Name: Score:
300 Multiple choice questions
Term 1 of 300
Architecture of scalable services that are automatically provisioned in response to demand is
referred to as:
Mobile applications
Cloud computing
SaaS
PaaS
Term 2 of 300
Ensuring that the software security requirements address the legal and regulatory policy issues is
an example of:
System-based security policy
Risk mitigation
Internal requirements
External requirements
Term 3 of 300
Compiler options should be:
Not relied upon, as they can provide errant information
Limited to key checks for efficiency
Left to developer discretion to enable efficient production
Predefined as part of the SDL
,Term 4 of 300
One of the major risks associated with the client server architecture is:
Client-side exploits
Scalability
Confidentiality
Stability
Term 5 of 300
The foundation for post-release management is:
The product testing
The product performance
The product release date
The product baseline
Term 6 of 300
To examine a system for input validation errors, the most comprehensive test is:
Scanning
Penetration testing
Regression testing
Fuzz testing
,Term 7 of 300
The following elements are part of performance testing except:
Penetration testing
SLA achievement testing
Stress testing
Load testing
Term 8 of 300
The "who" associated with programmatic functionality is referred to as what?
Role or user
Object
Activity or action
Program manager
Term 9 of 300
________ is a protocol and set of standards for communication via radio frequency energy over very
sort distances.
Wi-Fi
NFC
Wireless
Zigbee
, Term 10 of 300
Configuration management process should be:
Unobtrusive
simple
Planned
Constrained
Term 11 of 300
Of the following, which is not a class of controls?
Physical
Informative
Technical
Administrative
Term 12 of 300
The fundamental approach to security in which an object has only the necessary rights and
privilege to perform its task with no additional permissions is a description of:
Layered security
Least privilege
Role-based security
Clark-Wilson model
300 Multiple choice questions
Term 1 of 300
Architecture of scalable services that are automatically provisioned in response to demand is
referred to as:
Mobile applications
Cloud computing
SaaS
PaaS
Term 2 of 300
Ensuring that the software security requirements address the legal and regulatory policy issues is
an example of:
System-based security policy
Risk mitigation
Internal requirements
External requirements
Term 3 of 300
Compiler options should be:
Not relied upon, as they can provide errant information
Limited to key checks for efficiency
Left to developer discretion to enable efficient production
Predefined as part of the SDL
,Term 4 of 300
One of the major risks associated with the client server architecture is:
Client-side exploits
Scalability
Confidentiality
Stability
Term 5 of 300
The foundation for post-release management is:
The product testing
The product performance
The product release date
The product baseline
Term 6 of 300
To examine a system for input validation errors, the most comprehensive test is:
Scanning
Penetration testing
Regression testing
Fuzz testing
,Term 7 of 300
The following elements are part of performance testing except:
Penetration testing
SLA achievement testing
Stress testing
Load testing
Term 8 of 300
The "who" associated with programmatic functionality is referred to as what?
Role or user
Object
Activity or action
Program manager
Term 9 of 300
________ is a protocol and set of standards for communication via radio frequency energy over very
sort distances.
Wi-Fi
NFC
Wireless
Zigbee
, Term 10 of 300
Configuration management process should be:
Unobtrusive
simple
Planned
Constrained
Term 11 of 300
Of the following, which is not a class of controls?
Physical
Informative
Technical
Administrative
Term 12 of 300
The fundamental approach to security in which an object has only the necessary rights and
privilege to perform its task with no additional permissions is a description of:
Layered security
Least privilege
Role-based security
Clark-Wilson model
