🏷️ LIMITED TIME OFFER: GET 20% OFF GRADE+ YEARLY SUBSCRIPTION →
Log in
Computer Science
6
answers
1
watching
146
views

The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.

Which of the following testing methods would be BEST for the engineer to utilize in this situation?

  1. Software composition analysis
  2. Code obfuscation
  3. Static analysis
  4. Dynamic analysis

Watch
6
answers
1
watching
146
views

For unlimited access to Homework Help, a Homework+ subscription is required.

Avatar image
Liked by myrrcenary and 2 others

Unlock all answers

Get 1 free homework help answer.
Already have an account? Log in
Share
Avatar image
Read by 1 person
Already have an account? Log in
Share
Avatar image
Read by 1 person
Already have an account? Log in
Share
Avatar image
Read by 1 person
Already have an account? Log in
Share
Avatar image
Read by 1 person
Already have an account? Log in
Share
Avatar image
Read by 1 person
Already have an account? Log in
Share

Related questions

A security engineer was auditing an organization's current software development practice and discovered that multiple open-source libraries were Integrated into the organization's software. The organization currently performs SAST and DAST on the software it develops.

Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

  1. Perform additional SAST/DAST on the open-source libraries.
  2. Implement the SDLC security guidelines.
  3. Track the library versions and monitor the CVE website for related vulnerabilities.
  4. Perform unit testing of the open-source libraries.

A Or D ??? 

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the logs the time surrounding the incident and identified all the assets on the network at the time of the data loss. The analyst suspect the key to finding the source was obfuscated in an application. Which of the following should the analyst use NEXT?

  1. Software decomplier
  2. Network enumerator
  3. Log reduction and analysis tool
  4. Static code analysis
  5.  

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:

Only users with corporate-owned devices can directly access servers hosted by the cloud provider.

The company can control what SaaS applications each individual user can access.

User browser activity can be monitored.

Which of the following solutions would BEST meet these requirements?

Options: A IAM gateway, MDM, and reverse proxy
B VPN, CASB, and secure web gateway
C SSL tunnel, DLP, and host-based firewall
D API gateway, UEM, and forward proxy

Related Documents

CEN 4010
Final Exam
Study Guide
CEN 4010 Study Guide - Midterm Guide: Usability, James Rumbaugh, Maintainability
salmonimpala571
CS447 Lecture Notes - Lecture 1: Linked List, Coverity, Software Engineering
CPSC 420 Chapter Notes - Chapter Chapter 8: Microsoft Visual Studio, Microsoft Visio, Software Development Process
pdopler16

Weekly leaderboard

Home
Homework Help 3,900,000
Computer Science 2,000
Start filling in the gaps now
Log in