12/3/25, 4:51 PM D487: Secure Software Design B Exam comprehensive questions | FREQUENTLY MOST TESTED QUESTIONS AND VERIFIED …
D487: Secure Software Design B Exam
comprehensive questions | FREQUENTLY MOST
TESTED QUESTIONS AND VERIFIED
SOLUTIONS/GET IT 100% ACCURATE!! 2025!!
D487 STUDY GUIDE
Save
Terms in this set (89)
A study of real-world software security initiatives
Building Security In organized so that you can determine where you stand
Maturity Model (BSIMM) with your software security initiative and how to
evolve your efforts over time
offers a roadmap and a well-defined maturity model
for secure software development and deployment,
SAMM
along with useful tools for self-assessment and
planning.
Governance
Core OpenSAMM Construction
activities Verification
Deployment
Source code of an application is reviewed manually
static analysis
or with automatic tools without running the code
Analysis and testing of a program occurs while it is
dynamic analysis
being executed or run
https://quizlet.com/1116510541/d487-secure-software-design-b-exam-comprehensive-questions-frequently-most-tested-questions-and-verified-solutio… 1/10
, 12/3/25, 4:51 PM D487: Secure Software Design B Exam comprehensive questions | FREQUENTLY MOST TESTED QUESTIONS AND VERIFIED …
Injection of randomized data into a software program
Fuzzing in an attempt to find system failures, memory leaks,
error handling issues, and improper input validation
-Open-source web application security scanner-Can
OWASP ZAP be used as a proxy to manipulate traffic running
through it (even https)
Specifies requirements for establishing, implementing,
operating, monitoring, reviewing, maintaining and
ISO/IEC 27001
improving a documented information security
management system
ISO/EIC is a joint committee that develops and
maintains standards in the IT industry. 17799 is an
ISO/IEC 17799 international code of practice for information security
management. This section defines confidentiality,
integrity and availability controls.
A standard that provides guidance to help
organizations embed security within their processes
ISO/IEC 27034 that help secure applications running in the
environment, including application lifecycle
processes
Software security a developer with an interest in security who helps
champion amplify the security message at the team level
a sequential, activity-based process in which each
waterfall methodology phase in the SDLC is performed sequentially from
planning through implementation and maintenance
A software development methodology that delivers
functionality in rapid iterations, measured in weeks,
Agile Development
requiring frequent communication, development,
testing, and delivery.
an agile project management framework that helps
Scrum teams structure and manage their work through a set
of values, principles, and practices
https://quizlet.com/1116510541/d487-secure-software-design-b-exam-comprehensive-questions-frequently-most-tested-questions-and-verified-solutio… 2/10
D487: Secure Software Design B Exam
comprehensive questions | FREQUENTLY MOST
TESTED QUESTIONS AND VERIFIED
SOLUTIONS/GET IT 100% ACCURATE!! 2025!!
D487 STUDY GUIDE
Save
Terms in this set (89)
A study of real-world software security initiatives
Building Security In organized so that you can determine where you stand
Maturity Model (BSIMM) with your software security initiative and how to
evolve your efforts over time
offers a roadmap and a well-defined maturity model
for secure software development and deployment,
SAMM
along with useful tools for self-assessment and
planning.
Governance
Core OpenSAMM Construction
activities Verification
Deployment
Source code of an application is reviewed manually
static analysis
or with automatic tools without running the code
Analysis and testing of a program occurs while it is
dynamic analysis
being executed or run
https://quizlet.com/1116510541/d487-secure-software-design-b-exam-comprehensive-questions-frequently-most-tested-questions-and-verified-solutio… 1/10
, 12/3/25, 4:51 PM D487: Secure Software Design B Exam comprehensive questions | FREQUENTLY MOST TESTED QUESTIONS AND VERIFIED …
Injection of randomized data into a software program
Fuzzing in an attempt to find system failures, memory leaks,
error handling issues, and improper input validation
-Open-source web application security scanner-Can
OWASP ZAP be used as a proxy to manipulate traffic running
through it (even https)
Specifies requirements for establishing, implementing,
operating, monitoring, reviewing, maintaining and
ISO/IEC 27001
improving a documented information security
management system
ISO/EIC is a joint committee that develops and
maintains standards in the IT industry. 17799 is an
ISO/IEC 17799 international code of practice for information security
management. This section defines confidentiality,
integrity and availability controls.
A standard that provides guidance to help
organizations embed security within their processes
ISO/IEC 27034 that help secure applications running in the
environment, including application lifecycle
processes
Software security a developer with an interest in security who helps
champion amplify the security message at the team level
a sequential, activity-based process in which each
waterfall methodology phase in the SDLC is performed sequentially from
planning through implementation and maintenance
A software development methodology that delivers
functionality in rapid iterations, measured in weeks,
Agile Development
requiring frequent communication, development,
testing, and delivery.
an agile project management framework that helps
Scrum teams structure and manage their work through a set
of values, principles, and practices
https://quizlet.com/1116510541/d487-secure-software-design-b-exam-comprehensive-questions-frequently-most-tested-questions-and-verified-solutio… 2/10
