Question 1

Which step in the change management process includes modifying the source code?

Options :

A : Patch management

B : Installation management

C : Privacy implementation assessment

D : Policy compliance analysis

Answer: A

Question 2

Using a web-based common vulnerability scoring system (CVSS) calculator, a security response team

member performed an assessment on a reported vulnerability in the company's claims intake component. The

base score of the vulnerability was 3.5 and changed to 5.9 after adjusting temporal and environmental metrics.

Which rating would CVSS assign this vulnerability?

Options :

A : Critical severity

B : High severity

C : Low severity

D : Medium severity

Answer: B

Question 3

Which secure coding best practice says to assume all incoming data should be considered untrusted and should be validated to ensure the system only accepts valid data?

Options :

A : General coding practices

B : Input validation

C : Session management

D : System configuration

Answer: B

Question 4

Which software-testing technique can be automated or semi-automated and provides invalid, unexpected, or random data to the inputs of a computer software program?

Options :

A : Fuzzing

B : Static analysis

C : Dynamic analysis

D : Bugtraq

Answer: A

Question 5

Which type of security analysis is limited by the fact that a significant time investment of a highly skilled team member is required?

Options :

A : Fuzz testing

B : Dynamic code analysis

C : Manual code review

D : Static code analysis

Answer: C