The correct answer is Policy decomposition.

Policy decomposition refers to the process of extracting specific software security requirements from high-level organizational and regulatory directives, mandates, and policies. It involves breaking down these broader directives into actionable, detailed security requirements that can be implemented in the software development process.

Here’s a brief overview of the other options:

1. Threat modeling: This is the process of identifying potential threats, vulnerabilities, and attack vectors in a system, but it does not focus on extracting specific requirements from policies or mandates.
2. Subject-object modeling: This refers to modeling interactions between subjects (users or processes) and objects (resources) in a system, typically in terms of access control. It is not related to the extraction of requirements from policies.
3. Misuse case generation: This involves creating scenarios that depict how the system could be misused, helping to identify potential vulnerabilities, but it is not the same as extracting security requirements from high-level directives.

The correct answer is Applying a multi-layered security strategy combining defense-in-depth, least privilege, and continuous monitoring.

A multi-layered security strategy provides the most comprehensive protection against a wide range of attack vectors. This approach includes:

1. Defense-in-depth: Implementing multiple layers of security controls at different points (e.g., network, application, data) to protect against various threats.
2. Least privilege: Granting users and processes only the permissions necessary to perform their tasks, reducing the risk of insider threats and limiting the damage if a system is compromised.
3. Continuous monitoring: Continuously assessing and monitoring systems and networks for security vulnerabilities, suspicious activities, and potential breaches to ensure ongoing protection.

This combination provides robust, overlapping layers of defense and proactive measures, making it harder for attackers to exploit vulnerabilities or gain unauthorized access.

Here’s a brief overview of the other options:

1. Implementing strong encryption algorithms for data at rest: While important, encryption alone does not protect against all attack vectors, such as those targeting the application or network.
2. Employing a microservices architecture with isolated services: Microservices can improve security by isolating services, but this approach does not address other security layers like network defenses or continuous monitoring.
3. Using a single, well-defended perimeter firewall: A firewall is a basic defense mechanism, but relying solely on perimeter defenses is insufficient, as modern attacks often bypass or target internal systems.

The correct answer is During Solution Design.

Threat modeling typically begins during the solution design phase of the Software Development Lifecycle (SDLC). This is when architects and developers design the system, and identifying potential threats early in this phase allows them to incorporate security controls into the architecture from the start. By assessing possible vulnerabilities and attack vectors at this stage, security can be built into the system design, which is more efficient and cost-effective than trying to fix security issues later.

Here’s a brief overview of the other options:

1. Software requirements analysis: While security requirements can be gathered during this phase, threat modeling generally starts after the initial design is created.
2. During Implementation phase: Starting threat modeling during implementation is too late to influence the design effectively, although security testing can occur at this phase.
3. Before Deployment: At this point, threat modeling would be too late, as the system is already built and close to being deployed.

The data that is not typically subject to high confidentiality obligations is

user’s privileges

While the information about user privileges (e.g., what access rights a user has) is important for security and access control, it is generally not considered as sensitive or confidential as personally identifiable information (PII), software architecture and network diagrams, or customers' cardholder data.

Using cryptographic storage involves encrypting PII before storing it, adding an additional layer of protection. Even if there's unauthorized access or a vulnerability in the application, the encrypted PII remains unreadable without the proper decryption key.

Mapping security requirements to corresponding design and implementation elements. The primary purpose of a security requirements traceability matrix is to establish and track the relationship between security requirements and the design and implementation components of the software.

The design principle that ensures every access to every resource is checked for appropriate permissions is : Complete Mediation

This principle requires that access to every resource must be verified to ensure that it is allowed. This prevents unauthorized access by ensuring that all access attempts are properly authenticated and authorized.

The correct answer is OWASP Top 10.

The OWASP (Open Web Application Security Project) Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications and is updated regularly to reflect the latest trends and emerging threats.

The correct answer is to ensure systems default to a secure state in case of failure.

The fail-secure principle ensures that if a system fails, it defaults to a secure state rather than leaving the system open to exploitation. This principle is important in security-critical systems to prevent unauthorized access or potential breaches when an unexpected failure occurs.

