1
For Expert help and assignment solutions, +254707240657
D487 Secure SW Design Questions and
Answers (100% Correct Answers) Already
Graded A+
Which practice in the Ship (A5) phase of the security
development cycle verifies whether the product meets security
mandates? [ Ans: ] A5 policy compliance analysis
Which post-release support activity defines the process to
© 2025 Assignment Expert
communicate, identify, and alleviate security threats? [ Ans: ]
PRSA1: External vulnerability disclosure response
What are two core practice areas of the OWASP Security
Guru01 - Stuvia
Assurance Maturity Model (OpenSAMM)? [ Ans: ] Governance,
Construction
Which practice in the Ship (A5) phase of the security
development cycle uses tools to identify weaknesses in the
product? [ Ans: ] Vulnerability scan
Which post-release support activity should be completed when
companies are joining together? [ Ans: ] Security architectural
reviews
Which of the Ship (A5) deliverables of the security development
cycle are performed during the A5 policy compliance analysis? [
Ans: ] Analyze activities and standards
Which of the Ship (A5) deliverables of the security development
cycle are performed during the code-assisted penetration
testing? [ Ans: ] white-box security test
Which of the Ship (A5) deliverables of the security development
cycle are performed during the open-source licensing review? [
Ans: ] license compliance
, 2
For Expert help and assignment solutions, +254707240657
Which of the Ship (A5) deliverables of the security development
cycle are performed during the final security review? [ Ans: ]
Release and ship
How can you establish your own SDL to build security into a
process appropriate for your organization's needs based on agile?
[ Ans: ] iterative development
How can you establish your own SDL to build security into a
process appropriate for your organization's needs based on
devops? [ Ans: ] continuous integration and continuous
deployments
How can you establish your own SDL to build security into a
© 2025 Assignment Expert
process appropriate for your organization's needs based on
cloud? [ Ans: ] API invocation processes
How can you establish your own SDL to build security into a
process appropriate for your organization's needs based on digital
Guru01 - Stuvia
enterprise? [ Ans: ] enables and improves business activities
Which phase of penetration testing allows for remediation to be
performed? [ Ans: ] Deploy
Which key deliverable occurs during post-release support? [ Ans:
] third-party reviews
Which business function of OpenSAMM is associated with
governance? [ Ans: ] Policy and compliance
Which business function of OpenSAMM is associated with
construction? [ Ans: ] Threat assessment
Which business function of OpenSAMM is associated with
verification? [ Ans: ] Code review
Which business function of OpenSAMM is associated with
deployment? [ Ans: ] Vulnerability management
What is the product risk profile? [ Ans: ] A security assessment
deliverable that estimates the actual cost of the product.
A software security team member has been tasked with creating
a deliverable that provides details on where and to what degree
For Expert help and assignment solutions, +254707240657
D487 Secure SW Design Questions and
Answers (100% Correct Answers) Already
Graded A+
Which practice in the Ship (A5) phase of the security
development cycle verifies whether the product meets security
mandates? [ Ans: ] A5 policy compliance analysis
Which post-release support activity defines the process to
© 2025 Assignment Expert
communicate, identify, and alleviate security threats? [ Ans: ]
PRSA1: External vulnerability disclosure response
What are two core practice areas of the OWASP Security
Guru01 - Stuvia
Assurance Maturity Model (OpenSAMM)? [ Ans: ] Governance,
Construction
Which practice in the Ship (A5) phase of the security
development cycle uses tools to identify weaknesses in the
product? [ Ans: ] Vulnerability scan
Which post-release support activity should be completed when
companies are joining together? [ Ans: ] Security architectural
reviews
Which of the Ship (A5) deliverables of the security development
cycle are performed during the A5 policy compliance analysis? [
Ans: ] Analyze activities and standards
Which of the Ship (A5) deliverables of the security development
cycle are performed during the code-assisted penetration
testing? [ Ans: ] white-box security test
Which of the Ship (A5) deliverables of the security development
cycle are performed during the open-source licensing review? [
Ans: ] license compliance
, 2
For Expert help and assignment solutions, +254707240657
Which of the Ship (A5) deliverables of the security development
cycle are performed during the final security review? [ Ans: ]
Release and ship
How can you establish your own SDL to build security into a
process appropriate for your organization's needs based on agile?
[ Ans: ] iterative development
How can you establish your own SDL to build security into a
process appropriate for your organization's needs based on
devops? [ Ans: ] continuous integration and continuous
deployments
How can you establish your own SDL to build security into a
© 2025 Assignment Expert
process appropriate for your organization's needs based on
cloud? [ Ans: ] API invocation processes
How can you establish your own SDL to build security into a
process appropriate for your organization's needs based on digital
Guru01 - Stuvia
enterprise? [ Ans: ] enables and improves business activities
Which phase of penetration testing allows for remediation to be
performed? [ Ans: ] Deploy
Which key deliverable occurs during post-release support? [ Ans:
] third-party reviews
Which business function of OpenSAMM is associated with
governance? [ Ans: ] Policy and compliance
Which business function of OpenSAMM is associated with
construction? [ Ans: ] Threat assessment
Which business function of OpenSAMM is associated with
verification? [ Ans: ] Code review
Which business function of OpenSAMM is associated with
deployment? [ Ans: ] Vulnerability management
What is the product risk profile? [ Ans: ] A security assessment
deliverable that estimates the actual cost of the product.
A software security team member has been tasked with creating
a deliverable that provides details on where and to what degree
