Which of the following assessment techniques would a security administrator implement to ensure that
systems and software are developed properly?

A.
Baseline reporting

B.
Input validation

C.
Determine attack surface

D.
Design reviews

Explanation:
When implementing systems and software, an important step is the design of the systems and software.
The systems and software should be designed to ensure that the system works as intended and is secure.
The design review assessment examines the ports and protocols used, the rules, segmentation, and
access control in the system or application. A design review is basically a check to ensure that the design
of the system meets the security requirements.
Incorrect Answers:
A: A baseline report compares the current status of network systems in terms of security updates,
performance or other metrics to a predefined set of standards (the baseline). Baseline reporting should
take place after the systems and software have been designed, the design reviewed and the systems and
software have been implemented.
B: Input validation can improve application performance by catching malformed input in the application
that could cause problems with the output. For example, if a user is expected to enter a number into a
field in the application, input validation can be used to ensure that the input is numeric and not text.
Input validation is a part of application design. It can also be used to prevent attacks such as cross-site
scripting and SQL injection. However, it is not part of general system design.C: Determining attack surface is a security practice that is performed after a system or software
application has been implemented. However, this question is asking about the development of systems
and software. The ‘development’ is performed before the systems are implemented.