Question 6 of 350

DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires high integrity and medium availability?

Answer

Suggested Answer

The suggested answer is D.

The DoD 8500.2 establishes IA controls depending on the Mission Assurance Categories (MAC) and confidentiality levels. MAC I requires high integrity and high availability. MAC II requires high integrity and medium availability, which fits the requirement stated in the question. MAC III requires basic integrity and availability.

Community Votes5 votes
DSuggested
100%
Question 7 of 350

Microsoft software security expert Michael Howard defines some heuristics for determining code review in "A Process for Performing Security Code Reviews".

Which of the following heuristics increase the application's attack surface? Each correct answer represents a complete solution. Choose all that apply.

Answer

Suggested Answer

The suggested answer is B, D, E, F.

Code listening on a globally accessible network interface increases the attack surface because it is exposed to potential attackers connected to the network. Anonymously accessible code poses a risk as it can be accessed without authentication, making it a potential target. Code that runs by default increases the attack surface because it is always active, providing more opportunities for exploitation. Finally, code that runs in elevated context poses a higher risk as it has more privileges, which can be leveraged by attackers if compromised.

Community Votes1 vote
BDEFSuggested
100%
Question 8 of 350

Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?

Answer

Suggested Answer

The suggested answer is D.

The confidentiality service of a cryptographic system ensures that information will not be disclosed to any unauthorized person on a local network. Confidentiality protects data from being accessed by unauthorized parties, thereby maintaining privacy and secrecy.

Community Votes2 votes
DSuggested
100%
Question 9 of 350

What are the various activities performed in the planning phase of the Software Assurance Acquisition process? Each correct answer represents a complete solution. Choose all that apply.

Answer

Suggested Answer

The suggested answer is A, C, D.

In the planning phase of the Software Assurance Acquisition process, several vital activities are undertaken to ensure that software requirements, strategies, and evaluation criteria are adequately prepared. First, developing software requirements is crucial as it ensures the acquired software meets all functional and security specifications. Second, creating an acquisition strategy is essential as it outlines the approach for procuring software and addresses potential risks. Lastly, developing evaluation criteria and an evaluation plan allows stakeholders to establish a clear framework for assessing the proposals and capabilities of potential vendors. Implementing change control procedures is not part of the planning phase but rather associated with the monitoring and acceptance phase to handle deviations during and after deployment.

Community Votes3 votes
ACDSuggested
100%
Question 10 of 350

You work as a project manager for BlueWell Inc. You are working on a project and the management wants a rapid and cost-effective means for establishing priorities for planning risk responses in your project. Which risk management process can satisfy management's objective for your project?

Answer

Suggested Answer

To establish priorities for planning risk responses in a rapid and cost-effective manner, the most suitable process is Qualitative Risk Analysis. This process assesses the likelihood and impact of identified risks quickly and at a lower cost compared to Quantitative Analysis. It focuses on evaluating risks using subjective measures and expert judgment, thereby enabling the project manager to prioritize risks that need immediate attention or further analysis. Unlike quantitative methods, it does not require extensive data or complex modeling, making it ideal for quick decision-making and resource allocation within project constraints.

Community Votes1 vote
AMost voted
100%