Question 1

Quantitative risk assessment differs from qualitative risk assessment in that it predicts attacks based on what?

Options :

A : Penetration tests

B : Historical loss information

C : Projections based on qualitative factors

D : Zero-day loss information

Answer: B

Question 2

Configuration management involves which two separate roles? (Choose all that apply.)

Options :

A : Supplier

B : Maintainer

C : Developer

D : Customer

Answer: C,D

Question 3

When analyzing the security of third-party software, which factors should be considered to ensure the software’s trustworthiness and reliability?

Options :

A : The origin of the software and reputation of the vendor

B : The overall rating provided in assessment reports such as the cloud controls matrix

C : The level of technical support provided by the vendor

D : The number of certificates the software has obtained

Answer: B

Question 4

Which of the following should be done throughout development? (Choose all that apply.)

Options :

A : Attack surface analysis

B : Threat models

C : Managed code

D : Cryptographic agility

Answer: A,B

Question 5

The operations phase of the software lifecycle is characterized by what?

Options :

A : It begins when software is released from development.

B : It begins with the development of the program requirements.

C : The response team is the process manager.

D : The development team is the process manager.

Answer: A