1 | Page
D487 PKEO Questions and Correct Answers/
Latest Update / Already Graded
Building Security In Maturity Model (BSIMM)
Ans: a study of real-world software security initiatives organized so companies
can measure their initiatives and understand how to evolve them over time
System configuration
Ans: secure coding best practice ensures servers, frameworks, and system
components are all running the latest approved versions
Database security
Ans: secure coding best practice says to use parameterized queries, encrypted
connection strings stored in separate configuration files, and strong passwords or
multi-factor authentication
Waterfall
Ans: a sequential, step-by-step process for requirements
V-model
Ans: a variation of the waterfall model, where the stage is turned back upwards
after the coding phase
Scrum
Ans: flexible, holistic product development strategy where a development team
works as a unit to reach a common goal
extreme programming (XP)
Ans: a software development methodology that is intended to improve software
quality and responsiveness
, 2 | Page
Agile methodology
Ans: mixes traditional and new software development practices - has four core
values and 12 principles that can be followed. provides faster time to market and
higher business value
ScrumMaster
Ans: this role in Scrum is responsible for making sure the team is living by the
values and practices of Scrum, similar to the role of a coach.
Scrum Team
Ans: (scrum) works together to complete the given tasks of the project.
project manager (scrum)
Ans: (scrum) in charge of the project development, budget, and ensuring the
timeline is moving accordingly.
Product Owner (scrum)
Ans: (Scrum) decides the order of items in the backlog
analyzing the target (threat model step)
Ans: The software security team is currently working to identify approaches for
input validation, authentication, authorization, and configuration management of a
new software product so they can deliver a security profile. Which threat modeling
step is being described?
Software developer (Scrum)
Ans: The person being introduced is a member of the scrum team, responsible for
writing feature logic and attending sprint ceremonies.
Access to log files is restricted
D487 PKEO Questions and Correct Answers/
Latest Update / Already Graded
Building Security In Maturity Model (BSIMM)
Ans: a study of real-world software security initiatives organized so companies
can measure their initiatives and understand how to evolve them over time
System configuration
Ans: secure coding best practice ensures servers, frameworks, and system
components are all running the latest approved versions
Database security
Ans: secure coding best practice says to use parameterized queries, encrypted
connection strings stored in separate configuration files, and strong passwords or
multi-factor authentication
Waterfall
Ans: a sequential, step-by-step process for requirements
V-model
Ans: a variation of the waterfall model, where the stage is turned back upwards
after the coding phase
Scrum
Ans: flexible, holistic product development strategy where a development team
works as a unit to reach a common goal
extreme programming (XP)
Ans: a software development methodology that is intended to improve software
quality and responsiveness
, 2 | Page
Agile methodology
Ans: mixes traditional and new software development practices - has four core
values and 12 principles that can be followed. provides faster time to market and
higher business value
ScrumMaster
Ans: this role in Scrum is responsible for making sure the team is living by the
values and practices of Scrum, similar to the role of a coach.
Scrum Team
Ans: (scrum) works together to complete the given tasks of the project.
project manager (scrum)
Ans: (scrum) in charge of the project development, budget, and ensuring the
timeline is moving accordingly.
Product Owner (scrum)
Ans: (Scrum) decides the order of items in the backlog
analyzing the target (threat model step)
Ans: The software security team is currently working to identify approaches for
input validation, authentication, authorization, and configuration management of a
new software product so they can deliver a security profile. Which threat modeling
step is being described?
Software developer (Scrum)
Ans: The person being introduced is a member of the scrum team, responsible for
writing feature logic and attending sprint ceremonies.
Access to log files is restricted
