Click here- Nclex - Stuvia US
D487 Questions and Correct Detailed
Answers (Verified Answers)
What is the study of real-world software security initiatives
organized so companies can measure their initiatives and
understand how to evolve them over time?
-Building Security in Maturity Model (BSIMM)
-Security features and design
-OWASP Software Assurance Maturity Model (SAMM)
-ISO 27001
✓✓ -Building Security in Maturity Model (BSIMM)
What is the analysis of computer software that is performed
without executing programs?
-static analysis
-fuzzing
pg. 1
, Click here- Nclex - Stuvia US
-dynamic analysis
-owasp zap
✓✓ -static analysis
what iso standard is the benchmark for information security
today?
-iso 27001
-iso 7799
-iso 27034
-iso 8601
✓✓ -iso 27001
what is the analysis of computer software that is performed by
executing programs on a real or virtual processor in real time?
-dynamic analysis
pg. 2
, Click here- Nclex - Stuvia US
-static analysis
-fuzzing
-security testing
✓✓ -dynamic analysis
which person is responsible for designing, planning, and
implementing secure coding practices and security testing
methodologies?
-software security architect
-product security developer
-software security champion
-software tester
✓✓ -software security architect
pg. 3
, Click here- Nclex - Stuvia US
what is a list of information security vulnerabilities that aims to
provide names for publicly known problems?
-common computer vulnerabilities and exposures (CVE)
- SANS institute top cyber security risks
-bugtraq
- Carnegie melon computer emergency readiness team (CERT)
✓✓ -common computer vulnerabilities and exposures (CVE)
which secure coding best practice uses well-tested, publicly
available algorithms to hide product data from unauthorized
access?
-access control
-authentication and password management
-cryptographic practices
-data protection
pg. 4
D487 Questions and Correct Detailed
Answers (Verified Answers)
What is the study of real-world software security initiatives
organized so companies can measure their initiatives and
understand how to evolve them over time?
-Building Security in Maturity Model (BSIMM)
-Security features and design
-OWASP Software Assurance Maturity Model (SAMM)
-ISO 27001
✓✓ -Building Security in Maturity Model (BSIMM)
What is the analysis of computer software that is performed
without executing programs?
-static analysis
-fuzzing
pg. 1
, Click here- Nclex - Stuvia US
-dynamic analysis
-owasp zap
✓✓ -static analysis
what iso standard is the benchmark for information security
today?
-iso 27001
-iso 7799
-iso 27034
-iso 8601
✓✓ -iso 27001
what is the analysis of computer software that is performed by
executing programs on a real or virtual processor in real time?
-dynamic analysis
pg. 2
, Click here- Nclex - Stuvia US
-static analysis
-fuzzing
-security testing
✓✓ -dynamic analysis
which person is responsible for designing, planning, and
implementing secure coding practices and security testing
methodologies?
-software security architect
-product security developer
-software security champion
-software tester
✓✓ -software security architect
pg. 3
, Click here- Nclex - Stuvia US
what is a list of information security vulnerabilities that aims to
provide names for publicly known problems?
-common computer vulnerabilities and exposures (CVE)
- SANS institute top cyber security risks
-bugtraq
- Carnegie melon computer emergency readiness team (CERT)
✓✓ -common computer vulnerabilities and exposures (CVE)
which secure coding best practice uses well-tested, publicly
available algorithms to hide product data from unauthorized
access?
-access control
-authentication and password management
-cryptographic practices
-data protection
pg. 4
