Regarding secure software development, ___________ states that the impact (or damage) that can occur after a vulnerability is exploited should be minimized.Question 20Answera.Damage confinementb.Impact vulnerability policyc.Impact survivabilityd.Damage consumption

90.8% completeQuestionA large company has recently discovered a vulnerability in its system. After analyzing the data, the company must prioritize the vulnerabilities based on exploitability and weaponization. Which of the following would be important for the company to consider when analyzing the data to achieve their requirements? (Select the two best options.)A.The level of sophistication of threat actors targeting the vulnerabilityB.The availability of patches for the vulnerabilityC.The number of systems and people affected by the vulnerabilityD.The potential damage caused by successful exploitation of the vulnerability

When developing secure software, which of the following is an important step in secure software design?Question 11Answera.Adopt a risk dispute policy.b.Increase the level of complexity throughout the code.c.Settle high-level technical issues.d.Practice risk transference whenever possible.Clear my choiceQuestion 12Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding secure software, __________ can think like attackers in order to find vulnerabilities that real attackers may seek out, in addition to finding functionality issues, such as bugs, right before the software is released.Question 12Answera.End-usersb.Testersc.Project managersd.DevelopersClear my choiceQuestion 13Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding risk-based testing of secure software, which of the following is NOT a variable in the DREAD modeling formula?Question 13Answera.Discoverabilityb.Damagec.Availabilityd.Affected UsersClear my choiceQuestion 14Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn secure software testing, which one of the following do automated code review tools help to discover?Question 14Answera.Lack of exceptionsb.Isolated implementationsc.Content mutationsd.TraceabilityClear my choiceQuestion 15Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn a way, __________ must act like attackers, they may quickly find simple security vulnerabilities in software systems that would be possible for an attacker to exploit.Question 15Answera.Testersb.End-usersc.Project managersd.Developers

2.Question 2What are the goals of a vulnerability assessment? Select two answers.1 pointTo audit regulatory complianceTo identify existing weaknessesTo reduce overall threat exposureTo detect network traffic

___________ is a strategy in which multiple security measures are set in place to establish protective barriers across multiple layers of a system.Question 16Answera.Open designb.Economy of mechanismc.Separation of privileged.Defense in depthClear my choiceQuestion 17Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding secure software, _________ help developers maintain awareness of common threats and weaknesses in similar applications so that the developers may create software with the appropriate security measures in place.Question 17Answera.Vulnerability databasesb.Input validatorsc.Traceability documentsd.CountermeasuresClear my choiceQuestion 18Not yet answeredPoints out of 1.00Flag questionTipsQuestion textExploits are programs or methods that take advantage of ________, which are weaknesses in a system's design/implementation that allow an attacker to perform some malicious act.Question 18Answera.Countermeasuresb.Workaroundsc.Vulnerabilitiesd.ObfuscationsClear my choiceQuestion 19Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhat is the software trait that provides accountability for developers and is essential for computer forensics investigations?Question 19Answera.Simplicityb.Reliabilityc.Traceabilityd.None of the aboveClear my choiceQuestion 20Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhich of the following is an example of a software error?Question 20Answera.An abnormal condition that occurs when a user interacts with the software in an unexpected way.b.An incorrect line of code.c.A bad calculation that produces incorrect results.d.All of the above.

What are the key impacts of threats, risks, and vulnerabilities? Select three answers.1 pointFinancial damageDamage to reputationIdentity theftEmployee retention