D487 Secure Software Design - Set 4 - Part 1
Test your knowledge of technical writing concepts with these practice questions. Each question includes detailed explanations to help you understand the correct answers.
Question 1: The final security review determined that all security issues identified in testing have been resolved and all SDL requirements have been met. What is the result of the final security review?
Question 2: The security team is reviewing all threat models, identified vulnerabilities, and documented requirements. They are also performing static and dynamic analysis on the software product to determine if it is ready for release. Which activity of the Ship SDL phase is being performed?
Question 3: The security team is reviewing whether new security requirements, based on identified threats or changes to organizational guidelines, can be implemented prior to releasing the new product. Which activity of the Ship SDL phase is being performed?
Question 4: The organization is moving from a waterfall to an agile software development methodology, so the software security group must adapt the security development life cycle as well. They have decided to break out security requirements and deliverables to fit better in the iterative life cycle by defining every-sprint requirements, one-time requirements, bucket requirements, and final security review requirements. Which type of requirement states that all user input values must be validated by type, size, and range?
Question 5: The software security group is conducting a maturity assessment using the Building Security in Maturity Model (BSIMM). They are currently focused on reviewing security testing results from recently completed initiatives. Which BSIMM domain is being assessed?
Question 6: The organization is moving from a waterfall to an agile software development methodology, so the software security group must adapt the security development life cycle as well. They have decided to break out security requirements and deliverables to fit better in the iterative life cycle by defining every-sprint requirements, one-time requirements, bucket requirements, and final security review requirements. Which type of requirement states that the team must perform remote procedure call (RPC) fuzz testing?
Question 7: During the final security review, the team discovered a vulnerability that had been previously overlooked. What is the next step the team should take?
Question 8: Which of the following best describes the purpose of conducting penetration testing during the Ship SDL phase?
Question 9: What is the primary goal of policy compliance analysis in the Ship SDL phase?
Question 10: In the context of software security, what does the term "vulnerability scan" refer to?
Question 11: Which activity in the Ship SDL phase focuses on understanding and documenting potential threats to the software product?
Question 12: What is a primary characteristic of "every-sprint requirements" in an agile development environment?
Question 13: What role does the final privacy review play in the Ship SDL phase?
Question 14: In a maturity assessment using BSIMM, which aspect is typically evaluated under the "Governance" domain?
Question 15: Which type of requirement includes tasks that are necessary to complete only once during the development process?
Question 16: What is the primary purpose of performing static analysis on the software during the Ship SDL phase?
Question 17: Which of the following is NOT typically included in the final security review process?
Question 18: What is a primary benefit of integrating security into an agile development process?
Question 19: Which type of review assesses whether the software adheres to established licensing requirements for open-source components?
Question 20: In the context of software security, what does the term "risk assessment" refer to?
Need Guaranteed Results?
Our exam support service guarantees you'll pass your OA on the first attempt. Pay only after you pass!
Get Exam Support