Why is it important during the Pre-Award phase for the GCA and local security office to be involved in developing the security requirements?Question 18Select one:a.The level of security required on a contract should be flexible enough that after the contract is awarded, the contractor has flexibility to address the inherent risks associated with changing requirements.b.The level of security stipulated in the Request for Proposal could disqualify potential bidders from preparing a response.c.The level of security required on a contract will affect the cost of the contract, so key questions to ask are: What FAR security contract clauses should be incorporated? What are the legitimate security needs related to a program?

What protection does the FAR Security Requirements clause 52-204.2 provide if there are changes by the Government to the security classification or security requirements under the contract that cause a change in security costs or other terms of the contract?Question 17Select one:a.The contractor is under no obligation to comply once the contract is awarded.b.The contract will be terminated.c.The contract shall be subject to an equitable adjustment.

Without modifying the contract, the Government can require a contractor to implement a security requirement that is not specified in the NISPOM or the DD Form 254 after contract award.Question 19Select one:TrueFalse

When developing secure software, which of the following is an important step in secure software design?Question 11Answera.Adopt a risk dispute policy.b.Increase the level of complexity throughout the code.c.Settle high-level technical issues.d.Practice risk transference whenever possible.Clear my choiceQuestion 12Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding secure software, __________ can think like attackers in order to find vulnerabilities that real attackers may seek out, in addition to finding functionality issues, such as bugs, right before the software is released.Question 12Answera.End-usersb.Testersc.Project managersd.DevelopersClear my choiceQuestion 13Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding risk-based testing of secure software, which of the following is NOT a variable in the DREAD modeling formula?Question 13Answera.Discoverabilityb.Damagec.Availabilityd.Affected UsersClear my choiceQuestion 14Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn secure software testing, which one of the following do automated code review tools help to discover?Question 14Answera.Lack of exceptionsb.Isolated implementationsc.Content mutationsd.TraceabilityClear my choiceQuestion 15Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn a way, __________ must act like attackers, they may quickly find simple security vulnerabilities in software systems that would be possible for an attacker to exploit.Question 15Answera.Testersb.End-usersc.Project managersd.Developers

What is the function of security?2. What are the main pre-PPSA types of security or quasi-security?3. In what circumstances do security interests arise by operation of law?4. To which security interests do the PPSA apply?

Please choose the correct answer.If I prioritize code security, I do:Risk reduction for the companyGenerate more income for the companyProvide a better security maturity modelAll of the above