Which approach is described as a way to enhance application security?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the DSAC Annex F Test. Use a variety of study methods such as flashcards and practice questions, each with detailed explanations and insights. Get thoroughly ready for your test!

Multiple Choice

Which approach is described as a way to enhance application security?

Explanation:
Threat modeling focuses on anticipating and mitigating security threats during the design and planning of an application. It involves identifying what needs to protect (assets), where trust boundaries lie, who might attack, and how they could exploit weaknesses. By evaluating these factors early, you can prioritize and implement safeguards—such as secure defaults, proper authentication and authorization, input validation, and threat mitigations—before code is written. This proactive, design-level approach shapes the architecture to reduce vulnerabilities from the start and guides security requirements throughout development. Penetration testing, while valuable, checks defenses in a live or near-live system to find weaknesses after some or all of the app is built. Antivirus software mainly protects individual hosts from malware and doesn’t address the integrated security of the application’s design. Regular backups protect data availability and recovery but don’t directly improve the security of the application itself.

Threat modeling focuses on anticipating and mitigating security threats during the design and planning of an application. It involves identifying what needs to protect (assets), where trust boundaries lie, who might attack, and how they could exploit weaknesses. By evaluating these factors early, you can prioritize and implement safeguards—such as secure defaults, proper authentication and authorization, input validation, and threat mitigations—before code is written. This proactive, design-level approach shapes the architecture to reduce vulnerabilities from the start and guides security requirements throughout development.

Penetration testing, while valuable, checks defenses in a live or near-live system to find weaknesses after some or all of the app is built. Antivirus software mainly protects individual hosts from malware and doesn’t address the integrated security of the application’s design. Regular backups protect data availability and recovery but don’t directly improve the security of the application itself.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy