D487 SECURE SOFTWARE DESIGN
COMPREHENSIVE TEST 2026 COMPLETE
SOLUTIONS 100% CORRECT
◉ SAMM. Answer: offers a roadmap and a well-defined maturity
model for secure software development and deployment, along with
useful tools for self-assessment and planning.
◉ Core OpenSAMM activities. Answer: Governance
Construction
Verification
Deployment
◉ static analysis. Answer: Source code of an application is reviewed
manually or with automatic tools without running the code
◉ dynamic analysis. Answer: Analysis and testing of a program
occurs while it is being executed or run
◉ Fuzzing. Answer: Injection of randomized data into a software
program in an attempt to find system failures, memory leaks, error
handling issues, and improper input validation
,◉ OWASP ZAP. Answer: -Open-source web application security
scanner-Can be used as a proxy to manipulate traffic running
through it (even https)
◉ ISO/IEC 27001. Answer: Specifies requirements for establishing,
implementing, operating, monitoring, reviewing, maintaining and
improving a documented information security management system
◉ ISO/IEC 17799. Answer: ISO/EIC is a joint committee that
develops and maintains standards in the IT industry. 17799 is an
international code of practice for information security management.
This section defines confidentiality, integrity and availability
controls.
◉ ISO/IEC 27034. Answer: A standard that provides guidance to
help organizations embed security within their processes that help
secure applications running in the environment, including
application lifecycle processes
◉ What ensures that the user has the appropriate role and privilege
to view data? Answer: Authorization
◉ Which security goal is defined by "guarding against improper
information modification or destruction and ensuring information
non-repudiation and authenticity"? Answer: Integrity
, ◉ Which phase in an SDLC helps to define the problem and scope of
any existing systems and determine the objectives of new systems?
Answer: Planning
◉ What happens during a dynamic code review? Answer:
Programmers monitor system memory, functional behavior,
response times, and overall performance.
◉ How should you store your application user credentials in your
application database? Answer: Store credentials using salted hashes
◉ Which software methodology resembles an assembly-line
approach? Answer: Waterfall model
◉ Which software methodology approach provides faster time to
market and higher business value? Answer: Agile model
◉ In Scrum methodology, who is responsible for making decisions
on the requirements? Answer: Product Owner
◉ What is the product risk profile? Answer: A security assessment
deliverable that estimates the actual cost of the product
COMPREHENSIVE TEST 2026 COMPLETE
SOLUTIONS 100% CORRECT
◉ SAMM. Answer: offers a roadmap and a well-defined maturity
model for secure software development and deployment, along with
useful tools for self-assessment and planning.
◉ Core OpenSAMM activities. Answer: Governance
Construction
Verification
Deployment
◉ static analysis. Answer: Source code of an application is reviewed
manually or with automatic tools without running the code
◉ dynamic analysis. Answer: Analysis and testing of a program
occurs while it is being executed or run
◉ Fuzzing. Answer: Injection of randomized data into a software
program in an attempt to find system failures, memory leaks, error
handling issues, and improper input validation
,◉ OWASP ZAP. Answer: -Open-source web application security
scanner-Can be used as a proxy to manipulate traffic running
through it (even https)
◉ ISO/IEC 27001. Answer: Specifies requirements for establishing,
implementing, operating, monitoring, reviewing, maintaining and
improving a documented information security management system
◉ ISO/IEC 17799. Answer: ISO/EIC is a joint committee that
develops and maintains standards in the IT industry. 17799 is an
international code of practice for information security management.
This section defines confidentiality, integrity and availability
controls.
◉ ISO/IEC 27034. Answer: A standard that provides guidance to
help organizations embed security within their processes that help
secure applications running in the environment, including
application lifecycle processes
◉ What ensures that the user has the appropriate role and privilege
to view data? Answer: Authorization
◉ Which security goal is defined by "guarding against improper
information modification or destruction and ensuring information
non-repudiation and authenticity"? Answer: Integrity
, ◉ Which phase in an SDLC helps to define the problem and scope of
any existing systems and determine the objectives of new systems?
Answer: Planning
◉ What happens during a dynamic code review? Answer:
Programmers monitor system memory, functional behavior,
response times, and overall performance.
◉ How should you store your application user credentials in your
application database? Answer: Store credentials using salted hashes
◉ Which software methodology resembles an assembly-line
approach? Answer: Waterfall model
◉ Which software methodology approach provides faster time to
market and higher business value? Answer: Agile model
◉ In Scrum methodology, who is responsible for making decisions
on the requirements? Answer: Product Owner
◉ What is the product risk profile? Answer: A security assessment
deliverable that estimates the actual cost of the product
