WGU D487 Study Guide - Questions With Proven
Solutions
Building Security In Maturity Model (BSIMM) Correct Ans - A
study of real-world software security initiatives organized so that
you can determine where you stand with your software security
initiative and how to evolve your efforts over time
SAMM Correct Ans - offers a roadmap and a well-defined
maturity model for secure software development and deployment,
along with useful tools for self-assessment and planning.
Core OpenSAMM activities Correct Ans - Governance
Construction
Verification
Deployment
static analysis Correct Ans - Source code of an application is
reviewed manually or with automatic tools without running the
code
dynamic analysis Correct Ans - Analysis and testing of a
program occurs while it is being executed or run
Fuzzing Correct Ans - Injection of randomized data into a
software program in an attempt to find system failures, memory
leaks, error handling issues, and improper input validation
OWASP ZAP Correct Ans - -Open-source web application
security scanner
-Can be used as a proxy to manipulate traffic running through it
(even https)
, ISO/IEC 27001 Correct Ans - Specifies requirements for
establishing, implementing, operating, monitoring, reviewing,
maintaining and improving a documented information security
management system
ISO/IEC 17799 Correct Ans - ISO/EIC is a joint committee that
develops and maintains standards in the IT industry. is an
international code of practice for information security management.
This section defines confidentiality, integrity and availability
controls.
ISO/IEC 27034 Correct Ans - A standard that provides
guidance to help organizations embed security within their
processes that help secure applications running in the environment,
including application lifecycle processes
Software security champion Correct Ans - a developer with an
interest in security who helps amplify the security message at the
team level
waterfall methodology Correct Ans - a sequential, activity-
based process in which each phase in the SDLC is performed
sequentially from planning through implementation and
maintenance
Agile Development Correct Ans - A software development
methodology that delivers functionality in rapid iterations,
measured in weeks, requiring frequent communication,
development, testing, and delivery.
Scrum Correct Ans - an agile project management framework
that helps teams structure and manage their work through a set of
values, principles, and practices
Solutions
Building Security In Maturity Model (BSIMM) Correct Ans - A
study of real-world software security initiatives organized so that
you can determine where you stand with your software security
initiative and how to evolve your efforts over time
SAMM Correct Ans - offers a roadmap and a well-defined
maturity model for secure software development and deployment,
along with useful tools for self-assessment and planning.
Core OpenSAMM activities Correct Ans - Governance
Construction
Verification
Deployment
static analysis Correct Ans - Source code of an application is
reviewed manually or with automatic tools without running the
code
dynamic analysis Correct Ans - Analysis and testing of a
program occurs while it is being executed or run
Fuzzing Correct Ans - Injection of randomized data into a
software program in an attempt to find system failures, memory
leaks, error handling issues, and improper input validation
OWASP ZAP Correct Ans - -Open-source web application
security scanner
-Can be used as a proxy to manipulate traffic running through it
(even https)
, ISO/IEC 27001 Correct Ans - Specifies requirements for
establishing, implementing, operating, monitoring, reviewing,
maintaining and improving a documented information security
management system
ISO/IEC 17799 Correct Ans - ISO/EIC is a joint committee that
develops and maintains standards in the IT industry. is an
international code of practice for information security management.
This section defines confidentiality, integrity and availability
controls.
ISO/IEC 27034 Correct Ans - A standard that provides
guidance to help organizations embed security within their
processes that help secure applications running in the environment,
including application lifecycle processes
Software security champion Correct Ans - a developer with an
interest in security who helps amplify the security message at the
team level
waterfall methodology Correct Ans - a sequential, activity-
based process in which each phase in the SDLC is performed
sequentially from planning through implementation and
maintenance
Agile Development Correct Ans - A software development
methodology that delivers functionality in rapid iterations,
measured in weeks, requiring frequent communication,
development, testing, and delivery.
Scrum Correct Ans - an agile project management framework
that helps teams structure and manage their work through a set of
values, principles, and practices
