Question 1

The software security team has been tasked with assessing a document management application that has been in use for many years and developing a plan to ensure it complies with organizational policies. Which post-release deliverable is being described?

Options :

A : Security strategy tor M&A products

B : Security strategy for legacy code

C : Post-release certifications

D : External vulnerability disclosure response process

Answer: B

Question 2

A new product does not display personally identifiable information, will not let private documents be printed, and requires elevation of privilege to retrieve archive documents. Which secure coding practice is this describing?

Options :

A : Access control

B : Data protection

C : Input validation

D : Authentication

Answer: A

Question 3

Which software-testing technique can be automated or semi-automated and provides invalid, unexpected, or random data to the inputs of a computer software program?

Options :

A : Fuzzing

B : Static analysis

C : Dynamic analysis

D : Bugtraq

Answer: A

Question 4

Which privacy impact statement requirement type defines how personal information will be protected when authorized or independent external entities are involved?

Options :

A : Personal information retention requirements

B : User controls requirements

C : Third party requirements

D : Data integrity requirements

Answer: C

Question 5

A recent security review has identified an aging credential recovery/forgotten password component that

emails temporary passwords to users who claim to have forgotten their application password.

How should the organization remediate this vulnerability?

Options :

A : Lock a User Account After Multiple Failed Authentication Attempts

B : Ensure All Authorization Requests Are Logged

C : Implement Multifactor Authentication

D : Implement Role-Based Authorization

Answer: C