D487 Secure SW Design Exam Study Questions and Answers with Complete Solutions 2024

Which practice in the Ship (A5) phase of the security development cycle verifies whether the product meets security mandates? - A5 policy compliance analysis Which post-release support activity defines the process to communicate, identify, and alleviate security threats? - PRSA1: External vulnerability disclosure response What are two core practice areas of the OWASP Security Assurance Maturity Model (OpenSAMM)? - Governance, Construction Which practice in the Ship (A5) phase of the security development cycle uses tools to identify weaknesses in the product? - Vulnerability scan Which post-release support activity should be completed when companies are joining together? - Security architectural reviews Which of the Ship (A5) deliverables of the security development cycle are performed during the A5 policy compliance analysis? - Analyze activities and standards Which of the Ship (A5) deliverables of the security development cycle are performed during the code-assisted penetration testing? - white-box security test Which of the Ship (A5) deliverables of the security development cycle are performed during the open-source licensing review? - license compliance Which of the Ship (A5) deliverables of the security development cycle are performed during the final security review? - Release and ship How can you establish your own SDL to build security into a process appropriate for your organization's needs based on agile? - iterative development How can you establish your own SDL to build security into a process appropriate for your organization's needs based on devops? - continuous integration and continuous deployments How can you establish your own SDL to build security into a process appropriate for your organization's needs based on cloud? - API invocation processes How can you establish your own SDL to build security into a process appropriate for your organization's needs based on digital enterprise? - enables and improves business activities Which phase of penetration testing allows for remediation to be performed? - Deploy Which key deliverable occurs during post-release support? - third-party reviews Which business function of OpenSAMM is associated with governance? - Policy and compliance Which business function of OpenSAMM is associated with construction? - Threat assessment Which business function of OpenSAMM is associated with verification? - Code review Which business function of OpenSAMM is associated with deployment? - Vulnerability management What is the product risk profile? - A security assessment deliverable that estimates the actual cost of the product. A software security team member has been tasked with creating a deliverable that provides details on where and to what degree sensitive customer information is collected, stored, or created within a new product offering. What does the team member need to deliver in order to meet the objective? - Privacy impact assessment What is the first phase in the security development life cycle? - A1 Security Assessment