Q-35 Mock Exam: Conflict in Runtime Configuration vs Robustness

[g1raffi]

Hey guys,
In a new world where runtime configuration is key to every system, I think it is an outdated opinion to generally say that Runtime Configuration vs Robustness stands in conflict.

Regards,
Raffael

[alxlo]

• "key to every system" is definitely not true. Consider systems or components outside the scope of your daily work.
• The question leaves it open whether we talk about components (e.g. libraries) or whole systems
• even it would be "key to every system", that doesn't change the fact that adding (possibly complex) configuration functionality to a system/component increases the chance of errors, creates attack vectors and makes testing harder which in turn leads to reduced robustness

I would rather argue about option d) because legal compliance issues (data retention laws, access for law enforcement) can indeed compromise security. However, I would not like to over-fit the mock exam. IMHO there should be answers in here that are "not perfect" to make people more cautious for pedagogical reasons.

If this would be a real exam question I would be unhappy about this and propose to turn it into a pick question.