Note: Pardon the messiness of the questions. These questions come from my podcast and will be cleaning the questions up over the coming weeks.
When looking at user logs, the purpose of the Username and Passwords provides the following:
Explanation: [a] The username ensures that the correct identification is used when accessing the account.
Which one of the following is a "Preventative" access control type?
Explanation: [c] Man-Traps are considered a preventative access control that will limit individuals from a specific facility.
Abstract episodes of interaction between a system and its environment:
CORRECT ANSWER - Use cases
A list of the most widespread and critical errors that can lead to serious vulnerabilities in software:
CORRECT ANSWER - Information security continuous monitoring (ISCM)
This criteria requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product's behavior:
CORRECT ANSWER - Statement coverage
A process by which developers can understand security threats to a system, determine risks from those threats and establish appropriate mitigations:
CORRECT ANSWER - Threat modeling
This criteria requires sufficient test cases for each feasible data flow to be executed at least once:
CORRECT ANSWER - Data flow coverage
Tests an application for the use of system components or configurations that are known to be insecure:
CORRECT ANSWER - Automated Vulnerability Scanners
The determination of the impact of a change based on review of the relevant documentation:
CORRECT ANSWER - Regression analysis
Analysis of the application source code for finding vulnerabilities without actually executing the application:
CORRECT ANSWER - Static source code analysis (SAST)
Contain security event information such as successful and failed authentication attempts, file access, security policy changes, account changes and use of privileges:
CORRECT ANSWER - Audit records
A design that allows one to peek inside the "box" and focuses specifically on using internal knowledge of the software to guide the selection of test data:
CORRECT ANSWER - White-box testing