D487 Secure SW Design Questions with Detailed
Verified Answers 100% Correct Answers Already
Graded A+
Quiz: Which practice in the Ship (A5) phase of the security development cycle
verifies whether the product meets security mandates? Ans: A5 policy
compliance analysis
Quiz: Which post-release support activity defines the process to
communicate, identify, and alleviate security threats? Ans: PRSA1: External
vulnerability disclosure response
Quiz: What are two core practice areas of the OWASP Security Assurance
Maturity Model (OpenSAMM)? Ans: Governance, Construction
Quiz: Which practice in the Ship (A5) phase of the security development
cycle uses tools to identify weaknesses in the product? Ans: Vulnerability scan
Quiz: Which post-release support activity should be completed when
companies are joining together? Ans: Security architectural reviews
Quiz: Which of the Ship (A5) deliverables of the security development cycle
are performed during the A5 policy compliance analysis? Ans: Analyze
activities and standards
© 2025 Get it right Stuvia US All rights reserved
,Quiz: Which of the Ship (A5) deliverables of the security development cycle
are performed during the code-assisted penetration testing? Ans: white-box
security test
Quiz: Which of the Ship (A5) deliverables of the security development cycle
are performed during the open-source licensing review? Ans: license
compliance
Quiz: Which of the Ship (A5) deliverables of the security development cycle
are performed during the final security review? Ans: Release and ship
Quiz: How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on agile? Ans: iterative
development
Quiz: How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on devops? Ans: continuous
integration and continuous deployments
Quiz: How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on cloud? Ans: API invocation
processes
Quiz: How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on digital enterprise? Ans:
enables and improves business activities
© 2025 Get it right Stuvia US All rights reserved
, Quiz: Which phase of penetration testing allows for remediation to be
performed? Ans: Deploy
Quiz: Which key deliverable occurs during post-release support? Ans: third-
party reviews
Quiz: Which business function of OpenSAMM is associated with
governance? Ans: Policy and compliance
Quiz: Which business function of OpenSAMM is associated with
construction? Ans: Threat assessment
Quiz: Which business function of OpenSAMM is associated with verification?
Ans: Code review
Quiz: Which business function of OpenSAMM is associated with
deployment? Ans: Vulnerability management
Quiz: What is the product risk profile? Ans: A security assessment
deliverable that estimates the actual cost of the product.
Quiz: A software security team member has been tasked with creating a
deliverable that provides details on where and to what degree sensitive
customer information is collected, stored, or created within a new product
© 2025 Get it right Stuvia US All rights reserved
Verified Answers 100% Correct Answers Already
Graded A+
Quiz: Which practice in the Ship (A5) phase of the security development cycle
verifies whether the product meets security mandates? Ans: A5 policy
compliance analysis
Quiz: Which post-release support activity defines the process to
communicate, identify, and alleviate security threats? Ans: PRSA1: External
vulnerability disclosure response
Quiz: What are two core practice areas of the OWASP Security Assurance
Maturity Model (OpenSAMM)? Ans: Governance, Construction
Quiz: Which practice in the Ship (A5) phase of the security development
cycle uses tools to identify weaknesses in the product? Ans: Vulnerability scan
Quiz: Which post-release support activity should be completed when
companies are joining together? Ans: Security architectural reviews
Quiz: Which of the Ship (A5) deliverables of the security development cycle
are performed during the A5 policy compliance analysis? Ans: Analyze
activities and standards
© 2025 Get it right Stuvia US All rights reserved
,Quiz: Which of the Ship (A5) deliverables of the security development cycle
are performed during the code-assisted penetration testing? Ans: white-box
security test
Quiz: Which of the Ship (A5) deliverables of the security development cycle
are performed during the open-source licensing review? Ans: license
compliance
Quiz: Which of the Ship (A5) deliverables of the security development cycle
are performed during the final security review? Ans: Release and ship
Quiz: How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on agile? Ans: iterative
development
Quiz: How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on devops? Ans: continuous
integration and continuous deployments
Quiz: How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on cloud? Ans: API invocation
processes
Quiz: How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on digital enterprise? Ans:
enables and improves business activities
© 2025 Get it right Stuvia US All rights reserved
, Quiz: Which phase of penetration testing allows for remediation to be
performed? Ans: Deploy
Quiz: Which key deliverable occurs during post-release support? Ans: third-
party reviews
Quiz: Which business function of OpenSAMM is associated with
governance? Ans: Policy and compliance
Quiz: Which business function of OpenSAMM is associated with
construction? Ans: Threat assessment
Quiz: Which business function of OpenSAMM is associated with verification?
Ans: Code review
Quiz: Which business function of OpenSAMM is associated with
deployment? Ans: Vulnerability management
Quiz: What is the product risk profile? Ans: A security assessment
deliverable that estimates the actual cost of the product.
Quiz: A software security team member has been tasked with creating a
deliverable that provides details on where and to what degree sensitive
customer information is collected, stored, or created within a new product
© 2025 Get it right Stuvia US All rights reserved
