- (Exam Topic 8)
When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

1. A. After the system preliminary design has been developed and the data security categorization has been performed
2. B. After the vulnerability analysis has been performed and before the system detailed design begins
3. C. After the system preliminary design has been developed and before the data security categorization begins
4. D. After the business functional analysis and the data security categorization have been performed

Correct Answer: D

- (Exam Topic 15)
A hospital has allowed virtual private networking (VPN) access to remote database developers. Upon auditing the internal firewall configuration, the network administrator discovered that split-tunneling was enabled. What is the concern with this configuration?

1. A. Remote sessions will not require multi-layer authentication.
2. B. Remote clients are permitted to exchange traffic with the public and private network.
3. C. Multiple Internet Protocol Security (IPSec) tunnels may be exploitable in specific circumstances.
4. D. The network intrusion detection system (NIDS) will fail to inspect Secure Sockets Layer (SSL) traffic.

Correct Answer: C

- (Exam Topic 15)
Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?

1. A. Security Assertion Markup Language (SAML)
2. B. Service Oriented Architecture (SOA)
3. C. Extensible Markup Language (XML)
4. D. Wireless Authentication Protocol (WAP)

Correct Answer: A

- (Exam Topic 9)
Which of the following is the BEST way to verify the integrity of a software patch?

1. A. Cryptographic checksums
2. B. Version numbering
3. C. Automatic updates
4. D. Vendor assurance

Correct Answer: A

- (Exam Topic 15)
Write Once, Read Many (WORM) data storage devices are designed to BEST support which of the following core security concepts?

1. A. lntegrity
2. B. Scalability
3. C. Availability
4. D. Confidentiality

Correct Answer: A