A plethora of vulnerabilities is discovered after conducting a vulnerability assessment against your company’s official web site. You decide to implement continuous monitoring over the web server and automate the patching process. Which of the following is the best vehicle? A. DevOps B. Change control C. Continous deployment D. Security Content Automation Protocol (SCAP)
Your company is developingan ERP system, owned by the head of the IT department, using Scrum. You are the product owner of the development of the material management module. Which of the following is the least of your concerns? A. Refinement of the product backlog B. Application for authorization to operate (ATO) C. Trustworthiness of the product D. User acceptance
Software Engineering Institute (SEI) was established in 1984 at Carnegie Mellon University as a federally funded research and development center (FFRDC) dedicated to advancing the practice of software engineering and improving the quality of systems that depend on software. (JUNE 21, 2000 • SEI PRESS RELEASE)
The CISSP exam tests not only your technical foundation but also your management concepts. Many CISSP aspirants fail in Domain 1, 2, 6, or 7. It can be an indicator that they may not have connected the dots, e.g., information security governance, risk management, strategic management, project/program management, business continuity, etc.
You started a software house two years ago that builds and implements custom software solutions for clients. As there existed no organizational project management standard and unified processes, your company relied on senior project managers capable of managing projects and delivering software to clients based on their own approaches and experience. Which of the following is the maturity level that best describes your company in terms of CMMI? A. Initial B. Repeatable C. Managed D. Defined
Which of the following is not a software testing technique that emphasizes using unexpected, malformed, random data as program inputs to crash the program or make it behave unexpectedly? A. Fuzz testing B. Synthetic transaction C. Random testing D. Monkey testing
An unknown vulnerability is discovered after conducting a vulnerability scanning against your company’s official web site. You are analyzing it and calculating its score based on CVSS v3.1. Which of the following is not a mandatory metric? A. Attack Vector (AV) B. Exploit Code Maturity (E) C. User Interaction (UI) D. Privileges Required (PR)
You are conducting a vulnerability assessment against your company’s official web site. Which of the following should be scanned first? A. Known weaknesses in the CWE List B. Known vulnerabilities in the CVE List C. Undiscovered or unknown vulnerabilities D. The attack surface determined after the threat modeling