The PRIMARY reason for incorporating security into the software
development life cycle is to protect

The resiliency of software to withstand attacks that attempt modify or
alter data in an unauthorized manner is referred to as

The MAIN reason as to why the availability aspects of software must
be part of the organization’s software security initiatives is:

Developing the software to monitor its functionality and report when
the software is down and unable to provide the expected service to the
business is a protection to assure which of the following?

When a customer attempts to log into their bank account, the customer
is required to enter a nonce from the token device that was issued to
the customer by the bank. This type of authentication is also known
as which of the following?

Multi-factor authentication is most closely related to which of the
following security design principles?

Audit logs can be used for all of the following EXCEPT

Organizations often pre-determine the acceptable number of user
errors before recording them as security violations. This number is
otherwise known as:

A security principle that maintains the confidentiality, integrity and
availability of the software and data, besides allowing for rapid recovery
to the state of normal operations, when unexpected events occur is the
security design principle of

Requiring the end user to accept an ‘AS-IS’ disclaimer clause before
installation of your software is an example of risk

An instrument that is used to communicate and mandate organizational
and management goals and objectives at a high level is a

The Systems Security Engineering Capability Maturity Model (SSECMM
®) is an internationally recognized standard that publishes
guidelines to

Which of the following is a framework that can be used to develop
a risk based enterprise security architecture by determining security
requirements after analyzing the business initiatives.

Which of the following is a PRIMARY consideration for the software
publisher when selling Commercially Off the Shelf (COTS) software?

The Single Loss Expectancy can be determined using which of the
following formula?

Implementing IPSec to assure the confidentiality of data when it is
transmitted is an example of risk

The Federal Information Processing Standard (FIPS) that prescribe
guidelines for biometric authentication is

Which of the following is a multi-faceted security standard that is
used to regulate organizations that collects, processes and/or stores
cardholder data as part of their business operations?

Which of the following is the current Federal Information Processing
Standard (FIPS) that specifies an approved cryptographic algorithm to
ensure the confidentiality of electronic data?

The organization that publishes the ten most critical web application
security risks (Top Ten) is the

The process of removing private information from sensitive data sets is
referred to as

(Domain 2)
Which of the following MUST be addressed by software security
requirements? Choose the BEST answer

Which of the following types of information is exempt from
confidentiality requirements?

Requirements that are identified to protect against the destruction of
information or the software itself are commonly referred to as

The amount of time by which business operations need to be restored
to service levels as expected by the business when there is a security
breach or disaster is known as

The use of an individual’s physical characteristics such as retinal blood
patterns and fingerprints for validating and verifying the user’s identity
if referred to as

Which of the following policies is MOST likely to include the
following requirement? “All software processing financial transactions
need to use more than one factor to verify the identity of the entity
requesting access””

A means of restricting access to objects based on the identity of subjects
and/or groups to which they belong, as mandated by the requested
resource owner is the definition of

Requirements which when implemented can help to build a history of
events that occurred in the software are known as

Which of the following is the PRIMARY reason for an application to
be susceptible to a Man-in-the-Middle (MITM) attack?

The process of eliciting concrete software security requirements from
high level regulatory and organizational directives and mandates in
the requirements phase of the SDLC is also known as

The FIRST step in the Protection Needs Elicitation (PNE) process is
to

A Requirements Traceability Matrix (RTM) that includes security
requirements can be used for all of the following except

Parity bit checking mechanisms can be used for all of the following
except

Which of the following is an activity that can be performed to clarify
requirements with the business users using diagrams that model the
expected behavior of the software?

Which of the following is LEAST LIKELY to be identified by misuse
case modeling?

Data classification is a core activity that is conducted as part of which
of the following?

Web farm data corruption issues and card holder data encryption
requirements need to be captured as part of which of the following
requirements?

When software is purchased from a third party instead of being built
in-house, it is imperative to have contractual protection in place and
have the software requirements explicitly specified in which of the
following?

When software is able to withstand attacks from a threat agent and
not violate the security policy it is said to be exhibiting which of the
following attributes of software assurance?

Infinite loops and improper memory calls are often known to cause
threats to which of the following?

Which of the following is used to communicate and enforce availability
requirements of the business or client?

Software security requirements that are identified to protect against
disclosure of data to unauthorized users is otherwise known as

The requirements that assure reliability and prevent alterations are to be
identified in which section of the software requirements specifications
(SRS) documentation?

