Is Are techniques and practices for vulnerability analysis such as code review, static analysis, penetration testing, white/black box testing, etc. utilized? part of security assessment questionnaire you required to answer?