2027 ACTUAL EXAM COMPLETE ACCURATE EXAM
QUESTIONS WITH DETAILED VERIFIED ANSWERS
(100% CORRECT ANSWERS) /ALREADY GRADED A+
What are the two deliverables of the Architecture phase of the SDL?
Choose 2 answers.
Threat modeling artifacts
Policy compliance analysis
Information disclosure
Attack modeling
Application decomposition
Threat modeling artifacts
Policy compliance analysis
"Threat modeling artifacts" is correct. Threat modeling artifacts include
data flow diagrams, technical threat modeling reports, high-level
executive threat modeling reports, and recommendations for threat
analysis.
"Policy compliance analysis" is correct. Policy compliance analysis is a
report on compliance with security and non-security policies of the
organization.
,What SDL security assessment deliverable is used as an input to an SDL
architecture process?
SDL project outline
Certification requirements
Product risk profile
Threat profile
Threat profile
Threat profiles created in the Security Assessment phase are used to
build the environment in which the product will operate and will include
potential threats in order to determine how to avoid them in the final
application.
When a software application handles personally identifiable information
(PII) data, what will be the Privacy Impact Rating?
P0: No privacy risk
P2: Moderate privacy risk
P3: Low privacy risk
P1: High privacy risk
P1: High privacy risk
High privacy risk occurs when the product or service stores include
ongoing transfers of anonymous data.
,Which key success factor identifies threats to the software?
Design security analysis
Effective threat modeling
Policy compliance review
Comprehensive security test plan
Effective threat modeling
Effective threat modeling allows the developer the ability to identify
threats such as spoofing, tampering, repudiation, information disclosure,
denial of service, and elevation of privilege as part of the threat model.
, What is the goal of design security review deliverables?
To plan to mitigate, accept, or tolerate risk
To make modifications to the design of software components based on
security assessments
To analyze adherence to company policies
To create data flow diagrams, elements, and threat listings
To make modifications to the design of software components based on
security assessments
This goal lists changes to the software components and design based
on a review from security architects and the assessments team.
Which application scanner component is useful in identifying
vulnerabilities such as cookie misconfigurations and insecure
configuration of HTTP response headers?
Spider
Virus scanner
Active scanner
Passive scanner
Passive scanner
Passive scanning is used to analyze vulnerability requests and to
respond silently as they pass through the web application security tool.