What is a study of real-world software security initiatives
organized so companies can measure their initiatives and
understand how to evolve them over time?, - answer Building
Security In Maturity Model (BSIMM)
What is the analysis of computer software that is performed
without executing programs? - answer Static analysis
Which International Organization for Standardization (ISO)
standard is the benchmark for information security today? - answer
ISO/IEC 27001.
What is the analysis of computer software that is performed by
executing programs on a real or virtual processor in real time?, -
answer Dynamic analysis
, Which person is responsible for designing, planning, and
implementing secure coding practices and security testing
methodologies? - answer Software security architect
A company is preparing to add a new feature to its flagship software
product. The new feature is similar to features that have been added
in previous years, and the requirements are well-documented. The
project is expected to last three to four months, at which time the
new feature will be released to customers. Project team members
will focus solely on the new feature until the project ends. Which
software development methodology is being used? - answer
Waterfall
A new product will require an administration section for a small
number of users. Normal users will be able to view limited customer
information and should not see admin functionality within the
application. Which concept is being used? - answer Principle of
least privilege
The scrum team is attending their morning meeting, which is
scheduled at the beginning of the work day. Each team member
reports what they accomplished yesterday, what they plan to
accomplish today, and if they have any impediments that may cause
them to miss their delivery deadline. Which scrum ceremony is the
team participating in? - answer Daily Scrum
What is a list of information security vulnerabilities that aims to
provide names for publicly known problems? - answer Common
computer vulnerabilities and exposures (CVE)
organized so companies can measure their initiatives and
understand how to evolve them over time?, - answer Building
Security In Maturity Model (BSIMM)
What is the analysis of computer software that is performed
without executing programs? - answer Static analysis
Which International Organization for Standardization (ISO)
standard is the benchmark for information security today? - answer
ISO/IEC 27001.
What is the analysis of computer software that is performed by
executing programs on a real or virtual processor in real time?, -
answer Dynamic analysis
, Which person is responsible for designing, planning, and
implementing secure coding practices and security testing
methodologies? - answer Software security architect
A company is preparing to add a new feature to its flagship software
product. The new feature is similar to features that have been added
in previous years, and the requirements are well-documented. The
project is expected to last three to four months, at which time the
new feature will be released to customers. Project team members
will focus solely on the new feature until the project ends. Which
software development methodology is being used? - answer
Waterfall
A new product will require an administration section for a small
number of users. Normal users will be able to view limited customer
information and should not see admin functionality within the
application. Which concept is being used? - answer Principle of
least privilege
The scrum team is attending their morning meeting, which is
scheduled at the beginning of the work day. Each team member
reports what they accomplished yesterday, what they plan to
accomplish today, and if they have any impediments that may cause
them to miss their delivery deadline. Which scrum ceremony is the
team participating in? - answer Daily Scrum
What is a list of information security vulnerabilities that aims to
provide names for publicly known problems? - answer Common
computer vulnerabilities and exposures (CVE)
