1.What is commonly the next generation of organizational patch management for many companies?
A.Classroom training
B.A bastion host
C.Enforcing MFA
D.Software assurance program
Ans:D
2.Which of these are common tools used to create or increase security awareness?
A.Exit interviews
B.Computer-based training
C. Emails
D.Bulletins
E.Confirming resume references
F.Posters
Ans: B,C,D,F
3.What solution does AWS use in partnership with other security vendors to mitigate zero-day attacks on the cloud?
A.GuardDuty
B.WAF
C.Beanstalk
D.Lightsall
Ans: A
4.When applying the Secure SDLC, which phase will most likely perform enhancement and ongoing maintenance?
A.Phase 4- construct
B.Phase 7-post-implementation
C.Phase 5 test
D.Phase 6-product release
Ans: B
5.Which of these statements is true when comparing SAST to DAST?
A.DAST can better discover runtime and environment-related issues
B.SAST is more expensive to fix vulnerabilities
C.SAST is considered black box testing
D.DAST requires source code
Ans: A
6.Which are commonly passed from the service provider to the identity provider in a federated solution?
A.Passwords
B.Tokens
C.Logs
D.Notes
Ans: B
7.Which of the following techniques will best give you the option to store and process your data on any public or private cloud instance?
A.Plan and design for elasticity
B.Design apps as a set of services
C.Decouple the data when possible
D.Build security controls into the lifecycle
Ans: c