A security analyst has determined that the user interface on an embedded device is vulnerable to common
SQL injections. The device is unable to be replaced, and the software cannot be upgraded. Which of the
following should the security analyst recommend to add additional security to this device?

A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should this occur? (Select two.)

A recent audit included a vulnerability scan that found critical patches released 60 days prior were not
applied to servers in the environment. The infrastructure team was able to isolate the issue and determined
it was due to a service being disabled on the server running the automated patch management application.
Which of the following would be the MOST efficient way to avoid similar audit findings in the future?

On which of the following organizational resources is the lack of an enabled password or PIN a common vulnerability?

During a recent audit, there were a lot of findings similar to and including the following:

Which of the following would be the BEST way to remediate these findings and minimize similar findings in the future?