

  entering a passwod up to four million times

  allowing all users to use the same username and password

  entering a usernamd and password and checking it against a database of agreed user entries

  None of the above

 16. Authentication methods include :

  passwords send to phones

  patterns to recognise

  All of the above

  image scanners

 17. Authentication also occurs when you access a website, you request access to the ___________ which hosts the page.

  server

  physical location

  human being

  validation routine

 18. What is one example of where authentication is required?

  facebook login

  getting past the security guard at Microsoft

  network cables requiring clearning

  None of the above

 19. Maintainability is also important if a program is going to be robust. Two ways of ensuring maintainable programs is to have good:

  users and moral human beings

  databases and secure buildings

  comments and indentation

  passwords and code syntax

 20. Converting large numbers to smaller numbers is a method for planning for misuse

  TRUE

  FALSE


Report an error