During fuzz testing of the new product, random values were entered into input elements Searchrequests were sent to the correct API endpoint but many of them failed on execution due to type mismatches.
How should existing security controls be adjusted to prevent this in the future?

• A.Ensure all user input data is validated prior to transmitting requests
• B.Ensure all requests and responses are encrypted
• C.Ensure sensitive transactions can be traced through an audit log
• D.Ensure the contents of authentication cookies are encrypted

Comment: *

Name: *

Email: *

Verification: *

Which type of security analysis is limited by the fact that a significant time investment of a highly skilled team member is required?

• A.Fuzz testing
• B.Dynamic code analysis
• C.Manual code review
• D.Static code analysis

Comment: *

Name: *

Email: *

Verification: *

The security team has a library of recorded presentations that are required viewing tor all new developers in the organization. The video series details organizational security policies and demonstrates how to define, test for. and code tor possible threats.
Which category of secure software best practices does this represent?

• A.Attack models
• B.Training
• C.Architecture analysis
• D.Code review

Comment: *

Name: *

Email: *

Verification: *

In which step of the PASTA threat modeling methodology is vulnerability and exploit analysis performed?

• A.Define technical scope
• B.Attack modeling
• C.Define objectives
• D.Application decomposition

Comment: *

Name: *

Email: *

Verification: *

The product team has been tasked with updating the user interface (UI). They will change the layout and also add restrictions to field lengths and what data will be accepted.
Which secure coding practice is this?

• A.Input validation
• B.Access control
• C.Communication security
• D.Data protection

Comment: *

Name: *

Email: *

Verification: *