Which of the following is a covert mechanism that assures
confidentiality?

As a means to assure confidentiality of copyright information, the
security analyst identifies the requirement to embed information
insider another digital audio, video or image signal. This is commonly
referred to as

Checksum validation can be used to satisfy which of the following
requirements?

A Requirements Traceability Matrix (RTM) that includes security
requirements can be used for all of the following EXCEPT

Domain 3
During which phase of the software development lifecycle (SDLC) is
threat modeling initiated?

Certificate Authority, Registration Authority, and Certificate
Revocation Lists are all part of which of the following?

The use of digital signatures has the benefit of providing which of the
following that is not provided by symmetric key cryptographic design?

When passwords are stored in the database, the best defense against
disclosure attacks can be accomplished using

Nicole is part of the ‘author’ role as well as she is included in the
‘approver’ role, allowing her to approve her own articles before it is
posted on the company blog site. This violates the principle of

The primary reason for designing Single Sign On (SSO) capabilities is
to

Database triggers are PRIMARILY useful for providing which of the
following detective software assurance capability?

During a threat modeling exercise, the software architecture is reviewed
to identify

A Man-in-the-Middle (MITM) attack is PRIMARILY an expression
of which type of the following threats?

IPSec technology which helps in the secure transmission of information
operates in which layer of the Open Systems Interconnect (OSI) model?

When internal business functionality is abstracted into service oriented
contract based interfaces, it is PRIMARILY used to provide for

At which layer of the Open Systems Interconnect (OSI) model must
security controls be designed to effectively mitigate side channel attacks?

Which of the following software architectures is effective in distributing
the load between the client and the server, but since it includes the
client to be part of the threat vectors it increases the attack surface?

When designing software to work in a mobile computing environment,
the Trusted Platform Module (TPM) chip can be used to provide
which of the following types of information?

When two or more trivial pieces of information are brought together
with the aim of gleaning sensitive information, it is referred to as what
type of attack?

The inner workings and internal structure of backend databases can be
protected from disclosure using

Choose the BEST answer. Configurable settings for logging exceptions,
auditing and credential management must be part of

The token that is PRIMARILY used for authentication purposes in a
Single Sign (SSO) implementation between two different companies is

Syslog implementations require which additional security protection
mechanisms to mitigate disclosure attacks?

Rights and privileges for a file can be granularly granted to each client
using which of the following technologies

Which of the following is known to circumvent the ring protection
mechanisms in operating systems?

When the software is designed using Representational State Transfer
(REST) architecture, it promotes which of the following good
programming practices?

. Which of the following components of the Java architecture is primarily
responsible to ensure type consistency, safety and assure that there are
no malicious instructions in the code?

The primary security concern when implementing cloud applications
is related to

The predominant form of malware that infects mobile apps is

Most Supervisory Control And Data Acquisition (SCADA) systems
are susceptible to software attacks because

Domain 4
Software developers writes software programs PRIMARILY to

The process of combining necessary functions, variables and
dependency files and libraries required for the machine to run the
program is referred to as

Which of the following is an important consideration to manage
memory and mitigate overflow attacks when choosing a programming
language?

Assembly and machine language are examples of

Using multifactor authentication is effective in mitigating which of the
following application security risks?

Impersonation attacks such as Man-in-the-Middle (MITM) attacks in
an Internet application can be BEST mitigated using proper

Implementing Completely Automated Public Turing test to tell
Computers and Humans Apart (CAPTCHA) protection is a means
of defending against

The findings of a code review indicate that cryptographic operations
in code use the Rijndael cipher, which is the original publication of
which of the following algorithms?

Which of the following transport layer technologies can BEST mitigate
session hijacking and replay attacks in a local area network (LAN)?

Verbose error messages and unhandled exceptions can result in which
of the following software security threats?

Code signing can provide all of the following EXCEPT

When an attacker uses delayed error messages between successful and
unsuccessful query probes, he is using which of the following side
channel techniques to detect injection vulnerabilities?

When the code is not allowed to access memory at arbitrary locations
that is out of range of the memory address space that belong to the
object’s publicly exposed fields, it is referred to as which of the following
types of code?

When the runtime permissions of the code are defined as security
attributes in the metadata of the code, it is referred to as

When an all-or-nothing approach to code access security is not possible
and business rules and permissions need to be set and managed more
granularly inline code functions and modules, a programmer can
leverage which of the following?

