Which of the following is not a software testing technique that emphasizes using unexpected, malformed, random data as program inputs to crash the program or make it behave unexpectedly?
A. Fuzz testing
B. Synthetic transaction
C. Random testing
D. Monkey testing
An unknown vulnerability is discovered after conducting a vulnerability scanning against your company’s official web site. You are analyzing it and calculating its score based on CVSS v3.1. Which of the following is not a mandatory metric?
A. Attack Vector (AV)
B. Exploit Code Maturity (E)
C. User Interaction (UI)
D. Privileges Required (PR)
You are conducting a vulnerability assessment against your company’s official web site. Which of the following should be scanned first?
A. Known weaknesses in the CWE List
B. Known vulnerabilities in the CVE List
C. Undiscovered or unknown vulnerabilities
D. The attack surface determined after the threat modeling
In a threat modeling meeting, the development team identified a couple of attack vectors. Most of them appear in the OWASP Top 10. Which of the following should be done first to address the attack surface?
A. Prioritize and sort the attack vectors
B. Calculate the risk exposure of each attack vector
C. Submit a change request to revise the architectural design
D. Evaluate and determine the scope of the attack surface to be addressed
A developer using XML-based markup to compose a user interface that will be rendered into an HTML form. Which of the following best describes the programming paradigm?
A. Imperative
B. Declarative
C. Polymorphism
D. Object-oriented
Which of the following software development approaches or practices doesn’t emphasizes engaging customers or end-users in the development process as early as possible?
A. Prototyping
B. Extreme Programming (XP)
C. Integrated Product Team (IPT)
D. Joint Application Development
(詩篇 Psalm 84:6)
他們經過流淚谷,叫這谷變為泉源之地,並有秋雨之福,蓋滿了全谷。
Which of the following approaches or practices delivers working software to customers least frequently?
A. Scrum
B. Prototyping
C. Minimum viable product (MVP)
D. Dynamic system development method (DSDM)
“Security Modes” is a shorthand for Security Operating Modes or Security Modes of Operations. DoD Directive 5200.28 on Security Requirements for Automated Information Systems (AISs), published on March 21, 1988, defines Security Mode as follows:
Continue readingE2.1.41. Security Mode. A mode of operation in which the DAA accredits an AIS to operate. Inherent with each of the four security modes (dedicated, system high, multilevel, and partitioned) are restrictions on the user clearance levels, formal access requirements, need-to-know requirements, and the range of sensitive information permitted on the AIS.
