and Answers (2026/2027) | Latest Exam
Practice Questions | Fully Verified Answers | A+
• What ensures that the user has the appropriate role and privilege to view data? -
✓✓Authorization
• Which security goal is defined by "guarding against improper information modification
or destruction and ensuring information non-repudiation and authenticity"? -✓✓Integrity
• Which phase in an SDLC helps to define the problem and scope of any existing
systems and determine the objectives of new systems? -✓✓Planning
• What happens during a dynamic code review? -✓✓Programmers monitor system
memory, functional behavior, response times, and overall performance.
• How should you store your application user credentials in your application database?
-✓✓Store credentials using salted hashes
• Which software methodology resembles an assembly-line approach? -✓✓Waterfall
model
• Which software methodology approach provides faster time to market and higher
business value? -✓✓Agile model
• In Scrum methodology, who is responsible for making decisions on the requirements?
-✓✓Product Owner
• What is the product risk profile? -✓✓A security assessment deliverable that estimates
the actual cost of the product
• A software security team member has been tasked with creating a deliverable that
provides details on where and to what degree sensitive customer information is
collected, stored, or created within a new product offering.
What does the team member need to deliver in order to meet the objective? -
✓✓Privacy impact assessment
• A software security team member has been tasked with creating a threat model for the
login process of a new product.What is the first step the team member should take? -
✓✓Identify security objectives
, • What are three parts of the STRIDE methodology? -✓✓Spoofing, Elevation,
Tampering
• What is the reason software security teams host discovery meetings with stakeholders
early in the development life cycle? -✓✓To ensure that security is built into the product
from the start
• Why should a security team provide documented certification requirements during the
software assessment phase? -✓✓Depending on the environment in which the product
resides, certifications may be required by corporate or government entities before the
software can be released to customers.
• What are two items that should be included in the privacy impact assessment plan
regardless of which methodology is used? -✓✓Required process steps & Technologies
and techniques
• What are the goals of each SDL deliverable? - Product Risk Profile -✓✓Estimate the
actual cost of the product
• What are the goals of each SDL deliverable? -SDL project outline -✓✓Map security
activities to the development schedule
• What are the goals of each SDL deliverable? - Threat profile -✓✓Guide security
activities to protect the product from vulnerabilities
• What are the goals of each SDL deliverable? -List of third-party software -✓✓Identify
the dependence on unmanaged software
• What is a threat action that is designed to illegally access and use another person's
credentials? -✓✓Spoofing
• What are two steps of the threat modeling process? -✓✓Survey The application &
Decompose the application
• What do the "A" and the first "D" in the DREAD acronym represent? -✓✓Damage &
Affected Users
• Which shape indicates each type of flow diagram element? - External elements -
✓✓Rectangle
• Which shape indicates each type of flow diagram element? - Data Store -✓✓Two
Parallel horizontal lines