COMPLETE REAL TEST QUESTIONS AND WELL
ELABORATED ANSWERS (CORRECT VERIFIED ANSWERS)
A NEW UPDATED VERSION |GUARANTEED PASS A+ (FULL
REVISED EXAM)
A software security team member has been tasked with creating a
deliverable that provides details on where and to what degree sensitive
customer information is collected, stored, or created within a new
product offering. What does the team member need to deliver in order
to meet the objective? - Answer-Privacy impact assessment
Five steps of threat modeling are: - Answer-identify security objectives,
survey the application, decompose it, identify threats, and identify
vulnerabilities.
What does STRIDE stand for? - Answer-spoofing, tampering,
repudiation, information disclosure, denial of service, and elevation of
privilege
What does PASTA stand for? - Answer-process of attack simulation and
threat analysis
What is the first phase in the security development life cycle? - Answer-
A1 Security Assessment
,What are the three areas of compliance requirements? - Answer-Legal,
financial, and industry standards
What term refers to how the system should function based on the
environment in which the system will operate? - Answer-operational
requirements
During what phase of SDL do all key stakeholders discuss, identify, and
have common understandings of the security and privacy implications,
considerations, and requirements? - Answer-A1 Security Assessment
What are the three areas of focus in secure software requirements? -
Answer-Gathering the software requirements, data classification, and
managing data protection requirements
How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on agile? - Answer-
iterative development
How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on devops? - Answer-
continuous integration and continuous deployments
How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on cloud? - Answer-API
invocation processes
, How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on digital enterprise? -
Answer-enables and improves business activities
Which phase of penetration testing allows for remediation to be
performed? - Answer-Deploy
Which key deliverable occurs during post-release support? - Answer-
third-party reviews
Which business function of OpenSAMM is associated with governance?
- Answer-Policy and compliance
Which business function of OpenSAMM is associated with
construction? - Answer-Threat assessment
Which business function of OpenSAMM is associated with verification?
- Answer-Code review
Which business function of OpenSAMM is associated with deployment?
- Answer-Vulnerability management
What is the product risk profile? - Answer-A security assessment
deliverable that estimates the actual cost of the product.