2. 计算机
  3. The following scenario will be used for questions 26, 27, and 28. Trent is the new manager of his company’s internal software de

The following scenario will be used for questions 26, 27, and 28. Trent is the new manager of his company’s internal software de

admin2013-12-19  59
问题 The following scenario will be used for questions 26, 27, and 28.
Trent is the new manager of his company’s internal software development department. He has been told by his management that the group needs to be compliant with the international standard that provides guidance to organizations in integrating security into the processes used for managing their applications. His new boss told him that he should join and get familiar with the Web Application Security Consortium, and Trent just received an e-mail stating that one of the company’s currently deployed applications has a zero day vulnerability.
Which of the following best describes the consortium Trent’s boss wants him to join?
选项 A、Nonprofit organization that produces open-source software and follows widely agreed upon best-practice security standards for the World Wide Web.
B、U.S. DHS group that provides best practices, tools, guidelines, rules, principles, and other resources for software developers, architects, and security practitioners to use.
C、Group of experts who create proprietary software tools used to help improve the security of software worldwide.
D、Group of experts and organizations who certify products based on an agreed-upon security criteria.
答案A
解析 A正确。Web应用安全联盟(Web Application Security Consortium,WASC)是一个非盈利组织,它是由一群国际专家、行业从业者和组织的代表(他们为万维网制定了开源且被广泛同意的最佳实践安全标准)组成的。
B不正确。因为美国的国土安全部(Department of Homeland Security,DHS)提供了最佳实践、工具、指南、规则、原理和其他资源,可供软件开发人员、架构师和安全从业者在其开发的每个阶段将安全嵌入软件中。这个DHS首创了被称为开发必需的组成部分(BSI)的概念,它是不同行业的许多实体参与并提供有用材料的共同努力。
C不正确。因为这是一个干扰项。不存在某个官方组织为所列的目的提供合适的工具。
D不正确。因为Web应用安全联盟并不认证产品。相反,它为如何将安全性整合到软件提供指导方针和开源的最佳实践。
转载请注明原文地址:https://kaotiyun.com/show/qNhZ777K
0

CISSP认证

相关试题推荐
随机试题
最新回复(0)