A software development team is tasked with enhancing the security of their mobile applications. They are exploring security testing techniques specifically tailored for mobile apps to uncover vulnerabilities that could be exploited by attackers. Considering the provided information, which of the following security testing techniques focuses specifically on testing the security of mobile applications, including both native and hybrid apps?

B) MAST - Mobile Application Security Testing

A) SCA - Software Composition Analysis

C) RASP - Runtime Application Self-Protection

D) DAST - Dynamic Application Security Testing

A company is evaluating security measures for its enterprise applications to protect valuable data and prevent unauthorized access. They understand the importance of implementing security measures tailored to each application's functionalities. Considering the provided information, which enterprise application requires careful configuration and regular updates to prevent attacks like cross-site scripting, especially considering its user-friendly interface for non-technical users?

D) CMS (Content Management System)

A) CRM (Customer Relationship Management)

B) ERP (Enterprise Resource Planning)

C) CMDB (Configuration Management Database)

In a software development lifecycle, different environments play crucial roles in ensuring the quality and stability of the software. However, maintaining these environments securely is essential to prevent unauthorized access and ensure smooth operations. Which of the following practices BEST addresses the security concerns associated with maintaining separate development environments?

B) Utilizing network segmentation to isolate development environments from each other.

A) Implementing role-based access control (RBAC) to restrict access based on user roles.

C) Implementing multi-factor authentication (MFA) for accessing development environments.

D) Employing encryption to secure data within development environments.

Considering the provided information, which of the following objectives is NOT aligned with the goals of implementing SecDevOps in the IT infrastructure?

B) Maintain productivity on operations teams

A) Prevent security issues early on

C) Deliver consistent, reliable programs

D) Create a flexible, adaptive environment for devs

A software development team is considering different approaches to enhance the security of their applications. They are exploring various security testing techniques to identify and mitigate vulnerabilities effectively. Considering the provided information, which of the following security testing techniques involves analyzing the source code of an application without executing it, aiming to identify potential vulnerabilities and security weaknesses?

D) SAST - Static Application Security Testing

A) SCA - Software Composition Analysis

B) DAST - Dynamic Application Security Testing

C) IAST - Interactive Application Security Testing

Which access control best practice describes distributing tasks among different personnel to prevent a single individual from having excessive control over critical systems?

B) Centralized Access Management

A company is planning to integrate its enterprise applications to streamline operations and improve efficiency. They are aware of the security risks associated with each application and prioritize implementing appropriate security measures. Considering the provided information, which enterprise application requires strict access controls to safeguard sensitive data in large databases, such as customer orders and spending?

B) ERP (Enterprise Resource Planning)

A) CRM (Customer Relationship Management)

C) CMDB (Configuration Management Database)

D) CMS (Content Management System)

A software development team is focused on improving code maintainability and reuse while prioritizing security considerations. They recognize the importance of establishing procedures for code disposal to prevent potential security breaches. Considering the provided information, which aspect of coding and development emphasizes maintaining code quality, facilitating reuse, and establishing procedures for secure code disposal?

D) Focusing on secure coding practices

A) Using tools to find vulnerabilities

B) Conducting thorough security tests

C) Developing maintenance documentation

Which security method provides the resource owner with full control over who can access the resource?

B) Discretionary Access Control (DAC)

A) Mandatory Access Control (MAC)

C) Role-Based Access Control (RBAC)

D) Attribute-Based Access Control (ABAC)

Which technology, often used by universities and public organizations, provides the capability for users to access resources on a website after authenticating with an identity provider, similar to SAML?

C) SAML (Security Assertion Markup Language)

Which technology provides the capability for users to access multiple sites with one account, as described in the situation?

C) SAML (Security Assertion Markup Language)

Your organization is planning to implement a sandboxing environment to keep each development environment separate and prevent unauthorized access between them. However, the development team is concerned about the impact of sandboxing on collaboration and code sharing between different development environments. Which of the following measures would be MOST EFFECTIVE in addressing these concerns while maintaining the security of the sandboxing environment?

A) Implementing secure APIs for controlled communication between sandboxed environments.

B) Enforcing strict access control policies based on project requirements within each sandboxed environment.

C) Implementing automated code deployment tools to streamline code sharing and collaboration.

D) Utilizing virtualization technology to create isolated instances for each sandboxed environment.

Which access control method provides the resource owner with full control over access rights in a UNIX/Linux environment?

