1.Considering application performance management, what would precede analytics?

a) User-defined transaction profiling

b) End user experience monitoring

c) Runtime application architecture discovery

d) Component deep dive monitoring in application context

2. According to the Dimensions of an Application Portfolio Management Matrix, what are typical characteristics of high value applications?

a) Meets present service delivery needs, business process improvement initiatives, and information access

b) Meets anticipated needs for old services

c) Protective of individual privacy and data confidentiality

d) All of the above

3. What is described as an enterprise-wide IT governance approach geared toward providing an optimal application performance benchmark for organizations while incorporating business and IT segments?

a) AM

b) ALM

c) APFM

d) COTS

4.The security of the enterprise that exists outside the environment can be described as

a) Nothing outside the environment will contaminate or corrupt the environment in a manner that will prevent it from functioning as it is intended to function

b) The system owner needs to ensure that nothing inside a specific environment escapes or is shared with resources or systems that operate in other environments without explicit knowledge and approval

c) No malware or other function or feature is introduced into the system during development that may later be used maliciously in the operational environment

d) All of the above

5.What is best holistic way an organization can assess the security of a system?

a) Utilize the asset, NIST SP 800-53A

b) Do penetration testing

c) Train personnel

d) Invest in QA

6.What concept refers to security testing in which advertised security mechanisms are tested under operational conditions to determine if that mechanism works according to requirements?

a) Penetration Testing

b) Functional Testing

c) User Testing

d) System Testing

7.How can an organization ensure secure systems development?

a) Secure concept of standards

b) Securing utilities

c) Security training for development team

d) All of the above

8. According to SP 800-64, how should security be integrated into the systems development lifecycle?

a) Early identification and mitigation of security vulnerabilities and misconfigurations, resulting in lower cost of security control implementation and vulnerability mitigation

b) Awareness of potential engineering challenges caused by mandatory security controls

c) Identification of shared security services and reuse of security strategies and tools to reduce development cost and schedule while improving security posture through proven methods and techniques

d) All of the above