When developing secure software, which of the following is an important step in secure software design?Question 11Answera.Adopt a risk dispute policy.b.Increase the level of complexity throughout the code.c.Settle high-level technical issues.d.Practice risk transference whenever possible.Clear my choiceQuestion 12Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding secure software, __________ can think like attackers in order to find vulnerabilities that real attackers may seek out, in addition to finding functionality issues, such as bugs, right before the software is released.Question 12Answera.End-usersb.Testersc.Project managersd.DevelopersClear my choiceQuestion 13Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding risk-based testing of secure software, which of the following is NOT a variable in the DREAD modeling formula?Question 13Answera.Discoverabilityb.Damagec.Availabilityd.Affected UsersClear my choiceQuestion 14Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn secure software testing, which one of the following do automated code review tools help to discover?Question 14Answera.Lack of exceptionsb.Isolated implementationsc.Content mutationsd.TraceabilityClear my choiceQuestion 15Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn a way, __________ must act like attackers, they may quickly find simple security vulnerabilities in software systems that would be possible for an attacker to exploit.Question 15Answera.Testersb.End-usersc.Project managersd.Developers

Which one of the following is NOT a step of the risk-based testing process for secure software?Question 16Answera.Audit of software and documentationb.Software analysisc.Documentation of asset awarenessd.Identification of assets and objectivesClear my choiceQuestion 17Not yet answeredPoints out of 1.00Flag questionTipsQuestion textIn the course of selecting an effective programming language, languages that are ________ should not be used by software when security is a necessity.Question 17Answera.At risk of buffer overflowsb.Below the application levelc.Compromised by SQl injectiond.Above the physical levelClear my choiceQuestion 18Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhen designing security architecture for software development, creators should do which of the following?Question 18Answera.Rely primarily on obfuscation for security concerns.b.Do not worry about separating functions needing higher privilege from othersc.Decide how much security is enough.d.Do not be too concerned about reducing the damage from hacking activitiesClear my choiceQuestion 19Not yet answeredPoints out of 1.00Flag questionTipsQuestion textAn important goal to meet when designing efficient, secure software is to __________.Question 19Answera.Create the design understanding that the specifications will be expanded until the project is deployedb.Allow for additional functions to remain in the software so they may be used laterc.Determine the amount of time it will take to complete the designd.Create the design with an understanding that the initial security measures may fail due to new attacks or vulnerabilitiesClear my choiceQuestion 20Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding secure software development, ___________ states that the impact (or damage) that can occur after a vulnerability is exploited should be minimized.Question 20Answera.Damage confinementb.Impact vulnerability policyc.Impact survivabilityd.Damage consumption

___________ is a strategy in which multiple security measures are set in place to establish protective barriers across multiple layers of a system.Question 16Answera.Open designb.Economy of mechanismc.Separation of privileged.Defense in depthClear my choiceQuestion 17Not yet answeredPoints out of 1.00Flag questionTipsQuestion textRegarding secure software, _________ help developers maintain awareness of common threats and weaknesses in similar applications so that the developers may create software with the appropriate security measures in place.Question 17Answera.Vulnerability databasesb.Input validatorsc.Traceability documentsd.CountermeasuresClear my choiceQuestion 18Not yet answeredPoints out of 1.00Flag questionTipsQuestion textExploits are programs or methods that take advantage of ________, which are weaknesses in a system's design/implementation that allow an attacker to perform some malicious act.Question 18Answera.Countermeasuresb.Workaroundsc.Vulnerabilitiesd.ObfuscationsClear my choiceQuestion 19Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhat is the software trait that provides accountability for developers and is essential for computer forensics investigations?Question 19Answera.Simplicityb.Reliabilityc.Traceabilityd.None of the aboveClear my choiceQuestion 20Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhich of the following is an example of a software error?Question 20Answera.An abnormal condition that occurs when a user interacts with the software in an unexpected way.b.An incorrect line of code.c.A bad calculation that produces incorrect results.d.All of the above.

When working in the software development security domain, which of the following are tasks that security team members may complete during various phases of the software development lifecycle? Select three answers.1 pointConducting secure code reviewsParticipating in incident investigationsInitiating a secure design reviewPerforming penetration testing

Microsoft's Security Development Lifecycle process recommends an organized group to drive the development and evolution of security best practices and process improvements, to serve as a source of expertise, and to perform a Final ________ Review before software is released.Question 13Answera.Securityb.Designc.Methodologyd.CodeClear my choiceQuestion 14Not yet answeredPoints out of 1.00Flag questionTipsQuestion textThe main focus of the agile software development is _______________.Question 14Answera.What the customers wantb.The end resultsc.Research and analysisd.The cost of software development

Which concept encourages software and system developers to integrate security features at the start of the development cycle?1 pointGlobal surveillanceNational cybersecurityAdvanced encryptionSecurity by design