B) Discretionary Access Control (DAC)

A) Mandatory Access Control (MAC)

C) Role-Based Access Control (RBAC)

D) Attribute-Based Access Control (ABAC)

CASP+: Chapter 5(2of3)

Quiz

•

Computers

•

University

•

Practice Problem

•

Hard

Khairul Imtiyaz

Used 1+ times

FREE Resource

28 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An organization is implementing middleware software to facilitate communication between its applications. They prioritize security considerations to ensure secure communication and flexibility in deploying changes. Considering the provided information, which middleware software utilizes logical addresses for communication and enhances flexibility in deploying changes between applications?

A) Directory Services

B) Domain Name System (DNS)

C) Service-Oriented Architecture (SOA)

D) Enterprise Service Bus (ESB)

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Considering the provided information, which type of code review methodology is likely to be emphasized to achieve the goal of encouraging developers to focus on reviewing altered bits of code instead of entire code bases?

A) Comprehensive Code Review

B) Incremental Code Review

C) Dynamic application security testing (DAST)

D) Static application security testing (SAST)

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A software development team is focused on ensuring that code changes do not break previously working features and that security issues like input validation are adequately addressed. They are implementing a testing approach that specifically checks for these scenarios. Considering the provided information, which testing approach checks if code changes break previously working features, especially for security issues like input validation?

A) Regression Testing

B) Unit Testing

C) Integration Testing

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Considering the provided information, which of the following objectives BEST represents the focus of SecDevOps when applied to IT infrastructure management?

A) Ensuring rapid deployment of new features

B) Reducing operational overhead

C) Ensuring compliance with industry regulations

D) Improving collaboration between development and operations teams

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A software development team is focused on establishing a robust software development lifecycle that integrates development and operations seamlessly. They aim to implement a structured process encompassing planning, coding, testing, releasing, deploying, operating, and monitoring. Considering the provided information, which of the following practices involves integrating development and operations through a structured process encompassing various stages of software development?

A) Validating Third-Party Libraries

B) Defined DevOps Pipeline

C) Code Signing

D) Threat Modeling

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Considering the provided information, what are the two code review methodologies primarily employed by the SecDevOps team?

A) Dynamic application security testing (DAST) and Incremental Code Review

B) Static application security testing (SAST) and Comprehensive Code Review

C) Incremental Code Review and Static application security testing (SAST)

D) Dynamic application security testing (DAST) and Static application security testing (SAST)

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Considering the provided information, which of the following practices focuses on ensuring the readiness of the infrastructure supporting the application for production deployment?

A) Continuous Integration (CI)

B) Continuous Delivery

C) Continuous Deployment

D) Continuous Monitoring

E) Continuous Validation

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

23 questions

Repaso Arquitectura TI Empresarial

Quiz

•

University

23 questions

GST 107/CSC 101

Quiz

•

University

25 questions

Komputer Dasar

Quiz

•

University

24 questions

Mastering Project Management Concepts

Quiz

•

University

25 questions

Internet

Quiz

•

University

24 questions

Arkitekturë e Kompjuterëve [IV]

Quiz

•

University

25 questions

[Pre-Assessment]Networking 1

Quiz

•

University

25 questions

Jaringan Komputer dan Internet

Quiz

•

8th Grade - University

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Computers

18 questions

Valentines Day Trivia

Quiz

•

3rd Grade - University

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

23 questions

Subject Verb Agreement

Quiz

•

9th Grade - University

5 questions

What is Presidents' Day?

Interactive video

•

10th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

20 questions

Mardi Gras History

Quiz

•

6th Grade - University

10 questions

The Roaring 20's Crash Course US History

Interactive video

•

11th Grade - University

17 questions

Review9_TEACHER

Quiz

•

University

CASP+: Chapter 5(2of3)

28 questions

Considering the provided information, which type of code review methodology is likely to be emphasized to achieve the goal of encouraging developers to focus on reviewing altered bits of code instead of entire code bases?

Considering the provided information, which of the following objectives BEST represents the focus of SecDevOps when applied to IT infrastructure management?

Considering the provided information, what are the two code review methodologies primarily employed by the SecDevOps team?

Considering the provided information, which of the following practices focuses on ensuring the readiness of the infrastructure supporting the application for production deployment?

Considering the provided information, which development methodology combines incremental and waterfall approaches, adjusting development based on feedback while maintaining an overall structure and emphasizing risk analysis at each step?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers