284 Chapter 11 ■ Practice Test 3
- Doug is choosing a software development life-cycle model for use in a project he is leading
to develop a new business application. He has very clearly defined requirements and would
like to choose an approach that places an early emphasis on developing comprehensive
documentation. He does not have a need for the production of rapid prototypes or iterative
improvement. Which model is most appropriate for this scenario?
A. Agile
B. Waterfall
C. Spiral
D. DevOps - Which individual bears the ultimate responsibility for data protection tasks?
A. Data owner
B. Data custodian
C. User
D. Auditor - What should be true for salts used in password hashes?
A. A single salt should be set so passwords can be de-hashed as needed.
B. A single salt should be used so the original salt can be used to check passwords
against their hash.
C. Unique salts should be stored for each user.
D. Unique salts should be created every time a user logs in. - What type of assessment methods are associated with mechanisms and activities based on
the recommendations of NIST SP800-53A, the Guide for Assessing Security Controls in
Federal Information Systems?
A. Examine and interview
B. Test and assess
C. Test and interview
D. Examine and test - Which one of the following controls would be most effective in detecting zero-day attack
attempts?
A. Signature-based intrusion detection
B. Anomaly-based intrusion detection
C. Strong patch management
D. Full-disk encryption