D487 SECURE SOFTWARE DESIGN EXAM
SCRIPT 2026 COMPLETE QUESTIONS AND
ANSWERS FULL SOLUTION
◉ SAMM. Answer: offers a roadmap and a well-defined maturity
model for secure software development and deployment, along with
useful tools for self-assessment and planning.
◉ Core OpenSAMM activities. Answer: Governance
Construction
Verification
Deployment
◉ static analysis. Answer: Source code of an application is reviewed
manually or with automatic tools without running the code
◉ dynamic analysis. Answer: Analysis and testing of a program
occurs while it is being executed or run
◉ Fuzzing. Answer: Injection of randomized data into a software
program in an attempt to find system failures, memory leaks, error
handling issues, and improper input validation
, ◉ OWASP ZAP. Answer: -Open-source web application security
scanner-Can be used as a proxy to manipulate traffic running
through it (even https)
◉ ISO/IEC 27001. Answer: Specifies requirements for establishing,
implementing, operating, monitoring, reviewing, maintaining and
improving a documented information security management system
◉ ISO/IEC 17799. Answer: ISO/EIC is a joint committee that
develops and maintains standards in the IT industry. 17799 is an
international code of practice for information security management.
This section defines confidentiality, integrity and availability
controls.
◉ ISO/IEC 27034. Answer: A standard that provides guidance to
help organizations embed security within their processes that help
secure applications running in the environment, including
application lifecycle processes
◉ Software security champion. Answer: a developer with an interest
in security who helps amplify the security message at the team level
SCRIPT 2026 COMPLETE QUESTIONS AND
ANSWERS FULL SOLUTION
◉ SAMM. Answer: offers a roadmap and a well-defined maturity
model for secure software development and deployment, along with
useful tools for self-assessment and planning.
◉ Core OpenSAMM activities. Answer: Governance
Construction
Verification
Deployment
◉ static analysis. Answer: Source code of an application is reviewed
manually or with automatic tools without running the code
◉ dynamic analysis. Answer: Analysis and testing of a program
occurs while it is being executed or run
◉ Fuzzing. Answer: Injection of randomized data into a software
program in an attempt to find system failures, memory leaks, error
handling issues, and improper input validation
, ◉ OWASP ZAP. Answer: -Open-source web application security
scanner-Can be used as a proxy to manipulate traffic running
through it (even https)
◉ ISO/IEC 27001. Answer: Specifies requirements for establishing,
implementing, operating, monitoring, reviewing, maintaining and
improving a documented information security management system
◉ ISO/IEC 17799. Answer: ISO/EIC is a joint committee that
develops and maintains standards in the IT industry. 17799 is an
international code of practice for information security management.
This section defines confidentiality, integrity and availability
controls.
◉ ISO/IEC 27034. Answer: A standard that provides guidance to
help organizations embed security within their processes that help
secure applications running in the environment, including
application lifecycle processes
◉ Software security champion. Answer: a developer with an interest
in security who helps amplify the security message at the team level
