Which one of the following is NOT a step of the risk-based testing process for secure software?Question 16Answera.Audit of software and documentationb.Software analysisc.Documentation of asset awarenessd.Identification of assets and objectivesClear my choiceQuestion 17Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn the course of selecting an effective programming language, languages that are ________ should not be used by software when security is a necessity.Question 17Answera.At risk of buffer overflowsb.Below the application levelc.Compromised by SQl injectiond.Above the physical levelClear my choiceQuestion 18Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhen designing security architecture for software development, creators should do which of the following?Question 18Answera.Rely primarily on obfuscation for security concerns.b.Do not worry about separating functions needing higher privilege from othersc.Decide how much security is enough.d.Do not be too concerned about reducing the damage from hacking activitiesClear my choiceQuestion 19Not yet answeredPoints out of 1.00Flag questionTipsQuestion textAn important goal to meet when designing efficient, secure software is to __________.Question 19Answera.Create the design understanding that the specifications will be expanded until the project is deployedb.Allow for additional functions to remain in the software so they may be used laterc.Determine the amount of time it will take to complete the designd.Create the design with an understanding that the initial security measures may fail due to new attacks or vulnerabilitiesClear my choiceQuestion 20Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding secure software development, ___________ states that the impact (or damage) that can occur after a vulnerability is exploited should be minimized.Question 20Answera.Damage confinementb.Impact vulnerability policyc.Impact survivabilityd.Damage consumption

Which one of the following is NOT a step of the risk-based testing process for secure software?Question 16Answera.Audit of software and documentationb.Software analysisc.Documentation of asset awarenessd.Identification of assets and objectives

When developing secure software, which of the following is an important step in secure software design?Question 11Answera.Adopt a risk dispute policy.b.Increase the level of complexity throughout the code.c.Settle high-level technical issues.d.Practice risk transference whenever possible.Clear my choiceQuestion 12Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding secure software, __________ can think like attackers in order to find vulnerabilities that real attackers may seek out, in addition to finding functionality issues, such as bugs, right before the software is released.Question 12Answera.End-usersb.Testersc.Project managersd.DevelopersClear my choiceQuestion 13Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding risk-based testing of secure software, which of the following is NOT a variable in the DREAD modeling formula?Question 13Answera.Discoverabilityb.Damagec.Availabilityd.Affected UsersClear my choiceQuestion 14Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn secure software testing, which one of the following do automated code review tools help to discover?Question 14Answera.Lack of exceptionsb.Isolated implementationsc.Content mutationsd.TraceabilityClear my choiceQuestion 15Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn a way, __________ must act like attackers, they may quickly find simple security vulnerabilities in software systems that would be possible for an attacker to exploit.Question 15Answera.Testersb.End-usersc.Project managersd.Developers

n the course of selecting an effective programming language, languages that are ________ should not be used by software when security is a necessity.Question 17Answera.At risk of buffer overflowsb.Below the application levelc.Compromised by SQl injectiond.Above the physical level

When testing secure software, the DREAD modeling process involves:Question 6Answera.Reviewing the program to reveal the lack of exceptions, concurrency abnormalities, and problems with the flow of information.b.A ranking of risks between 1 and 10, where severe risks that should be addressed immediately are ranked at 10.c.Mathematical arguments to test and prove the software's correctness as well as decrease the number of vulnerabilities.d.Determining how many users would be affected by the potential exploitation of vulnerabilities, and how much it would cost in damages.Clear my choiceQuestion 7Not yet answeredPoints out of 1.00Flag questionTipsQuestion text_________ is a software testing method which identifies and prioritizes risks based on their levels of threat, impact, and mitigation costs.Question 7Answera.Black box testingb.Formal methodologyc.Obfuscation reductiond.None of the aboveClear my choiceQuestion 8Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhat is a distinct property of dynamic analysis (testing) techniques for secure software?Question 8Answera.Testing is solely performed on documentation.b.Testing is performed using mathematical arguments.c.Testing is performed as a ranking of risks.d.Testing is performed with the execution of the software.Clear my choiceQuestion 9Not yet answeredPoints out of 1.00Flag questionTipsQuestion textFormal methods, a static testing technique for secure software, involve which of the following?Question 9Answera.Manual examinations of software code to ensure that the organization's formal coding standards are properly met.b.Testers executing the software in order to discover vulnerabilities that may have been overlooked by standard testing methods.c.Using a formula to determine the priority of risks so that the most important risks with the highest impacts can be resolved first.d.Mathematical arguments to test and prove the software's correctness as well as decrease the number of vulnerabilities.Clear my choiceQuestion 10Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding software, which of the following is an example of dynamic analysis (testing) techniques?Question 10Answera.Formal methodsb.Blue box testingc.White box testingd.Code reviews by peers

What is the primary goal of risk management in software testing?a.To eliminate all risksb.To identify risks earlyc.To minimize the impact of risksd.To assign blame for risks