PRE ASSESSMENT QUESTIONS WITH T
CORRECT ANSWERS 2025
WhatHisHaHstudyHo𝑓Hreal-
worldHso𝑓twareHsecurityHinitiativesHorganizedHsoHcompaniesHcanHmeasureHtheirHinitiativesHandHun
derstandHhowHtoHevolveHthemHoverHtime?,H-HCORRECTHANSWERH-
BuildingHSecurityHInHMaturityHModelH(BSIMM)
WhatHisHtheHanalysisHo𝑓HcomputerHso𝑓twareHthatHisHper𝑓ormedHwithoutHexecutingHprograms?
H-HCORRECTHANSWERH-StaticHanalysis
WhichHInternationalHOrganizationH𝑓orHStandardizationH(ISO)HstandardHisHtheHbenchmarkH𝑓orHin𝑓
or mationHsecurityHtoday?H-HCORRECTHANSWERH-ISO/IECH27001.
WhatHisHtheHanalysisHo𝑓HcomputerHso𝑓twareHthatHisHper𝑓ormedHbyHexecutingHprogramsHonHaHrealH
o rHvirtualHprocessorHinHrealHtime?,H-HCORRECTHANSWERH-DynamicHanalysis
WhichHpersonHisHresponsibleH𝑓orHdesigning,Hplanning,HandHimplementingHsecureHcodingHpractices
HandHsecurityHtestingHmethodologies?H-HCORRECTHANSWERH-So𝑓twareHsecurityHarchitect
AHcompanyHisHpreparingHtoHaddHaHnewH𝑓eatureHtoHitsH𝑓lagshipHso𝑓twareHproduct.HTheHnewH𝑓eatur
eH isHsimilarHtoH𝑓eaturesHthatHhaveHbeenHaddedHinHpreviousHyears,HandHtheHrequirementsHareHwell-
documented.HTheHprojectHisHexpectedHtoHlastHthreeHtoH𝑓ourHmonths,HatHwhichHtimeHtheHnewH𝑓eat
u
reHwillHbeHreleasedHtoHcustomers.HProjectHteamHmembersHwillH𝑓ocusHsolelyHonHtheHnewH𝑓eatureHu
n tilHtheHprojectHends.HWhichHso𝑓twareHdevelopmentHmethodologyHisHbeingHused?H-
HCORRECTHANSWERH-Water𝑓all
AHnewHproductHwillHrequireHanHadministrationHsectionH𝑓orHaHsmallHnumberHo𝑓Husers.HNormalHuser
s
HwillHbeHableHtoHviewHlimitedHcustomerHin𝑓ormation HandHshouldHnotHseeHadminH𝑓unctionalityHwith
i
, nHtheHapplication.HWhichHconceptHisHbeingHused?H-HCORRECTHANSWERH-
PrincipleHo𝑓HleastHprivilege
TheHscrumHteamHisHattendingHtheirHmorningHmeeting,HwhichHisHscheduledHatHtheHbeginningHo𝑓Hth
e
HworkHday.HEachHteamHmemberHreportsHwhatHtheyHaccomplishedHyesterday, HwhatHtheyHplanHtoHa
c
complishHtoday,HandHi𝑓HtheyHhaveHanyHimpedimentsHthatHmayHcauseHthemHtoHmissHtheirHdeliveryH
deadline.HWhichHscrumHceremonyHisHtheHteamHparticipatingHin?H-HCORRECTHANSWERH-
DailyHScrum
WhatHisHaHlistHo𝑓Hin𝑓ormationHsecurityHvulnerabilitiesHthatHaimsHtoHprovideHnamesH𝑓orHpubliclyHk
no wnHproblems?H-HCORRECTHANSWERH-CommonHcomputerHvulnerabilitiesHandHexposuresH(CVE)
WhichHsecureHcodingHbestHpracticeHusesHwell-
tested,HpubliclyHavailableHalgorithmsHtoHhideHproductHdataH𝑓romHunauthorizedHaccess?H-
HCORRECTHANSWERH-CryptographicHpractices
WhichHsecureHcodingHbestHpracticeHusesHwell-
tested,HpubliclyHavailableHalgorithmsHtoHhideHproductHdataH𝑓romHunauthorizedHaccess?H-
HCORRECTHANSWERH-CryptographicHpractices
WhichHsecureHcodingHbestHpracticeHensuresHservers,H𝑓rameworks,HandHsystemHcomponentsHareHa
l lHrunningHtheHlatestHapprovedHversions?H-HCORRECTHANSWERH-SystemHcon𝑓iguration
WhichHsecureHcodingHbestHpracticeHsaysHtoHuseHparameterizedHqueries,HencryptedHconnectionHstr
ingsHstoredHinHseparateHcon𝑓igurationH𝑓iles,HandHstrongHpasswordsHorHmulti-
𝑓actorHauthentication?H-HCORRECTHANSWERH-DatabaseHsecurity
WhichHsecureHcodingHbestHpracticeHsaysHthatHallHin𝑓ormationHpassedHtoHotherHsystemsHshouldHbe
H encrypted?H-HCORRECTHANSWERH-Communication Hsecurity