Section: Software Development Security
Explanation/Reference:

The exact requirements for the admissibility of evidence vary across legal systems and between different cases (e.g., criminal versus tort). At a more generic level, evidence should have some probative value, be relevant to the case at hand, and meet the following criteria (often called the five rules of evidence):
Be authentic Be accurate Be complete Be convincing Be admissible
Digital or electronic evidence, although more fragile or volatile, must meet these criteria as well.
What constitutes digital/electronic evidence is dependent on the investigation; do not rule out any possibilities until they can be positively discounted. With evidence, it is better to have and not need than vice versa.
Given the variance that is possible, the axiom to follow here is check with the respective judiciary, attorneys, or officer of the court for specific admissibility requirements. The dynamic nature of digital electronic evidence bears further comment.
Unlike more traditional types of evidence (e.g., fingerprints, hair, fibers, bullet holes), digital/electronic evidence can be very fragile and can be erased, partially destroyed, or contaminated very easily, and, in some circumstances, without the investigator knowing this has occurred.
This type of evidence may also have a short life span and must be collected very quickly (e.g., cache memory, primary/ random access memory, swap space) and by order of volatility (i.e., most volatile first).
Sufficient care must also be taken not to disturb the timeline or chronology of events. Although
time stamps are best considered relative and easily forged, the investigator needs to ensure that
any actions that could alter the chronology (e.g., examining a live file system or accessing a drive
that has not been write protected) are recorded or, if possible, completely avoided.
Two concepts that are at the heart of dealing effectively with digital/electronic evidence, or any
evidence for that matter, are the chain of custody and authenticity/ integrity. The chain of custody
refers to the "who, what, when, where, and how" the evidence was handled-from its identification
through its entire life cycle, which ends with destruction or permanent archiving.
All of the other choices presented were incorrect.
The following reference(s) were/was used to create this question:
Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press) (Kindle Locations 11791-
11811). Taylor & Francis. Kindle Edition.

The five defined maturity levels of the CMM are:
Initial, repeatable, defined, managed and optimizing.
Reference used for this question:
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and
Systems Development (page 254).

The correct answer is "Key clustering"
Answer "Public key cryptography" describes a type of cryptographic
system using a public and a private key; answer Cryptanalysis is the art/science of breaking ciphers; answer Hashing is the conversion of a message of variable length into a fixed-length message digest.