___________ is a strategy in which multiple security measures are set in place to establish protective barriers across multiple layers of a system.Question 16Answera.Open designb.Economy of mechanismc.Separation of privileged.Defense in depthClear my choiceQuestion 17Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding secure software, _________ help developers maintain awareness of common threats and weaknesses in similar applications so that the developers may create software with the appropriate security measures in place.Question 17Answera.Vulnerability databasesb.Input validatorsc.Traceability documentsd.CountermeasuresClear my choiceQuestion 18Not yet answeredPoints out of 1.00Flag questionTipsQuestion textExploits are programs or methods that take advantage of ________, which are weaknesses in a system's design/implementation that allow an attacker to perform some malicious act.Question 18Answera.Countermeasuresb.Workaroundsc.Vulnerabilitiesd.ObfuscationsClear my choiceQuestion 19Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhat is the software trait that provides accountability for developers and is essential for computer forensics investigations?Question 19Answera.Simplicityb.Reliabilityc.Traceabilityd.None of the aboveClear my choiceQuestion 20Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhich of the following is an example of a software error?Question 20Answera.An abnormal condition that occurs when a user interacts with the software in an unexpected way.b.An incorrect line of code.c.A bad calculation that produces incorrect results.d.All of the above.

When developing secure software, which of the following is an important step in secure software design?Question 11Answera.Adopt a risk dispute policy.b.Increase the level of complexity throughout the code.c.Settle high-level technical issues.d.Practice risk transference whenever possible.Clear my choiceQuestion 12Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding secure software, __________ can think like attackers in order to find vulnerabilities that real attackers may seek out, in addition to finding functionality issues, such as bugs, right before the software is released.Question 12Answera.End-usersb.Testersc.Project managersd.DevelopersClear my choiceQuestion 13Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding risk-based testing of secure software, which of the following is NOT a variable in the DREAD modeling formula?Question 13Answera.Discoverabilityb.Damagec.Availabilityd.Affected UsersClear my choiceQuestion 14Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn secure software testing, which one of the following do automated code review tools help to discover?Question 14Answera.Lack of exceptionsb.Isolated implementationsc.Content mutationsd.TraceabilityClear my choiceQuestion 15Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn a way, __________ must act like attackers, they may quickly find simple security vulnerabilities in software systems that would be possible for an attacker to exploit.Question 15Answera.Testersb.End-usersc.Project managersd.Developers

Question 7Fill in the blank: When working in the software development security domain, security team members can use each phase of the software development _____ to conduct security reviews and ensure that security can be fully integrated into software products.1 pointsequencinghandlinglifecycleoperations8.Question 8Which of the follo

Question 33Which Security Operating Platform capability allows organizations to exert positive control based on applications, users, and content, with support for open communication, orchestration, and visibility?1 pointProvide full visibilityReduce the attack surfacePrevent all known threats, fastDetect and prevent new, unknown threats with automation34.Question 34

What is the primary objective of all security measures?Prevention of disclosureMaintaining integrityHuman SafetySustaining availabilityClear my choiceQuestion 2

Microsoft's Security Development Lifecycle process recommends an organized group to drive the development and evolution of security best practices and process improvements, to serve as a source of expertise, and to perform a Final ________ Review before software is released.Question 13Answera.Securityb.Designc.Methodologyd.CodeClear my choiceQuestion 14Not yet answeredPoints out of 1.00Flag questionTipsQuestion textThe main focus of the agile software development is _______________.Question 14Answera.What the customers wantb.The end resultsc.Research and analysisd.The cost of software development