Question 1)
which is the strongest form of authentication?
Biometrics or two-factor authentication?

I am confused, as different questions that I did from different sources give different answers. I am going for biometrics.

SDLC - Question 2)
Which of the following SDLC phases is the point at which a project plan is developed, test schedules are assigned and expectations of the product are outlined?
A. Functional Design Analysis and Planning
B. Project Initiation
C. System Design Specifications
D. Software Development

Answer is A. But, I chose B.
I think that's because the project plan has already been developed, test schedules already assigned.. and so forth by the Project Initiation stage?

SDLC - Question 3)
Which SDLC phase is the point at which info may need to be archived, or discarded, and postmortem team maybe assembled to examine ways to improve subsequent iterations of this or other products?
A. Functional Design Analysis and Planning
B. Disposal
C. System Design Specifications
D. Revision and Replacement

Answer is A again.
I don't understand this.

Question 4)
Also, For good programming practices, what does it mean to have high cohesion and low coupling?
I have an answer that says - If an object can perform a function without help from other objects it has high cohesion.

Question 1
Two factor, with biometrics being one of those factors is correct.

“Once a person has been identified, through the user ID or a similar value, she must be authenticated, which means she must prove she is who she says she is. There are three general factors that can be used for authentication: something a person knows, something a person has, and something a person is.

Strong authentication contains two out of these three methods: something a person knows, has, or is. Using a biometric system by itself does not provide strong authentication because it provides only one out of the three methods. Biometrics supplies what a person is, not what a person knows or has. For a strong authentication process to be in place, a biometric system needs to be coupled with a mechanism that checks for one of the other two methods.”

All-In-One, Harris, page 129


Question 2:

A is correct.

Project Initiation

This is the phase when everyone involved attempts to understand why the project is needed and what the scope of the project entails. Either a specific customer needs a new system or application or a demand for the product exists in the market. During this phase, the project management team examines the characteristics of the system and proposed functionality,

Functional Design Analysis and Planning

In this phase, a project plan is developed by the software architectures to define the security activities and to create security checkpoints to ensure that quality assurance for security controls takes place and that the configuration and change control process is identified. At this point in the project, resources are identified, test schedules start to form, and evaluation criteria are developed to be able to properly test the security controls. A formal functional baseline is formed, meaning the expectations of the product are outlined in a formal manner, usually through documentation. A test plan is developed, which will be updated through each phase to ensure that all issues are properly tested.

All-In-One, Harris, page 834, 837

Question 3:

A is correct.
Harris All-In-One, page 837 and following

Question 4:

Modules should be self-contained and perform a single logical function, which is high cohesion. Modules should not drastically affect each other, which is low coupling.

Harris All-In-One, page 859