CSSLP Domain 6 - Software Acceptance Exam Questions and Answers 100% Correct

CSSLP Domain 6 - Software Acceptance Exam Questions and Answers 100% Correct Your organization has the policy to attest the security of any software that will be deployed into the production environment. A third party vendor software is being evaluated for its readiness to be deployed. Which of the following verification and validation mechanism can be employed to attest the security of the vendor's software? A. Source code review B. Threat modeling the software C. Black box testing D. Structural analysis - Correct Answer ️️ -C. Black box testing To meet the goals of software assurance, when accepting software, the acquisition phase MUST include processes to A. verify that installation guides and training manuals are provided B. assess the presence and effectiveness of protection mechanisms C. validate vendor's software products D. assist the vendor in responding to the request for proposals - Correct Answer ️️ -b. assess the presence and effectiveness of protection mechanisms The process of evaluating software to determine whether the products of a given development phase satisfies the conditions imposed at the start of the phase is referred to as A. verification B. validation C. authentication D. authorization - Correct Answer ️️ -A. verification When verification activities are used to determine if the software is functioning as it is expected to, it provides insight into which of the following aspects of software assurance? A. Redundancy B. Reliability C. Resiliency D. Recoverability - Correct Answer ️️ -B. Reliability When procuring software the purchasing company can request the evaluation assurance levels (EALs) of the software product which is determined using which of the following evaluation methodologies? A. Operationally Critical Assets Threats and Vulnerability Evaluation (OCTAVE) B. Security Quality Requirements Engineering (SQUARE) C. Common Criteria D. Comprehensive, Lightweight Application Security Process (CLASP) - Correct A