Which of the following is the BEST method to assess the effectiveness of an organization’s
vulnerability management program?

Which methodology is recommended for penetration testing to be effective in the development
phase of the life-cycle process?

DRAG DROP
A software security engineer is developing a black box-based test plan that will measure the
system’s reaction to incorrect or illegal inputs or unexpected operational errors and situations.
Match the functional testing techniques on the left with the correct input parameters on the right.

Which of the following is most helpful in applying the principle of LEAST privilege?

Which of the following explains why record destruction requirements are included in a data
retention policy?

What should happen when an emergency change to a system must be performed?

Which of the following is the BEST approach to take in order to effectively incorporate the concepts
of business continuity into the organization?

HOTSPOT
Which Web Services Security (WS-Security) specification maintains a single authenticated identity
across multiple dissimilar environments? Click on the correct specification in the image below.

Which of the following has the GREATEST impact on an organization’s security posture?

The application of which of the following standards would BEST reduce the potential for data
breaches?