HP
Code: HP2-N28
Exam Name: Selling HP Fortify
Security Assurance Solutions
|
Question: 1
|
In the Software Security Assurance Maturity Spectrum,
which statement is true for the "Fortify (Prevention)" phase?
A. The security team is responsible for application
security, and the development team supports their effort.
B. The development team is responsible for application
security with little or no support from the security team.
C. The security team is responsible for application
security with little or no support from the development team.
D. The development team shares responsibility for application
security, and the security team supports their effort.
|
Answer: A
|
|
Question: 2
|
Match the common business drivers for HP Fortify with the
customer situation to which they best apply.
|
Answer:
|
|
Question: 3
|
In which stage of the development lifecycle does the
implementation of an HP Fortify solution provide the highest ROI?
A. Development
B. Performance
C. Testing
D. Production
|
Answer: C
|
|
Question: 4
|
What are elements of a reactive approach to application
security?
A. Security testing is performed before deployment, and
security gates are agreed upon (jointly implemented) by the security and
development teams.
B. Security testing is embedded into the SDLC, the
security and the development teams work together as a single team.
C. Security testing is performed in production by
customers or ad-hoc testers, and the development team is tasked with code
fixes.
D. Security testing is performed in production, and the
operations team is responsible for security monitoring and code fixes.
|
Answer: C
|
|
Question: 5
|
What are typical business drivers for HP Fortify
solutions? (Select two.)
A. Suffered security breach
B. Compliance program
C. Reported performance issues
D. SLA improvement initiative
E. Cost reduction
|
Answer: B, E
|
No comments:
Post a Comment