<< Prev Question Next Question >>

Question 4/57

The organization is moving from a waterfall to an agile software development methodology, so the software security group must adapt the security development life cycle as well. They have decided to break out security requirements and deliverables to fit better in the iterative life cycle by defining every-sprint requirements, one- time requirements, bucket requirements, and final security review requirements.
Which type of requirement slates that the team must identify primary security and privacy contacts?

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (57q)
Question 1: While performing functional testing of the ordering feature ...
Question 2: Which software-testing technique can be automated or semi-au...
Question 3: Company leadership has discovered an untapped revenue stream...
Question 4: The organization is moving from a waterfall to an agile soft...
Question 5: A product team, consisting of a Scrum Master, a Business Ana...
Question 6: A security architect is creating a data flow diagram and dra...
Question 7: Which secure coding best practice says to use well-vetted al...
Question 8: What is one of the tour core values of the agile manifesto?...
Question 9: The security software team has cloned the source code reposi...
Question 10: Which SDL security goal is defined as ensuring timely and re...
Question 11: What sits between a browser and an internet connection and a...
Question 12: Which type of security analysis is limited by the fact that ...
Question 13: The software security team prepared a detailed schedule napp...
Question 14: Which security assessment deliverable identifies possible se...
Question 15: The product team has been tasked with updating the user inte...
Question 16: The software security team has been tasked with assessing a ...
Question 17: The product development team is preparing for the production...
Question 18: Which threat modeling methodology involves creating or using...
Question 19: Security testers have completed testing and are documenting ...
Question 20: Which secure coding best practice says to ensure that buffer...
Question 21: A public library needs to implement security control on publ...
Question 22: The software security group is conducting a maturity assessm...
Question 23: The security team is identifying technical resources that wi...
Question 24: While performing functional testing of the new product from ...
Question 25: Which threat modeling step collects exploitable weaknesses w...
Question 26: What are the three primary goals of the secure software deve...
Question 27: Which security assessment deliverable identities unmanaged c...
Question 28: Which question reflects the security change management compo...
Question 29: The security team is reviewing all noncommercial software li...
Question 30: Developers have finished coding, and changes have been peer-...
Question 31: Which type of security analysis is performed using automated...
Question 32: Automated security testing was performed by attempting to lo...
Question 33: In which step of the PASTA threat modeling methodology will ...
Question 34: An individual is developing a software application that has ...
Question 35: The software security group is conducting a maturity assessm...
Question 36: Which DKEAD category has a risk rating based on the threat e...
Question 37: Using a web-based common vulnerability scoring system (CVSS)...
Question 38: Due to positive publicity from the release of the new softwa...
Question 39: The security team has a library of recorded presentations th...
Question 40: The Chief Information Security Officer (CISO) has recommende...
Question 41: Which software control test examines the internal logical st...
Question 42: Which threat modeling step identifies the assets that need t...
Question 43: Which type of security analysis is performed by injecting ma...
Question 44: A recent vulnerability scan uncovered an XML external entity...
Question 45: The final security review determined that two low-risk secur...
Question 46: Which threat modeling approach concentrates on things the or...
Question 47: Which secure coding best practice ensures sensitive informat...
Question 48: Which software control test examines an application from a u...
Question 49: Which type of security analysis is performed by reviewing so...
Question 50: A company is moving forward with a new product. Product scop...
Question 51: In which step of the PASTA threat modeling methodology is vu...
Question 52: A potential threat was discovered during vulnerability testi...
Question 53: A legacy application has been replaced by a new product that...
Question 54: What is the privacy impact rating of an application that sto...
Question 55: Which type of manual code review technique is being used whe...
Question 56: Which software development model starts by specifying and im...
Question 57: What are the eight phases of the software development lifecy...