Which of the following DoD directives is referred to as the Defense Automation Resources
Management Manual?

Which of the following access control models are used in the commercial sector? Each correct
answer represents a complete solution. Choose two.

Which of the following testing methods verifies the interfaces between components against a
software design?

Which of the following statements best describes the difference between the role of a data owner
and the role of a data custodian?

Della works as a security engineer for BlueWell Inc. She wants to establish configuration
management and control procedures that will document proposed or actual changes to the
information system. Which of the following phases of NIST SP 800-37 C&A methodology will
define the above task?

Which of the following governance bodies directs and coordinates implementations of the
information security program?

Which of the following software review processes increases the software security by removing the
common vulnerabilities, such as format string exploits, race conditions, memory leaks, and buffer
overflows?

Which of the following secure coding principles and practices defines the appearance of code
listing so that a code reviewer and maintainer who have not written that code can easily
understand it?

Which of the following methods offers a number of modeling practices and disciplines that
contribute to a successful service-oriented life cycle management and modeling?

In which of the following alternative processing sites is the backup facility maintained in a constant
order, with a full complement of servers, workstations, and communication links ready to assume
the primary operations responsibility?