Which of the following provides an easy way to programmers for writing lower-risk applications
and retrofitting security into an existing application?

Which of the following testing methods tests the system efficiency by systematically selecting the
suitable and minimum set of tests that are required to effectively cover the affected changes?

Which of the following specifies access privileges to a collection of resources by using the URL
mapping?

You are the project manager of QSL project for your organization. You are working with your
project team and several key stakeholders to create a diagram that shows how various elements
of a system interrelate and the mechanism of causation within the system. What diagramming
technique are you using as a part of the risk identification process?

Which of the following security models characterizes the rights of each subject with respect to
every object in the computer system?

Penetration testing (also called pen testing) is the practice of testing a computer system, network,
or Web application to find vulnerabilities that an attacker could exploit. Which of the following
areas can be exploited in a penetration test? Each correct answer represents a complete solution.
Choose all that apply.

Which of the following types of activities can be audited for security? Each correct answer
represents a complete solution. Choose three.

Which of the following federal agencies has the objective to develop and promote measurement,
standards, and technology to enhance productivity, facilitate trade, and improve the quality of life?

Which of the following SDLC phases consists of the given security controls: Misuse Case
Modeling Security Design and Architecture Review Threat and Risk Modeling Security
Requirements and Test Cases Generation?

Which of the following are the initial steps required to perform a risk analysis process? Each
correct answer represents a part of the solution. Choose three.