- (Exam Topic 13)
Which of the following are important criteria when designing procedures and acceptance criteria for acquired software?

1. A. Code quality, security, and origin
2. B. Architecture, hardware, and firmware
3. C. Data quality, provenance, and scaling
4. D. Distributed, agile, and bench testing

Correct Answer: A

- (Exam Topic 13)
Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack?

1. A. parameterized database queries
2. B. whitelist input values
3. C. synchronized session tokens
4. D. use strong ciphers

Correct Answer: C

- (Exam Topic 15)
An organization plans to acquire @ commercial off-the-shelf (COTS) system to replace their aging home-built reporting system. When should the organization's security team FIRST get involved in this acquisition’s life cycle?

1. A. When the system is being designed, purchased, programmed, developed, or otherwise constructed
2. B. When the system is verified and validated
3. C. When the system is deployed into production
4. D. When the need for a system is expressed and the purpose of the system Is documented

Correct Answer: D

- (Exam Topic 11)
Which of the following secures web transactions at the Transport Layer?

1. A. Secure HyperText Transfer Protocol (S-HTTP)
2. B. Secure Sockets Layer (SSL)
3. C. Socket Security (SOCKS)
4. D. Secure Shell (SSH)

Correct Answer: B

- (Exam Topic 6)
Which of the following could cause a Denial of Service (DoS) against an authentication system?

1. A. Encryption of audit logs
2. B. No archiving of audit logs
3. C. Hashing of audit logs
4. D. Remote access audit logs

Correct Answer: D