2025 D487 Secure SW Design MOST RECENT
COMPREHENSIVE QUESTIONS AND ANSWERS
|COMPLETE SOLUTIONS |A+ GRADED |100% CORRECT!!
Which practice in the Ship (A5) phase of the security development cycle verifies
whether the product meets security mandates? - ANSWER✔✔-A5 policy compliance
analysis
Which post-release support activity defines the process to communicate, identify, and
alleviate security threats? - ANSWER✔✔-PRSA1: External vulnerability disclosure
response
What are two core practice areas of the OWASP Security Assurance Maturity Model
(OpenSAMM)? - ANSWER✔✔-Governance, Construction
Which practice in the Ship (A5) phase of the security development cycle uses tools to
identify weaknesses in the product? - ANSWER✔✔-Vulnerability scan
Which post-release support activity should be completed when companies are joining
together? - ANSWER✔✔-Security architectural reviews
OLIVIA GREENWAYS© 2025, ALL RIGHTS RESRVED 1
,Which of the Ship (A5) deliverables of the security development cycle are performed
during the A5 policy compliance analysis? - ANSWER✔✔-Analyze activities and
standards
Which of the Ship (A5) deliverables of the security development cycle are performed
during the code-assisted penetration testing? - ANSWER✔✔-white-box security test
Which of the Ship (A5) deliverables of the security development cycle are performed
during the open-source licensing review? - ANSWER✔✔-license compliance
Which of the Ship (A5) deliverables of the security development cycle are performed
during the final security review? - ANSWER✔✔-Release and ship
How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on agile? - ANSWER✔✔-iterative development
How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on devops? - ANSWER✔✔-continuous integration and
continuous deployments
How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on cloud? - ANSWER✔✔-API invocation processes
How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on digital enterprise? - ANSWER✔✔-enables and
improves business activities
OLIVIA GREENWAYS© 2025, ALL RIGHTS RESRVED 2
, Which phase of penetration testing allows for remediation to be performed? -
ANSWER✔✔-Deploy
Which key deliverable occurs during post-release support? - ANSWER✔✔-third-party
reviews
Which business function of OpenSAMM is associated with governance? - ANSWER✔✔-
Policy and compliance
Which business function of OpenSAMM is associated with construction? -
ANSWER✔✔-Threat assessment
Which business function of OpenSAMM is associated with verification? - ANSWER✔✔-
Code review
Which business function of OpenSAMM is associated with deployment? -
ANSWER✔✔-Vulnerability management
What is the product risk profile? - ANSWER✔✔-A security assessment deliverable that
estimates the actual cost of the product.
A software security team member has been tasked with creating a deliverable that
provides details on where and to what degree sensitive customer information is
collected, stored, or created within a new product offering. What does the team member
need to deliver in order to meet the objective? - ANSWER✔✔-Privacy impact
assessment
OLIVIA GREENWAYS© 2025, ALL RIGHTS RESRVED 3
COMPREHENSIVE QUESTIONS AND ANSWERS
|COMPLETE SOLUTIONS |A+ GRADED |100% CORRECT!!
Which practice in the Ship (A5) phase of the security development cycle verifies
whether the product meets security mandates? - ANSWER✔✔-A5 policy compliance
analysis
Which post-release support activity defines the process to communicate, identify, and
alleviate security threats? - ANSWER✔✔-PRSA1: External vulnerability disclosure
response
What are two core practice areas of the OWASP Security Assurance Maturity Model
(OpenSAMM)? - ANSWER✔✔-Governance, Construction
Which practice in the Ship (A5) phase of the security development cycle uses tools to
identify weaknesses in the product? - ANSWER✔✔-Vulnerability scan
Which post-release support activity should be completed when companies are joining
together? - ANSWER✔✔-Security architectural reviews
OLIVIA GREENWAYS© 2025, ALL RIGHTS RESRVED 1
,Which of the Ship (A5) deliverables of the security development cycle are performed
during the A5 policy compliance analysis? - ANSWER✔✔-Analyze activities and
standards
Which of the Ship (A5) deliverables of the security development cycle are performed
during the code-assisted penetration testing? - ANSWER✔✔-white-box security test
Which of the Ship (A5) deliverables of the security development cycle are performed
during the open-source licensing review? - ANSWER✔✔-license compliance
Which of the Ship (A5) deliverables of the security development cycle are performed
during the final security review? - ANSWER✔✔-Release and ship
How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on agile? - ANSWER✔✔-iterative development
How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on devops? - ANSWER✔✔-continuous integration and
continuous deployments
How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on cloud? - ANSWER✔✔-API invocation processes
How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on digital enterprise? - ANSWER✔✔-enables and
improves business activities
OLIVIA GREENWAYS© 2025, ALL RIGHTS RESRVED 2
, Which phase of penetration testing allows for remediation to be performed? -
ANSWER✔✔-Deploy
Which key deliverable occurs during post-release support? - ANSWER✔✔-third-party
reviews
Which business function of OpenSAMM is associated with governance? - ANSWER✔✔-
Policy and compliance
Which business function of OpenSAMM is associated with construction? -
ANSWER✔✔-Threat assessment
Which business function of OpenSAMM is associated with verification? - ANSWER✔✔-
Code review
Which business function of OpenSAMM is associated with deployment? -
ANSWER✔✔-Vulnerability management
What is the product risk profile? - ANSWER✔✔-A security assessment deliverable that
estimates the actual cost of the product.
A software security team member has been tasked with creating a deliverable that
provides details on where and to what degree sensitive customer information is
collected, stored, or created within a new product offering. What does the team member
need to deliver in order to meet the objective? - ANSWER✔✔-Privacy impact
assessment
OLIVIA GREENWAYS© 2025, ALL RIGHTS RESRVED 3
