2. 计算机
  3. The following scenario applies to questions 26 and 27. Charlie is a new security manager at a textile company that develops its

The following scenario applies to questions 26 and 27. Charlie is a new security manager at a textile company that develops its

admin2013-12-19  44
问题 The following scenario applies to questions 26 and 27.
Charlie is a new security manager at a textile company that develops its own proprietary software for internal business processes. Charlie has been told that the new application his team needs to develop must comply with the ISO/IEC 42010 standard. He has found out that many of the critical applications have been developed in the C programming language and has asked for these applications to be reviewed for a specific class of security vulnerabilities.
Which of the following best describes the standard Charlie’s team needs to comply with?
选项 A、International standard on system design to allow for better quality, interoperability, extensibility, portability, and security
B、International standard on system security to allow for better threat modeling
C、International standard on system architecture to allow for better quality, interoperability, extensibility, portability, and security
D、International standard on system architecture to allow for better quality, extensibility, portability, and security
答案C
解析 C正确。ISO/IEC 420lO的目标是将系统体系结构的使用进行国际标准化,而不是让产品开发人员提供他们各自的方法。系统体系结构的规范性方法有助于带来更好的质量、互操作性、扩展性、可移植性和安全性。
A不正确。因为这个答案故意说的是“设计”而不是“体系结构”。有些人错误地认为它们是相同的东西,但是体系结构在设计之前就已经出现。与设计相比,体系结构工作在一个更高、更战略化水平。软件开发逐渐变成一个更有纪律的行业,它正朝着正式的体系结构需求发展。
B不正确。因为问题中描述的标准并不是处理线程模型。ISO/IEC 42010解决了系统体系结构需求和指南。
D不正确。与C相比,D不算是最佳答案。这个标准还解决了互操作问题,而这个选项没有列出来。
转载请注明原文地址:https://kaotiyun.com/show/UyhZ777K
0

CISSP认证

相关试题推荐
随机试题
最新回复(0)