WGU D487 SECURE SW DESIGN OA EXAM 2024 /2025
NEWEST !! ACTUAL COMPLETE ACCURATE EXAM
QUESTIONS WITH CORRECT DETAILED VERIFIED
ANSWERS /ALREADY GRADED A+.
What is a weakness that can be exploited? - ANSWER -
vulnerability
What is a unified conceptual framework for security auditing? -
ANSWER -Trike Threat Model
What is the path an attacker can take to exploit a vulnerability? -
ANSWER -threat vector
What is reusable software developed externally from the
organization's platforms? - ANSWER -third party
codes
What is maliciously changing or modifying persistent data? -
ANSWER -Tampering
Who is an expert to promote awareness of products to the wider
software community? - ANSWER -Software
Security
Evangelist
(SSE)
,Which post-release support activity (PRSA) details the process
for investigating, mitigating, and communicating findings when
security vulnerabilities are discovered in a software product? –
ANSWER- External vulnerability disclosure response
Which post-release support key success factor says that any
change or component reuse should trigger security
development life cycle activities? - ANSWER -SDL cycle for any
architectural changes or code reuses
What are the four categories in BSIMM? - ANSWER -
governance, intelligence, software security
development life cycle
touchpoints, and deployment.
In which OpenSAMM core practice area would one find
environment hardening? - ANSWER -Deployment
Which step will you find in the SANS Institute Cyber Defense
seven-step recipe for conducting threat
modeling and application risk analysis? - ANSWER -
Brainstorm threats from adversaries
Which practice in the Ship (A5) phase of the security
development cycle verifies whether the product meets
, security mandates? - ANSWER -A5
policy compliance analysis
Which post-release support activity defines the process to
communicate, identify, and alleviate security
threats? - ANSWER -PRSA1: External
vulnerability disclosure response
Within OpenSAMM, what focuses on the processes and
activities related to organizational software
development activities within OpenSAMM practice
areas? - ANSWER -Governance
Within OpenSAMM, what focuses on the processes and
activities related to creating software within
development projects within OpenSAMM practice
areas? - ANSWER -Construction
Which practice in the Ship (A5) phase of the security development
cycle uses tools to identify weaknesses in
the product? - ANSWER -
Vulnerability scan
Which post-release support activity should be completed when
companies are joining together? - ANSWER
NEWEST !! ACTUAL COMPLETE ACCURATE EXAM
QUESTIONS WITH CORRECT DETAILED VERIFIED
ANSWERS /ALREADY GRADED A+.
What is a weakness that can be exploited? - ANSWER -
vulnerability
What is a unified conceptual framework for security auditing? -
ANSWER -Trike Threat Model
What is the path an attacker can take to exploit a vulnerability? -
ANSWER -threat vector
What is reusable software developed externally from the
organization's platforms? - ANSWER -third party
codes
What is maliciously changing or modifying persistent data? -
ANSWER -Tampering
Who is an expert to promote awareness of products to the wider
software community? - ANSWER -Software
Security
Evangelist
(SSE)
,Which post-release support activity (PRSA) details the process
for investigating, mitigating, and communicating findings when
security vulnerabilities are discovered in a software product? –
ANSWER- External vulnerability disclosure response
Which post-release support key success factor says that any
change or component reuse should trigger security
development life cycle activities? - ANSWER -SDL cycle for any
architectural changes or code reuses
What are the four categories in BSIMM? - ANSWER -
governance, intelligence, software security
development life cycle
touchpoints, and deployment.
In which OpenSAMM core practice area would one find
environment hardening? - ANSWER -Deployment
Which step will you find in the SANS Institute Cyber Defense
seven-step recipe for conducting threat
modeling and application risk analysis? - ANSWER -
Brainstorm threats from adversaries
Which practice in the Ship (A5) phase of the security
development cycle verifies whether the product meets
, security mandates? - ANSWER -A5
policy compliance analysis
Which post-release support activity defines the process to
communicate, identify, and alleviate security
threats? - ANSWER -PRSA1: External
vulnerability disclosure response
Within OpenSAMM, what focuses on the processes and
activities related to organizational software
development activities within OpenSAMM practice
areas? - ANSWER -Governance
Within OpenSAMM, what focuses on the processes and
activities related to creating software within
development projects within OpenSAMM practice
areas? - ANSWER -Construction
Which practice in the Ship (A5) phase of the security development
cycle uses tools to identify weaknesses in
the product? - ANSWER -
Vulnerability scan
Which post-release support activity should be completed when
companies are joining together? - ANSWER
