QUESTIONS AND ANSWERS | 100% RATED CORRECT | 100% VERFIED
SOLUTIONS | ALREADY GRADED A+
1. Privacy Compliance Report: The _________ report should provide progress
against privacy requirements provided in earlier phases. Any outstanding
requirement should be implemented as soon as possible. It is also prudent to
assess any changes in laws/regulations to identify (and put on a roadmap) any
new requirements. A4 D&D
2. Security Testing Reports: A findings summary should be prepared for each
type of security testing: manual code review, static analysis, dynamic analysis,
penetration testing, and fuzzing. The reports should provide the type and
number of issues identified and any consistent theme that can be derived from
the findings. A4
D&D
3. Remediation Report: A ____ report/dashboard should be prepared and
updated regularly from this stage. The purpose of this report is to showcase the
security posture and risk of the product at a technical level. A4 D&D
,4. Security Assessment
What are the key activities in the Security Assessment phase of SDL?: SDL
Phase 1 (A1) = SDLC 1 Concept
Software security team is looped in early
Security team hosts a discovery meeting
Software security team discusses project plan
States what further work will be done
Privacy Impact Assessment (PIA) plan is created
5. Architecture
What are the key activities in the Architecture phase of SDL?: SDL Phase 2
(A2) = SDLC 2 Planning
A2 Policy compliance analysis
SDL policy assessment and scoping
Threat modeling & architecture security analysis
Open-source selection
Privacy information gathering and analysis
6. Design & Development
,What are the key activities in the Design & Development phase of SDL?: SDL
Phase 3 (A3) = SDLC 3 Design & Development
A3 Policy compliance analysis
Security test plan composition
Static analysis updating
Threat modeling analysis & review
Privacy implementation assessment
7. Design & Development Cont.
What are the key activities in the Design & Development Cont. phase of
SDL?: SDL Phase 4 (A4) = SDLC 4 Readiness
A4 Policy compliance analysis
Security test case execution
Static analysis
Fuzz testing
Privacy code review
Privacy validation and remediation
8. Ship
, What are the key activities in the Ship phase of SDL?: SDL Phase 5 (A5) =
SDLC 5 Release & Launch
A5 Policy compliance analysis
Vulnerability scan
Penetration testing
Open-source licensing review
Final privacy review
9. What is the purpose of the Product risk profile deliverable in Security
Assessment (A1)?: To estimate the actual cost of the product.
10. What is the goal of the SDL project outline in Security Assessment
(A1)?: To map SDL activities to the development schedule.
11. Why are Applicable laws and regulations important in Security
Assessment (A1)?: To obtain formal sign-off from stakeholders on applicable
laws.
12. What is the purpose of the Threat profile in Security Assessment (A1)?:
To guide SDL activities to mitigate threats.