- Does Microsoft SDL stand for Security Development Lifecycle?
- According to SDL, what activities should be done during the design stages?
- Establishing design requirements
- Performing attack surface analysis reduction
- User threat modeling
- All of the above
- In OWASP SAMM, what security practice is not part of security governance
- Security and metrics
- Education and guidance
- Secure architecture
- Policy and compliance
- In OWASP SAMM, which security practice is not part of security operations?
- Issue Management
- Security requirements
- Environment hardening
- Operational enablement
- What is not one of the characteristics of the security office under CTO?
- Large security team size—over 100 members
- No dedicated CSO
- The security team ...