An understanding of which of the following programming concepts
is necessary to protect against memory manipulation buffer overflow
attacks? Choose the BEST answer.

Exploit code attempt to take control of dangling pointers which

Which of the following is a feature of most recent operating systems
(OS) that makes it difficult for an attacker to guess the memory address
of the program as it makes the memory address different each time the
program is executed?

When the source code is made obscure using special programs in order
to make the readability of the code difficult when disclosed, the code is
also known as

The ability to track ownership, changes in code and rollback abilities is
possible because of which of the following configuration management
processes?

The MAIN benefit of statically analyzing code is that

Cryptographic protection includes all of the following EXCEPT

Replacing the Primary Account Number (PAN) with random or
pseudo-random symbols that are uniquely identifiable and still assuring
privacy is also known as

Which of the following is an implementation of the principle of least
privilege?

Domain 5
The ability of the software to restore itself to expected functionality
when the security protection that is built in is breached is also known
as

In which of the following software development methodologies does
unit testing enable collective code ownership and is critical to assure
software assurance?

Which of the secure design principles is promoted when test harnesses
are used?

The use of IF-THEN rules is characteristic of which of the following
types of software testing?

The implementation of secure features such as complete mediation and
data replication needs to undergo which of the following types of test
to ensure that the software meets the service level agreements (SLA)?

Tests that are conducted to determine the breaking point of the software
after which the software will no longer be functional is characteristic
of which of the following types of software testing?

Which of the following tools or techniques can be used to facilitate the
white box testing of software for insider threats?

When very limited or no knowledge of the software is made known to
the software tester before she can test for its resiliency, it is characteristic
of which of the following types of security tests?

Penetration testing must be conducted with properly defined

Testing for the randomness of session identifiers and the presence of
auditing capabilities provides the software team insight into which of
the following security controls?

Disassemblers, debuggers and decompilers can be used by security
testers to PRIMARILY determine which of the following types of
coding vulnerabilities?

When reporting a software security defect in the software, which of
the following also needs to be reported so that variance from intended
behavior of the software can be determined?

An attacker analyzes the response from the web server which indicates
that its version is the Microsoft Internet Information Server 6.0
(Microsoft-IIS/6.0), but none of the IIS exploits that the attacker
attempts to execute on the web server are successful. Which of the
following is the MOST probable security control that is implemented?

Smart fuzzing is characterized by injecting

Which of the following is the MOST important to ensure, as part
of security testing, when the software is forced to fail x? Choose the
BEST answer.

Timing and synchronization issues such as race conditions and
resource deadlocks can be MOST LIKELY identified by which of the
following tests? Choose the BEST answer.

The PRIMARY objective of resiliency testing of software is to
determine

The ability of the software to withstand attempts of attackers who
intend to breach the security protection that is built in is also known as

Drivers and stub based programming are useful to conduct which of
the following tests?

Assurance that the software meets the expectations of the business as
defined in the service level agreements (SLAs) can be demonstrated by
which of the following types of tests?

Vulnerability scans are used to

In the context of test data management, when a transaction which
serves no business purpose is tested, it is referred to as what kind of
transaction?

As part of the test data management strategy, when a criteria is applied
to export selective information from a production system to the test
environment, it is also referred to as

Domain 6
Your organization has the policy to attest the security of any software
that will be deployed into the production environment. A third party
vendor software is being evaluated for its readiness to be deployed.
Which of the following verification and validation mechanism can be
employed to attest the security of the vendor’s software?

To meet the goals of software assurance, when accepting software, the
acquisition phase MUST include processes to

The process of evaluating software to determine whether the products
of a given development phase satisfies the conditions imposed at the
start of the phase is referred to as

When verification activities are used to determine if the software is
functioning as it is expected to, it provides insight into which of the
following aspects of software assurance?

When procuring software the purchasing company can request the
evaluation assurance levels (EALs) of the software product which is
determined using which of the following evaluation methodologies?

The FINAL activity in the software acceptance process is the go/no go
decision that can be determined using

Management’s formal acceptance of the system after an understanding
of the residual risks to that system in the computing environment is
also referred to as

You determine that a legacy software running in your computing
environment is susceptible to Cross Site Request Forgery (CSRF)
attacks because of the way it manages sessions. The business has the
need to continue use of this software but you do not have the source
code available to implement security controls in code as a mitigation
measure against CSRF attacks. What is the BEST course of action to
undertake in such a situation?

