CT-SEC 시험 - ISTQB실제시험문제와 답 - 269문항

Question No : 1

What is the primary goal of security testing throughout the software lifecycle?

A.To increase software development time
B.To find bugs in the software
C.To ensure that security is considered at every stage of development
D.To eliminate the need for security measures

정답:

Question No : 2

Which of the following is a key strategy to mitigate security risks during the software development lifecycle?

A.Conducting security testing only after the software is fully developed
B.Implementing security measures early in the development process
C.Ignoring security risks altogether
D.Deploying security patches after the software is released

정답:

Question No : 3

What strategy is commonly used in security testing to simulate real-world attacks on a software system?

A.White-box testing
B.Black-box testing
C.Gray-box testing
D.Penetration testing

정답:

Question No : 4

Which of the following is a common goal of security testing?

A.Enhancing user experience
B.Improving software speed
C.Ensuring data confidentiality
D.Reducing software maintenance costs

정답:

Question No : 5

What is the primary purpose of security testing in software development?

A.To ensure the software is user-friendly
B.To detect vulnerabilities and weaknesses in the software
C.To optimize code performance
D.To eliminate the need for updates and patches

정답:

Question No : 6

What is the purpose of security testing?

A.To ensure that software is bug-free
B.To prevent unauthorized access to data and resources
C.To increase the speed of software development
D.To improve user interface design

정답:

Question No : 7

Which of the following is NOT a category of security testing?

A.Input validation testing
B.Vulnerability scanning
C.Security scanning
D.Load testing

정답:

Question No : 8

What is the difference between authentication and authorization in security testing?

A.They are the same
B.Authentication verifies the identity while authorization determines access rights
C.Authorization verifies the identity while authentication determines access rights
D.They are not related to security testing

정답:

Question No : 9

Which of the following is NOT a common security testing method?

A.Penetration testing
B.Black-box testing
C.Stress testing
D.White-box testing

정답:

Question No : 10

What is the main goal of security testing?

A.Ensuring software functionality
B.Identifying vulnerabilities and weaknesses
C.Optimizing performance
D.Enhancing user experience

정답:

Question No : 11

Which industry standard focuses on the security of payment card data to reduce credit card fraud?

A.PCI DSS
B.GDPR
C.FISMA
D.SOX

정답:

Question No : 12

Which organization is responsible for developing the Common Vulnerabilities and Exposures (CVE) system to identify and catalog vulnerabilities in software and hardware?

A.OWASP
B.NIST
C.CERT
D.MITRE

정답:

Question No : 13

Which of the following is an emerging technology trend that poses new security challenges for organizations?

A.Artificial Intelligence (AI)
B.Internet of Things (IoT)
C.Blockchain technology
D.Virtual Reality (VR)

정답:

Question No : 14

Which industry trend focuses on shifting security to the left in the software development lifecycle to identify and address security issues earlier?

A.Agile development
B.Waterfall methodology
C.DevOps
D.Security by design

정답:

Question No : 15

Which of the following is a widely recognized standard for information security management systems?

A.ISO/IEC 27001
B.ISTQB
C.IEEE 802.11
D.HIPAA

정답:

ISTQB CT-SEC 시험