Which of the following is the BEST way for a company to begin understanding product-based solutions to mitigate a known risk?

• A.RFI
• B.RFP
• C.OLA
• D.MSA
• E.RFQ

Comment: *

Name: *

Email: *

Verification: *

A company has received the contract to begin developing a new suite of software tools to replace an aging collaboration solution. The original collaboration solution has been in place for nine years, contains over a million lines of code, and took over two years to develop originally. The SDLC has been broken up into eight primary stages, with each stage requiring an in-depth risk analysis before moving on to the next phase. Which of the following software development methods is MOST applicable?

• A.Spiral model
• B.Incremental model
• C.Waterfall model
• D.Agile model

Comment: *

Name: *

Email: *

Verification: *

A company wants to perform analysis of a tool that is suspected to contain a malicious payload. A forensic analyst is given the following snippet:
^32^[34fda19(fd^43gfd/home/user/lib/module.so.343jk^rfw(342fds43g
Which of the following did the analyst use to determine the location of the malicious payload?

• A.Code deduplicators
• B.Fuzz testing
• C.Binary reverse-engineering
• D.Security containers

Comment: *

Name: *

Email: *

Verification: *

A developer is concerned about input validation for a newly created shopping-cart application, which will be released soon on a popular website. Customers were previously able to manipulate the shopping can so they could receive multiple items while only paying for one item. This resulted in large losses. Which of the following would be the MOST efficient way to test the shopping cart and address the developer's concerns?

• A.Log analysis
• B.Vulnerability assessment
• C.Dynamic analysis
• D.Gray-box testing
• E.Manual code review

Comment: *

Name: *

Email: *

Verification: *