As part of the accreditation process, the residual risk of a software
evaluated for deployment must be accepted formally by the

Domain 7
When software that worked without any issues in the test environments
fails to work in the production environment, it is indicative of

Which of the following is not characteristic of good security metrics?

Removal of maintenance hooks, debugging code and flags, and
unneeded documentation before deployment are all examples of
software

Which of the following has the goal of ensuring that the resiliency
levels of software is always above the acceptable risk threshold as
defined by the business post deployment?

Logging application events such as failed login attempts, sales price
updates and user roles configuration for audit review at a later time is
an example of which of the following type of security control?

When a compensating control is to be used, the Payment Card Industry
Data Security Standard (PCI DSS) prescribes that the compensating
control must meet all of the following guidelines EXCEPT

Versioning, back-ups, check-in and check-out practices are all important
components of

Software that is deployed in a high trust environment such as the
environment within the organizational firewall when not continuously
monitored is MOST susceptible to which of the following types of
security attacks? Choose the BEST answer.

Bastion host systems can be used to continuously monitor the security
of the computing environment when it is used in conjunction with
intrusion detection systems (IDS) and which other security control?

The FIRST step in the incident response process of a reported breach
is to

Which of the following is the BEST recommendation to champion
security objectives within the software development organization?

Which of the following independent process provides insight into the
presence and effectiveness of security and privacy controls and is used
to determine the organization’s compliance with the regulatory and
governance (policy) requirements?

The process of using regular expressions to parse audit logs into
information that indicate security incidents is referred to as

The FINAL stage of the incident management process is to

Problem management aims to improve the value of Information
Technology to the business because it improves service by

The process of releasing software to fix a recently reported vulnerability
without introducing any new features or changing hardware
configuration is referred to as

Fishbone diagramming is a mechanism that is PRIMARILY used for
which of the following processes?

As a means to assure the availability of the existing software functionality
after the application of a patch, the patch need to be tested for

Which of the following policies needs to be established to securely
dispose software and associated data and documents?

Discontinuance of a software with known vulnerabilities with a newer
version is an example of risk

Printer ribbons, facsimile transmissions and printed information when
not securely disposed are susceptible to disclosure attacks by which of
the following threat agents? Choose the BEST answer.

System resources can be protected from malicious file execution attacks
by uploading the user supplied file and running it in which of the
following environment?

As a means to demonstrate the improvement in the security of code
that is developed, one must compute the relative attack surface quotient
(RASQ)

Modifications to data directly in the database by developers must be
prevented by

Which of the following documents is the BEST source to contain
damage and which needs to be referred to and consulted with upon
the discovery of a security breach?

Domain 8
The increased need for security in the software supply chain is
PRIMARILY attributed to

Which phase of the acquisition life cycle involves the issuance of
advertisements to source and evaluate suppliers?

Predictable execution means that the software demonstrates all the
following qualities EXCEPT?

Which of the following is a process threat in the software supply chain?

In the context of the software supply chain, the principle of persistent
protection is also known as

In pre-qualifying a supplier, which of the following must be assessed to
ensure that the supplier can provide timely updates and hotfixes when
an exploitable vulnerability in their software is reported?

Which of the following can provide insight into the effectiveness and
efficiencies of the supply chain processes as it pertains to assuring trust
and software security?

Which of the following contains the security requirements and the
evidence needed to prove that the acquirer requirements are met as
expected?

The difference between disclaimer-based protection and contractsbased
is that

Software programs, database models and images on a website can be
protected using which of the following legal instrument?

You find out that employees in your company have been downloading
software files and sharing them using peer-to-peer based torrent
networks. These software files are not free and need to be purchase
from their respective manufacturers. You employee are violating

Which of the following legal instruments assures the confidentiality
of software programs, processing logic, database schema and internal
organizational business processes and client lists?

When source code of Commercially Off-The-Shelf (COTS) software
is escrowed and released under a free software or open source license
when the original developer (or supplier) no longer continues to develop
that software, that software is referred to as

Improper implementation of validity periods using length-of-use
checks in code can result in which of the following types of security
issues for legitimate users?

Your organization’s software is published as a trial version without any
restricted functionality from the paid version. Which of the following
MUST be designed and implemented to ensure that customers who
have not purchased the software are limited in the availability of the
software?

When must the supplier inform the acquirer of any applicable export
control and foreign trade regulatory requirements in the countries of
export and import?

The disadvantage of using open source software from a security
standpoint is