PRE ASSESSMENT QUESTIONS WITH T
CORRECT ANSWERS 2025
WhatHisHaHstudyHofHreal-
worldHsoftwareHsecurityHinitiativesHorganizedHsoHcompaniesHcanHmeasureHtheirHinitiativesHandHun
derstandHhowHtoHevolveHthemHoverHtime?,H-HCORRECTHANSWERH-
BuildingHSecurityHInHMaturityHModelH(BSIMM)
WhatHisHtheHanalysisHofHcomputerHsoftwareHthatHisHperformedHwithoutHexecutingHprograms?H-
HCORRECTHANSWERH-StaticHanalysis
WhichHInternationalHOrganizationHforHStandardizationH(ISO)HstandardHisHtheHbenchmarkHforHinfo
r mationHsecurityHtoday?H-HCORRECTHANSWERH-ISO/IECH27001.
WhatHisHtheHanalysisHofHcomputerHsoftwareHthatHisHperformedHbyHexecutingHprogramsHonHaHrealHo
rHvirtualHprocessorHinHrealHtime?,H-HCORRECTHANSWERH-DynamicHanalysis
WhichHpersonHisHresponsibleHforHdesigning,Hplanning,HandHimplementingHsecureHcodingHpractices
HandHsecurityHtestingHmethodologies?H-HCORRECTHANSWERH-SoftwareHsecurityHarchitect
AHcompanyHisHpreparingHtoHaddHaHnewHfeatureHtoHitsHflagshipHsoftwareHproduct.HTheHnewHfeatureH
isHsimilarHtoHfeaturesHthatHhaveHbeenHaddedHinHpreviousHyears,HandHtheHrequirementsHareHwell-
documented.HTheHprojectHisHexpectedHtoHlastHthreeHtoHfourHmonths,HatHwhichHtimeHtheHnewHfeatu
reHwillHbeHreleasedHtoHcustomers.HProjectHteamHmembersHwillHfocusHsolelyHonHtheHnewHfeatureHun
tilHtheHprojectHends.HWhichHsoftwareHdevelopmentHmethodologyHisHbeingHused?H-
HCORRECTHANSWERH-Waterfall
AHnewHproductHwillHrequireHanHadministrationHsectionHforHaHsmallHnumberHofHusers.HNormalHusers
HwillHbeHableHtoHviewHlimitedHcustomerHinformationHandHshouldHnotHseeHadminHfunctionalityHwithi
, nHtheHapplication.HWhichHconceptHisHbeingHused?H-HCORRECTHANSWERH-
PrincipleHofHleastHprivilege
TheHscrumHteamHisHattendingHtheirHmorningHmeeting,HwhichHisHscheduledHatHtheHbeginningHofHthe
HworkHday.HEachHteamHmemberHreportsHwhatHtheyHaccomplishedHyesterday,HwhatHtheyHplanHtoHa
c
complishHtoday,HandHifHtheyHhaveHanyHimpedimentsHthatHmayHcauseHthemHtoHmissHtheirHdeliveryH
deadline.HWhichHscrumHceremonyHisHtheHteamHparticipatingHin?H-HCORRECTHANSWERH-
DailyHScrum
WhatHisHaHlistHofHinformationHsecurityHvulnerabilitiesHthatHaimsHtoHprovideHnamesHforHpubliclyHkno
wnHproblems?H-HCORRECTHANSWERH-CommonHcomputerHvulnerabilitiesHandHexposuresH(CVE)
WhichHsecureHcodingHbestHpracticeHusesHwell-
tested,HpubliclyHavailableHalgorithmsHtoHhideHproductHdataHfromHunauthorizedHaccess?H-
HCORRECTHANSWERH-CryptographicHpractices
WhichHsecureHcodingHbestHpracticeHusesHwell-
tested,HpubliclyHavailableHalgorithmsHtoHhideHproductHdataHfromHunauthorizedHaccess?H-
HCORRECTHANSWERH-CryptographicHpractices
WhichHsecureHcodingHbestHpracticeHensuresHservers,Hframeworks,HandHsystemHcomponentsHareHa
l lHrunningHtheHlatestHapprovedHversions?H-HCORRECTHANSWERH-SystemHconfiguration
WhichHsecureHcodingHbestHpracticeHsaysHtoHuseHparameterizedHqueries,HencryptedHconnectionHstr
ingsHstoredHinHseparateHconfigurationHfiles,HandHstrongHpasswordsHorHmulti-
factorHauthentication?H-HCORRECTHANSWERH-DatabaseHsecurity
WhichHsecureHcodingHbestHpracticeHsaysHthatHallHinformationHpassedHtoHotherHsystemsHshouldHbeH
encrypted?H-HCORRECTHANSWERH-CommunicationHsecurity