$1.$ Organizations that do not prioritize security during software development are almost

assured to have a$($n$)$:

a$.$ secure application.

b$.$ insecure application.

c$.$ secure network.

d$.$ insecure network

$2.$ Which of the following statements is true regarding managing web application

security?

a$.$ In some respects, it is more difficult than other traditional network areas.

b$.$ It is easier than other traditional network areas.

c$.$ It is easier to achieve if the focus is put on security after software development.

d$.$ It is not necessary to manage web application security.

$3.$ The $\_\_\_\_\_\_\_\_\_\_$ maintains a list of the top $10$ web application vulnerabilities.

a$.$ Federal Bureau of Investigation $($FBI$)$

b$.$ International Security Team $($IST$)$

c$.$ Web Application Vulnerabilities Project $($WAVP$)$

d$.$ Open Web Application Security Project $($OWASP$)$

$3.$Understanding the most common vulnerabilities can enable administrators to select

appropriate $\_\_\_\_\_\_\_\_\_\_$ to prevent or counteract attacks.

a$.$ firewalls

b$.$ anti$-$virus programs

c$.$ best practices

d$.$ personnel

$5.$ Which of the following can include establishing and following strong network security

procedures, deploying encryption strategies, configuring preventative mitigation tools,

and educating employees?

a$.$ Best practices

b$.$ Planning

c$.$ Development

d$.$ Assessment