- (Exam Topic 12)
The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would

1. A. require an update of the Protection Profile (PP).
2. B. require recertification.
3. C. retain its current EAL rating.
4. D. reduce the product to EAL 3.

Correct Answer: B

- (Exam Topic 15)
Which of the following is included in change management?

1. A. Business continuity testing
2. B. User Acceptance Testing (UAT) before implementation
3. C. Technical review by business owner
4. D. Cost-benefit analysis (CBA) after implementation

Correct Answer: A

- (Exam Topic 9)
Which of the following is the FIRST step of a penetration test plan?

1. A. Analyzing a network diagram of the target network
2. B. Notifying the company's customers
3. C. Obtaining the approval of the company's management
4. D. Scheduling the penetration test during a period of least impact

Correct Answer: C

- (Exam Topic 14)
Which of the following practices provides the development team with a definition of security and identification of threats in designing software?

1. A. Penetration testing
2. B. Stakeholder review
3. C. Threat modeling
4. D. Requirements review

Correct Answer: C

- (Exam Topic 14)
A large corporation is locking for a solution to automate access based on where on request is coming from, who the user is, what device they are connecting with, and what time of day they are attempting this access. What type of solution would suit their needs?

1. A. Discretionary Access Control (DAC)
2. B. Role Based Access Control (RBAC)
3. C. Mandater Access Control (MAC)
4. D. Network Access Control (NAC)

Correct Answer: D