Test 1 Marks

Which threat modeling step identifies the assets that need to be protected?. Set the scope. Analyze the target. Rate Threats. Identify and Document Threats.

Which security assessment deliverable defines measures that can be periodically reported to management?. Metrics Template. SDL Project Outline. Threat Profile. Product Risk Profile.

The software security team prepared a report of necessary coding and architecture changes identified during the security assessment. Which design and development deliverable did the team prepare?. Updated threat modeling artifacts. Security Test Plans. Privacy Implementation assessment results. Design Security review.

What refers to the review of software source code by developers other than the original coders to try to identify oversights, mistakes, assumptions, a lack of knowledge, or even experience?. User Acceptance testing. Manual Peer Review. Fault injection. Dynamic Code Review.

A public library needs to implement a security control on publicly used computers to prevent illegal downloads. Which security control would prevent this threat?. Nonrepudiation. Authentication. Integrity. Availability.

Which type of manual code review technique is being used when the reviewer starts at an input control and traces its value through the application to each of the value's outputs?. Risk analysis. Control Flow analysis. Data flow analysis. Threat analysis.

Which threat modeling step assigns a score to discovered threats?. Rate Threats. Analyze the Target. Identify and Document Threats. Set the scope.