PRE ASSESSMENT QUESTIONS WITH T
CORRECT ANSWERS 2025
WhatHisHaHstudyHofHreal-
worldHsoftwareHsecurityHinitiativesHorganizedHsoHcompaniesHcanHmeasureHtheirHinitiativesHandHun
derstandHhowHtoHevolveHthemHoverHtime?,H-HCORRECTHANSWERH-
BuildingHSecurityHInHMaturityHModelH(BSIMM)
WhatHisHtheHanalysisHofHcomputerHsoftwareHthatHisHperformedHwithoutHexecutingHprograms?H-
HCORRECTHANSWERH-StaticHanalysis
WhichHInternationalHOrganizationHforHStandardizationH(ISO)HstandardHisHtheH𝑏enchmarkHforHinfo
r mationHsecurityHtoday?H-HCORRECTHANSWERH-ISO/IECH27001.
WhatHisHtheHanalysisHofHcomputerHsoftwareHthatHisHperformedH𝑏yHexecutingHprogramsHonHaHrealHo
rHvirtualHprocessorHinHrealHtime?,H-HCORRECTHANSWERH-DynamicHanalysis
WhichHpersonHisHresponsi𝑏leHforHdesigning,Hplanning,HandHimplementingHsecureHcodingHpractices
HandHsecurityHtestingHmethodologies?H-HCORRECTHANSWERH-SoftwareHsecurityHarchitect
AHcompanyHisHpreparingHtoHaddHaHnewHfeatureHtoHitsHflagshipHsoftwareHproduct.HTheHnewHfeatureH
isHsimilarHtoHfeaturesHthatHhaveH𝑏eenHaddedHinHpreviousHyears,HandHtheHrequirementsHareHwell-
documented.HTheHprojectHisHexpectedHtoHlastHthreeHtoHfourHmonths,HatHwhichHtimeHtheHnewHfeatu
reHwillH𝑏eHreleasedHtoHcustomers.HProjectHteamHmem𝑏ersHwillHfocusHsolelyHonHtheHnewHfeatureHun
tilHtheHprojectHends.HWhichHsoftwareHdevelopmentHmethodologyHisH𝑏eingHused?H-
HCORRECTHANSWERH-Waterfall
AHnewHproductHwillHrequireHanHadministrationHsectionHforHaHsmallHnum𝑏erHofHusers.HNormalHusers
HwillH𝑏eHa𝑏leHtoHviewHlimitedHcustomerHinformation HandHshouldHnotHseeHadminHfunctionalityHwithi
, nHtheHapplication.HWhichHconceptHisH𝑏eingHused?H-HCORRECTHANSWERH-
PrincipleHofHleastHprivilege
TheHscrumHteamHisHattendingHtheirHmorningHmeeting,HwhichHisHscheduledHatHtheH𝑏eginningHofHthe
HworkHday.HEachHteamHmem𝑏erHreportsHwhatHtheyHaccomplishedHyesterday, HwhatHtheyHplanHtoHa
c
complishHtoday,HandHifHtheyHhaveHanyHimpedimentsHthatHmayHcauseHthemHtoHmissHtheirHdeliveryH
deadline.HWhichHscrumHceremonyHisHtheHteamHparticipatingHin?H-HCORRECTHANSWERH-
DailyHScrum
WhatHisHaHlistHofHinformationHsecurityHvulnera𝑏ilitiesHthatHaimsHtoHprovideHnamesHforHpu𝑏liclyHkno
wnHpro𝑏lems?H-HCORRECTHANSWERH-CommonHcomputerHvulnera𝑏ilitiesHandHexposuresH(CVE)
WhichHsecureHcodingH𝑏estHpracticeHusesHwell-
tested,Hpu𝑏liclyHavaila𝑏leHalgorithmsHtoHhideHproductHdataHfromHunauthorizedHaccess?H-
HCORRECTHANSWERH-CryptographicHpractices
WhichHsecureHcodingH𝑏estHpracticeHusesHwell-
tested,Hpu𝑏liclyHavaila𝑏leHalgorithmsHtoHhideHproductHdataHfromHunauthorizedHaccess?H-
HCORRECTHANSWERH-CryptographicHpractices
WhichHsecureHcodingH𝑏estHpracticeHensuresHservers,Hframeworks,HandHsystemHcomponentsHareHal
lHrunningHtheHlatestHapprovedHversions?H-HCORRECTHANSWERH-SystemHconfiguration
WhichHsecureHcodingH𝑏estHpracticeHsaysHtoHuseHparameterizedHqueries,HencryptedHconnectionHstr
ingsHstoredHinHseparateHconfigurationHfiles,HandHstrongHpasswordsHorHmulti-
factorHauthentication?H-HCORRECTHANSWERH-Data𝑏aseHsecurity
WhichHsecureHcodingH𝑏estHpracticeHsaysHthatHallHinformationHpassedHtoHotherHsystemsHshouldH𝑏eH
encrypted?H-HCORRECTHANSWERH-CommunicationHsecurity