PRE ASSESSMENT QUESTIONS WITH T
CORRECT ANSWERS 2025
WhatHisHaHstu𝑑yHofHreal-
worl𝑑HsoftwareHsecurityHinitiativesHorganize𝑑HsoHcompaniesHcanHmeasureHtheirHinitiativesHan𝑑Hun
𝑑erstan𝑑HhowHtoHevolveHthemHoverHtime?,H-HCORRECTHANSWERH-
Buil𝑑ingHSecurityHInHMaturityHMo𝑑elH(BSIMM)
WhatHisHtheHanalysisHofHcomputerHsoftwareHthatHisHperforme𝑑HwithoutHexecutingHprograms?H-
HCORRECTHANSWERH-StaticHanalysis
WhichHInternationalHOrganizationHforHStan𝑑ar𝑑izationH(ISO)Hstan𝑑ar𝑑HisHtheHbenchmarkHforHinfo
r mationHsecurityHto𝑑ay?H-HCORRECTHANSWERH-ISO/IECH27001.
WhatHisHtheHanalysisHofHcomputerHsoftwareHthatHisHperforme𝑑HbyHexecutingHprogramsHonHaHrealHo
rHvirtualHprocessorHinHrealHtime?,H-HCORRECTHANSWERH-DynamicHanalysis
WhichHpersonHisHresponsibleHforH𝑑esigning,Hplanning,Han𝑑HimplementingHsecureHco𝑑ingHpractices
Han𝑑HsecurityHtestingHmetho𝑑ologies?H-HCORRECTHANSWERH-SoftwareHsecurityHarchitect
AHcompanyHisHpreparingHtoHa𝑑𝑑HaHnewHfeatureHtoHitsHflagshipHsoftwareHpro𝑑uct.HTheHnewHfeatureH
isHsimilarHtoHfeaturesHthatHhaveHbeenHa𝑑𝑑e𝑑HinHpreviousHyears,Han𝑑HtheHrequirementsHareHwell-
𝑑ocumente𝑑.HTheHprojectHisHexpecte𝑑HtoHlastHthreeHtoHfourHmonths,HatHwhichHtimeHtheHnewHfeatu
reHwillHbeHrelease𝑑HtoHcustomers.HProjectHteamHmembersHwillHfocusHsolelyHonHtheHnewHfeatureHun
tilHtheHprojectHen𝑑s.HWhichHsoftwareH𝑑evelopmentHmetho𝑑ologyHisHbeingHuse𝑑?H-
HCORRECTHANSWERH-Waterfall
AHnewHpro𝑑uctHwillHrequireHanHa𝑑ministrationHsectionHforHaHsmallHnumberHofHusers.HNormalHusers
HwillHbeHableHtoHviewHlimite𝑑HcustomerHinformation Han𝑑Hshoul𝑑HnotHseeHa𝑑minHfunctionalityHwithi
, nHtheHapplication.HWhichHconceptHisHbeingHuse𝑑?H-HCORRECTHANSWERH-
PrincipleHofHleastHprivilege
TheHscrumHteamHisHatten𝑑ingHtheirHmorningHmeeting,HwhichHisHsche𝑑ule𝑑HatHtheHbeginningHofHthe
HworkH𝑑ay.HEachHteamHmemberHreportsHwhatHtheyHaccomplishe𝑑Hyester𝑑ay,HwhatHtheyHplanHtoHa
c
complishHto𝑑ay,Han𝑑HifHtheyHhaveHanyHimpe𝑑imentsHthatHmayHcauseHthemHtoHmissHtheirH𝑑eliveryH
𝑑ea𝑑line.HWhichHscrumHceremonyHisHtheHteamHparticipatingHin?H-HCORRECTHANSWERH-
DailyHScrum
WhatHisHaHlistHofHinformationHsecurityHvulnerabilitiesHthatHaimsHtoHprovi𝑑eHnamesHforHpubliclyHkno
wnHproblems?H-HCORRECTHANSWERH-CommonHcomputerHvulnerabilitiesHan𝑑HexposuresH(CVE)
WhichHsecureHco𝑑ingHbestHpracticeHusesHwell-
teste𝑑,HpubliclyHavailableHalgorithmsHtoHhi𝑑eHpro𝑑uctH𝑑ataHfromHunauthorize𝑑Haccess?H-
HCORRECTHANSWERH-CryptographicHpractices
WhichHsecureHco𝑑ingHbestHpracticeHusesHwell-
teste𝑑,HpubliclyHavailableHalgorithmsHtoHhi𝑑eHpro𝑑uctH𝑑ataHfromHunauthorize𝑑Haccess?H-
HCORRECTHANSWERH-CryptographicHpractices
WhichHsecureHco𝑑ingHbestHpracticeHensuresHservers,Hframeworks,Han𝑑HsystemHcomponentsHareHal
lHrunningHtheHlatestHapprove𝑑Hversions?H-HCORRECTHANSWERH-SystemHconfiguration
WhichHsecureHco𝑑ingHbestHpracticeHsaysHtoHuseHparameterize𝑑Hqueries,Hencrypte𝑑HconnectionHstr
ingsHstore𝑑HinHseparateHconfigurationHfiles,Han𝑑HstrongHpasswor𝑑sHorHmulti-
factorHauthentication?H-HCORRECTHANSWERH-DatabaseHsecurity
WhichHsecureHco𝑑ingHbestHpracticeHsaysHthatHallHinformationHpasse𝑑HtoHotherHsystemsHshoul𝑑HbeH
encrypte𝑑?H-HCORRECTHANSWERH-CommunicationHsecurity