Here’s a brief overview of the other options:

1. To provide multiple layers of security controls: This refers to defense-in-depth, not the fail-secure principle.
2. To minimize the attack surface: This involves reducing the points of entry for attacks but is unrelated to fail-secure.
3. To allow users only the access necessary to perform their functions: This describes the principle of least privilege, not fail-secure.

The secure design principle that advocates for the security mechanisms to be as small and simple as possible is : Economy of Mechanism

This principle emphasizes that simplicity in design reduces the likelihood of errors and vulnerabilities, making the security mechanisms easier to understand, implement, and manage.

The least likely to be detected via misuse case modeling is "Race conditions" (Option 3). Misuse case modeling primarily focuses on security-related issues and malicious activities, rather than non-security issues related to concurrency and timing, which are characteristic of race conditions.

All of the above. Comprehensive error handling ensures user experience, logging for analysis, and vulnerability protection.

The correct answer is Transport Layer Security (TLS).

Transport Layer Security (TLS) is essential for protecting against man-in-the-middle (MiTM) attacks. TLS encrypts data transmitted between clients and servers, ensuring that even if a malicious actor intercepts the communication, they cannot read or alter the data without the proper encryption keys. This encryption helps to ensure the confidentiality and integrity of the transmitted data, which is key to preventing MiTM attacks.

Here’s a brief overview of the other options:

1. Network firewall: A firewall protects the network perimeter but cannot prevent MiTM attacks, especially in scenarios where communication is intercepted after passing through the firewall.
2. Intrusion Detection System (IDS): An IDS can detect suspicious activity, including some types of MiTM attacks, but it does not actively prevent them.
3. Multi-factor authentication (MFA): MFA strengthens authentication but does not protect the actual communication between two parties from being intercepted or altered by a MiTM attacker.

All of the above. A comprehensive approach ensures efficient backups, recovery plans, and secure storage.

PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. It is not only a standard but also a set of best practices for securing payment card data.

The design document should include Application security information and guidance such as recommended tools, components, encryption & hashing algorithms, etc.

Including this information ensures that security considerations are integrated into the design process, guiding developers on best practices and tools to use for implementing robust security measures.

Each security event logged to a log file must include the following: An accurate date and time stamp synchronized with the UTC approved time service.

The event's origin (such as terminal identification, IP address, hostname, program command, daemon process, user ID, and so on).

The activity being recorded (such as the category or type of event).

Determining countermeasures and mitigation for the threats is the last step of Threat modelling process

The correct answer is Separation of Duties.

Separation of Duties (SoD) is a security design principle that helps mitigate the risk posed by insiders with legitimate access by ensuring that critical tasks are divided among multiple individuals. This reduces the chance that a single individual can misuse their access to carry out malicious actions without oversight. For example, separating responsibilities between those who request a transaction and those who approve it can prevent fraud or unauthorized activities.

Here’s a brief overview of the other options:

1. Complete Mediation: Ensures that every access request is checked for authorization, but it doesn’t address insider risks directly.
2. Open Design: Refers to not relying on the secrecy of the system’s design for security, focusing more on transparency than insider threat mitigation.
3. Economy of Mechanism: Promotes simplicity in security design but does not directly address the issue of insider access and control.

Implementing session timeout is a crucial security measure in session management for web applications. It involves automatically terminating a user's session after a predefined period of inactivity.

Significance:

Security Against Unauthorized Access: Session timeout helps mitigate the risk of unauthorized access to a user's account if they forget to log out or if their session is left unattended. It ensures that even if an authenticated session is open, it becomes invalid after a certain period of inactivity.

Protection Against Session Hijacking: If a user's session is compromised, a session timeout reduces the window of opportunity for attackers to misuse the session. It limits the time available for malicious actors to exploit a stolen session.

Compliance with Security Best Practices: Many security frameworks and best practices recommend implementing session timeout as a fundamental security control. It aligns with principles such as the Principle of Least Privilege and ensures that access privileges are not prolonged unnecessarily.