Ann, the software security engineer, works for a major software vendor. Which of the following
practices should be implemented to help prevent race conditions, buffer overflows, and other
similar vulnerabilities prior to each production release?

Ann, the software security engineer, works for a major software vendor. Which of the following
practices should be implemented to help prevent race conditions, buffer overflows, and other
similar vulnerabilities prior to each production release?

Which of the following assessment techniques would a security administrator implement to ensure
that systems and software are developed properly?

Which of the following assessment techniques would a security administrator implement to ensure
that systems and software are developed properly?

A financial company requires a new private network link with a business partner to cater for
realtime and batched data flows.
Which of the following activities should be performed by the IT security staff member prior to
establishing the link?

Which of the following assessments would Pete, the security administrator, use to actively test that

an application’s security controls are in place?

Which of the following is the MOST intrusive type of testing against a production system?

Which of the following is the MOST intrusive type of testing against a production system?

During an anonymous penetration test, Jane, a system administrator, was able to identify a shared
print spool directory, and was able to download a document from the spool. Which statement
BEST describes her privileges?

During an anonymous penetration test, Jane, a system administrator, was able to identify a shared
print spool directory, and was able to download a document from the spool. Which statement
BEST describes her privileges?