CBSE - Certified Blockchain Security Expert Architectural and Design Security Questions and Answers

Question 1

A security architect is designing a hybrid blockchain for a defense agency's supply chain.
The design includes encrypting peer-to-peer communication with TLS, requiring MFA for node administrators, using firewalls to restrict node access, and implementing role-based access control within smart contracts.
This multi-layered approach BEST exemplifies which security design principle?

Accepted Answer

Defense in Depth

Answer

Least Privilege

Answer

Open Design

Answer

Economy of Mechanism

Question 2

An enterprise is building a consortium blockchain and needs a secure architecture for managing the private keys of its member organizations. The primary goals are to prevent key compromise from a single point of failure and to allow for key recovery procedures. Which solution best meets these architectural requirements?

Accepted Answer

Using a Hardware Security Module (HSM) combined with an M-of-N multi-signature scheme for access.

Answer

Requiring each member to store their key on a single, air-gapped laptop.

Answer

Storing all private keys in an encrypted, cloud-hosted database.

Answer

Distributing unencrypted keys to all system administrators.

Question 3

A DeFi protocol relies on an oracle to provide real-world asset prices to its smart contracts. To ensure architectural robustness and security, which of the following is the most critical design choice to mitigate risks of price manipulation and single points of failure?

Accepted Answer

Implementing a decentralized oracle network (DON) that aggregates data from multiple independent nodes and sources.

Answer

Caching the price data on-chain to reduce external calls.

Answer

Choosing an oracle that provides the fastest data updates.

Answer

Using a single, highly trusted data source like a major exchange API.

Question 4

A development team is architecting a decentralized gaming application that requires thousands of transactions per second with low fees. Deploying directly on a popular Layer 1 blockchain would be prohibitively slow and expensive. Which architectural approach should they adopt to achieve the required performance while retaining the security guarantees of the underlying Layer 1?

Accepted Answer

Utilize a Layer 2 scaling solution, such as an optimistic or ZK-rollup.

Answer

Instruct users to pay higher gas fees to prioritize their transactions.

Answer

Create their own private Proof-of-Authority sidechain without a link to the mainnet.

Answer

Increase the complexity of their smart contract logic.

Question 5

A government agency wants to build a blockchain-based system for citizens to vote. A critical design requirement is that the system must be able to verify that a person is an eligible voter and has only voted once, all without revealing who the voter is or which candidate they chose. Which architectural component is essential for meeting this privacy requirement?

Accepted Answer

Implementation of Zero-Knowledge Proofs (ZKPs) to validate voter eligibility and uniqueness.

Answer

A transparent public ledger where all votes are pseudonymously recorded.

Answer

The use of a centralized server to tally votes before publishing results.

Answer

A Proof-of-Work consensus mechanism to secure the voting record.

Question 6

During a security design review of a new token vesting smart contract, an auditor notes that the contract has a single `owner` role with unrestricted administrative privileges, including the ability to change vesting schedules, withdraw all tokens, and change ownership. This design most directly violates which core security principle?

Accepted Answer

Principle of Least Privilege

Answer

Open Design

Answer

Defense in Depth

Answer

Psychological Acceptability