DRAG DROP Match the following generic software testing methods with their major focus and objective.
Drag each testing method next to its corresponding set of testing objectives.
Select and Place:

What is the motivation for use of the Online Certificate Status Protocol (OCSP)?

A. To return information on multiple certificates
B. To control access to Certificate Revocation List (CRL) requests
C. To provide timely up-to-date responses to certificate queries
D. To issue X.509v3 certificates more quickly

Security categorization of a new system takes place during which phase of the Systems Development Life Cycle (SDLC)?

A. System implementation
B. System initiation
C. System operations and maintenance
D. System acquisition and development

Where would an organization typically place an endpoint security solution?

A. Web server and individual devices
B. Intrusion Detection System (IDS) and web server
C. Central server and individual devices
D. Intrusion Detection System (IDS) and central sever

Which of the following global privacy legislation principles ensures that data handling policies and the name of the data controller are easily accessible to the public?

A. Use limitation
B. Openness
C. Purpose specification
D. Individual participation

Why are mobile devices sometimes difficult to investigate in a forensic examination?

A. There are no forensics tools available for examination.
B. They may contain cryptographic protection.
C. They have password-based security at logon.
D. They may have proprietary software installed to protect them.

Which concept might require users to use a second access token or to re-enter passwords to gain elevated access rights in the identity and access provisioning life cycle?

A. Time-based
B. Enrollment
C. Least privilege
D. Access review

When conveying the results of a security assessment, which of the following is the PRIMARY audience?

A. Information System Security Officer (ISSO)
B. Authorizing Official (AO)
C. Information System Security Manager (ISSM)
D. Security Control Assessor (SCA)

Which layer of the Open System Interconnection (OSI) model is reliant on other layers and is concerned with the structure, interpretation and handling of information?

A. Presentation Layer
B. Session Layer
C. Application Layer
D. Transport Layer

What is the FIRST action a security professional needs to take while assessing an organization’s asset security in order to properly classify and protect access to data?

A. Verify the various data classification models implemented for different environments.
B. Determine the level of access for the data and systems.
C. Verify if confidential data is protected with cryptography.
D. Determine how data is accessed in the organization.