D487 - Secure Software Design Knowledge Check and Study Guide
Exam with Correct Answers 100% Guaranteed Pass
1. What are the two common best principles of software applications in the
development process?: Quality Code & Secure Code
2. What ensures that the user has the appropriate role and privilege to view
data?: Authorization
3. Which security goal is defined by "guarding against improper information
modification or destruction and ensuring information non-repudiation and
authenticity"?: Integrity
4. Which phase in an SDLC helps to define the problem and scope of any
existing systems and determine the objectives of new systems?: Planning
5. What happens during a dynamic code review?: Programmers monitor system
memory, functional behavior, response times, and overall performance.
6. How should you store your application user credentials in your application
database?: Store credentials using salted hashes
7. Which software methodology resembles an assembly-line approach?: Wa-
terfall model
1/
14
, 8. Which software methodology approach provides faster time to market and
higher business value?: Agile model
9. In Scrum methodology, who is responsible for making decisions on the
requirements?: Product Owner
10. What is the product risk profile?: A security assessment deliverable that
estimates the actual cost of the product
11. A software security team member has been tasked with creating a deliv-
erable that provides details on where and to what degree sensitive customer
information is collected, stored, or created within a new product offering.
What does the team member need to deliver in order to meet the objective?: -
Privacy impact assessment
12. A software security team member has been tasked with creating a threat
model for the login process of a new product.What is the first step the team
member should take?: Identify security objectives
13. What are three parts of the STRIDE methodology?: Spoofing, Elevation,
Tampering
14. What is the reason software security teams host discovery meetings with
stakeholders early in the development life cycle?: To ensure that security is built
2/
14
Exam with Correct Answers 100% Guaranteed Pass
1. What are the two common best principles of software applications in the
development process?: Quality Code & Secure Code
2. What ensures that the user has the appropriate role and privilege to view
data?: Authorization
3. Which security goal is defined by "guarding against improper information
modification or destruction and ensuring information non-repudiation and
authenticity"?: Integrity
4. Which phase in an SDLC helps to define the problem and scope of any
existing systems and determine the objectives of new systems?: Planning
5. What happens during a dynamic code review?: Programmers monitor system
memory, functional behavior, response times, and overall performance.
6. How should you store your application user credentials in your application
database?: Store credentials using salted hashes
7. Which software methodology resembles an assembly-line approach?: Wa-
terfall model
1/
14
, 8. Which software methodology approach provides faster time to market and
higher business value?: Agile model
9. In Scrum methodology, who is responsible for making decisions on the
requirements?: Product Owner
10. What is the product risk profile?: A security assessment deliverable that
estimates the actual cost of the product
11. A software security team member has been tasked with creating a deliv-
erable that provides details on where and to what degree sensitive customer
information is collected, stored, or created within a new product offering.
What does the team member need to deliver in order to meet the objective?: -
Privacy impact assessment
12. A software security team member has been tasked with creating a threat
model for the login process of a new product.What is the first step the team
member should take?: Identify security objectives
13. What are three parts of the STRIDE methodology?: Spoofing, Elevation,
Tampering
14. What is the reason software security teams host discovery meetings with
stakeholders early in the development life cycle?: To ensure that security is built
2/
14
