A consultant has been engaged to support the team in analyzing why the development of a new software product has slipped schedule by a year. The consultant discovered an increase of the functionality requirements due to the failure of the asset tracking program. Which of the following BEST describes which system lifecycle element is impacted?
What document MOST likely states an organization’s values?
During an onsite audit, an assessor inspected an organization’s asset decommission practice. Which of the following would MOST likely be a finding from a security point of view?
Which of the following provides that redundancy and failover capabilities are built into a system to maximize its uptime?
What is the BEST protection method to ensure that an unauthorized entry attempt would fail when securing highly sensitive areas?
An organization has hired a new auditor to review its critical systems infrastructure for vulnerabilities. Which of the following BEST describes the methodology the auditor will use?
What is the MAIN reason security is considered as part of the system design phase instead of deferring to later phases?
Which assessing whether real-world threats to the security of an application have been mitigated, what is MOST effective source to confirm that sufficient security controls are in place for both end users and customers?
When performing threat modeling using Spoofing, Tampering, Repudiation, Information Disclosure, Denial Of Service, And Elevation of Privilege (STRIDE), which of the following is an example of a repudiation threat?
As the organization requires user friendly access to a new web-based application, a software developer decides to implement Single Sign-On (SSO). The developer uses the de-facto standard for web-based applications and the implementation includes the use of a JavaScript Object Notation (JSON) web token. With this information, which is the BEST way for the software developer to establish SSO capability?
What is the MOST likely cause for a penetration tester having difficulties finding the stack to inject code?
A cybersecurity analyst is responsible for identifying potential security threats and vulnerabilities in the organization's software systems. Which action BEST demonstrates the understanding and application of threat modeling concepts and methodologies?
Which burden of proof has been applied when a workplace investigation has a 51 percent or greater certainty that allegations are true?
An organization is transitioning from a traditional server-centric infrastructure to a cloud-based Infrastructure. Shortly after the transition, a major breach occurs to the organization's databases. In an Infrastructure As A Service (IaaS) model, who would be held responsible for the breach?
Plans are being made to move an organization’s software systems to the cloud in order to utilize the flexibility and scalability of the cloud. Some of these software systems process highly sensitive data. The organization must follow strict legal requirements regarding the location of the highly sensitive data processed by the software systems. Which cloud model will BEST fit the organization’s requirements?
