A software development team is conducting threat modeling. Which of the following is the best instrument used to evaluate the risk exposure of identified threats? (Wentz QOTD)
A. CMMI
B. SAMM
C. STRIDE
D. DREAD

You generated a key pair and created a certificate signing request to apply for a certificate to support HTTPS on your web server. Which of the following is least likely to appear in the certificate signing request? (Wentz QOTD)
A. Your public key
B. A digital signature signed by your private key
C. Subject name in the format of X.500
D. A timestamp by the registry authority

The user interface of your program froze whenever communicating with a remote server. The poor responsiveness affects user satisfaction. Which of the following is the best feature you should implement to solve this problem? (Wentz QOTD)
A. Multiprogramming
B. Multitasking
C. Multithreading
D. Multiprocessing

Your company implemented a biometric system that matches fingerprints against the model database to control access to the computer room. An IT engineer is authorized to enter the computer room by the management but rejected by the system. Which of the following best describes the error? (Wentz QOTD)
A. False negative
B. False positive
C. Type I error
D. Type II error

Which of the following software testing techniques is most commonly conducted by developers or programmers? (Wentz QOTD)
A. Synthetic transactions
B. Fuzzing
C. Continuous integration
D. Unit testing

You are learning about risk management. Which of the following provides the most general concept of risk and applies to the most comprehensive contexts? (Wentz QOTD)
A. NIST Generic Risk Model
B. NIST Risk Management Framework
C. ISO 31000
D. ISO 27005

You are connecting a legacy IPX/SPX network to an IP network. Which of the following is the most appropriate device? (Wentz QOTD)
A. Brouter
B. Gateway
C. Layer 3 switch
D. Next-generation firewall

Your organization plans to establish a dedicated department for the security function. Which of the following is the consideration of least importance? (Wentz QOTD)
A. Legal and regulatory requirements
B. The boundary of security and IT operations
C. Customer’s needs and requirements
D. Security and privacy security controls selection

Your organization’s top management requires data classified at a higher security level shall not flow to a subject with a lower level clearance, and classified data shall not be sent to anyone who doesn’t need to know in terms of their duty. Which of the following should be considered first to meet the policy requirements? (Wentz QOTD)
A. A management system aligned with the policy
B. A system based on state machine and information flow
C. An information system that supports the access control matrix
D. A lattice-based model that enforces mandatory access control

Your company implements a website and sells products online. A frequent customer is logging into the system. Which of the following authentication schemes is least likely to be implemented to validate the username and password against the directory that encrypts and stores all customer’s passwords? (Wentz QOTD)
A. Claim-based
B. Cleartext-based
C. Ciphertext-based
D. Checksum-based