A security architect has been engaged during the implementation stage of the SDLC to review a new HR
software installation for security gaps. With the project under a tight schedule to meet market commitments on
project delivery, which of the following security activities should be prioritized by the security architect? (Select
TWO).

A.
Perform penetration testing over the HR solution to identify technical vulnerabilities

B.
Perform a security risk assessment with recommended solutions to close off high-rated risks

C.
Secure code review of the HR solution to identify security gaps that could be exploited

D.
Perform access control testing to ensure that privileges have been configured correctly

E.
Determine if the information security standards have been complied with by the project