Domain 6 - Security Assessment & Testing Flashcards
- Real User Monitoring (RUM) is an approach to Web monitoring that?
A. Aims to capture and analyze select transactions of every user of a website or application.
B. Aims to capture and analyze every transaction of every user of a website or application.
C. Aims to capture and analyze every transaction of select users of a website or application.
D. Aims to capture and analyze select transactions of select users of a website or application.
B
- Synthetic performance monitoring, sometimes called proactive monitoring, involves?
A. Having external agents run scripted transactions against a web application.
B. Having internal agents run scripted transactions against a web application.
C. Having external agents run batch jobs against a web application.
D. Having internal agents run batch jobs against a web application.
B
- Most security vulnerabilities are caused by one? (Choose ALL that apply)
A. Bad programming patterns
B. Misconfiguration of security infrastructures
C. Functional bugs in security infrastructures
D. Design flaws in the documented processes
A|B|C
4.When selecting a security testing method or tool, the security practitioner needs to consider many different things, such as:
A. Culture of the organization and likelihood of exposure
B. Local annual frequency estimate (LAFE), and standard annual frequency estimate (SAFE)
C. Security roles and responsibilities for staff
D. Attack surface and supported technologies
D
- In the development stages where an application is not yet sufficiently mature enough to be able to be placed into a test environment, which of the following techniques are applicable: (Choose ALL that apply)
A. Static Source Code Analysis and Manual Code Review
B. Dynamic Source Code Analysis and Automatic Code Review
C. Static Binary Code Analysis and Manual Binary Review
D. Dynamic Binary Code Analysis and Static Binary Review
A|C
- Software testing tenets include: (Choose Two)
A. Testers and coders use the same tools
B. There is independence from coding
C. The expected test outcome is unknown
D. A successful test is one that finds an error
B|D
- Common Structural coverage metrics include: (Choose ALL that apply)
A. Statement Coverage
B. Path Coverage
C. Asset Coverage
D. Dynamic Coverage
A|B
- What are the two main testing strategies in software testing?
A. Positive and Dynamic
B. Static and Negative
C. Known and Recursive
D. Negative and Positive
D
- What is the reason that an Information Security Continuous Monitoring (ISCM) program is established?
A. To monitor information in accordance with dynamic metrics, utilizing information readily available in part through implemented security controls
B. To collect information in accordance with pre-established metrics, utilizing information readily available in part through implemented security controls
C. To collect information in accordance with pre-established metrics, utilizing information readily available in part through planned security controls
D. To analyze information in accordance with test metrics, utilizing information readily available in part through implemented security controls
B
- The process for developing an ISCM strategy and implementing an ISC M program is?
A. Define, analyze, implement, establish, respond, review and update
B. Analyze, implement, define, establish, respond, review and update
C. Define, establish, implement, analyze, respond, review and update
D. Implement, define, establish, analyze, respond, review and update
C
- The NIST document that discusses the Information Security Continuous Monitoring (ISCM) program is?
A. NIST SP 800-121
B. NIST SP 800-65
C. NIST SP 800-53
D. NIST SP 800-137
D
- A Service Organization Control (SOC) Report commonly covers a…
A. 6 month period
B. 12 month period
C. 18 month period
D. 9 month period
B
