A public library needs to implement security control on publicly used computers to prevent illegal downloads.
Which security control would prevent this threat?
What is the privacy impact rating of an application that stores personally identifiable information, monitors users with ongoing transfers of anonymous data, and changes settings without notifying the user?
The organization is moving from a waterfall to an agile software development methodology, so the software security group must adapt the security development life cycle as well. They have decided to break out security requirements and deliverables to fit better in the iterative life cycle by defining every-sprint requirements, one-time requirements, bucket requirements, and final security review requirements.
Which type of requirement slates that the team must identify primary security and privacy contacts?
The product development team is preparing for the production deployment of recent feature enhancements. One morning, they noticed the amount of test data grew exponentially overnight. Most fields were filled with random characters, but some structured query language was discovered.
Which type of security development lifecycle (SDL) tool was likely being used?
Which concept is demonstrated when every module in a particular abstraction layer of a computing environment can only access the information and resources that are necessary for its legitimate purpose?
Which type of security analysis is limited by the fact that a significant time investment of a highly skilled team member is required?
Which threat modeling step assigns a score to discovered threats?
Which privacy impact statement requirement type defines processes to keep personal information updated and accurate?
The software security group is conducting a maturity assessment using the Open Web Application Security Project Software Assurance Maturity Model (OWASP OpenSAMM). They are currently focused on reviewing design artifacts to ensure they comply with organizational security standards.
Which OpenSAMM business function is being assessed?
A software security team recently completed an internal assessment of the company's security assurance program. The team delivered a set of scorecards to leadership along with proposed changes designed to improve low-scoring governance, development, and deployment functions.
Which software security maturity model did the team use?
PDF + Testing Engine
|
---|
$66 |
Testing Engine
|
---|
$50 |
PDF (Q&A)
|
---|
$42 |
WGU Free Exams |
---|
![]() |