Explanation: Authentication is the process of proving whether the identity presented by a user is true and valid. This can be done through common mechanisms such as user ID and password combinations or with more secure methods such as multifactor authentication.

Explanation: DNSSEC is a security extension to the regular DNS protocol and services that allows for the validation of the integrity of DNS lookups. It does not address confidentiality or availability at all. It allows for a DNS client to perform DNS lookups and validate both their origin and authority via the cryptographic signature that accompanies the DNS response.

Explanation: GitHub is an open source tool that developers leverage for code collaboration, branching, and versioning.

Explanation: With dynamic masking, production environments are protected with the masking process being implemented between the application and data layers of the application. This allows for a masking translation to take place live in the system and during normal application processing of data.

Explanation: XML firewalls are most commonly deployed in line between the firewall and application server to validate XML code before it reaches the application.

Explanation: Dynamic application security testing (DAST) is considered “black box” testing and begins with no inside knowledge of the application or its configurations. Everything about the application must be discovered during the testing.

Explanation: KPIs fall under the “business” aspect of QoS, along with monitoring and measuring of events and business processes. Services, security, and applications are all core components and concepts of the “IT” aspect of QoS.

Explanation: With software-defined networking (SDN), the filtering of network traffic is separated from the forwarding of network traffic so that it can be independently administered.

Explanation: Tokenization is the practice of utilizing a random and opaque “token” value in data to replace what otherwise would be a sensitive or protected data object. The token value is usually generated by the application with a means to map it back to the actual real value, and then the token value is placed in the data set with the same formatting and requirements of the actual real value so that the application can continue to function without different modifications or code changes.

Explanation: Representational State Transfer (REST) uses TLS for communication over secured channels. Although REST also supports SSL, at this point SSL has been phased out due to vulnerabilities and has been replaced by TLS.