Exam (elaborations)

D487- Secure Software Design NEWEST TESTBANK with Correct Detailed Answers | LATEST 2025/2026

Rating

Sold

Pages

433

Grade

A+

Uploaded on

26-04-2025

Written in

2024/2025

D487- Secure Software Design NEWEST TESTBANK with Correct Detailed Answers | LATEST 2025/2026

Institution

D487

Course

D487

Whoops! We can’t load your doc right now. Try again or contact support.

Report Copyright Violation

Written for

Institution: D487
Course: D487

Document information

Uploaded on: April 26, 2025
Number of pages: 433
Written in: 2024/2025
Type: Exam (elaborations)
Contains: Questions & answers

Subjects

d487 secure software design newest questions

Content preview

D487-Secure Software Design | | | |

Questions with Review Correct |||||| | | |

Detailed Answers |

What is the study of real-world software security initiatives organized so companies can measure their
|||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

initiatives and understand how to evolve them over time?
|||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

A) Building Security in Maturity Model (BSIMM) |||||| |||||| ||| |||||| ||||||

B) Security features and design |||||| |||||| ||||||

C) OWASP Software Assurance Maturity Model (SAMM) |||||| |||||| |||||| ||||| |||

D) ISO 27001 |||||

A) Building Security in Maturity Model (BSIMM) |||||| |||||| ||| |||||| ||||||

What is the analysis of computer software that is performed without executing programs?
||||| ||||| |||||| |||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

A) Static analysis ||||||

B) Fuzzing

C) Dynamic analysis |||||

D) OWASPZAP |

A) Static analysis ||||||

,What iso standard is the benchmark for information security today?
||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

A) iso/iec 27001 ||||

B) iso/iec7799 |

C) iso/iec27034 |

D) iso 8601 ||||||

A) iso 27001
|||||

what is the analysis of computer software that is performed by executing programs on a real or virtual
|||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

processor in real time? |||||| |||||| ||||||

A) dynamic analysis |||||

B) static analysis ||||||

C) fuzzing

D) security testing ||||||

A) dynamic analysis |||||

which person is responsible for designing, planning, and implementing secure coding practices and
|||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

security testing methodologies? |||||| ||||||

A) software security architect |||||| |||||

B) product security developer |||||| ||||||

C) software security champion ||||| ||||||

D) softwaretester |

A) software security architect |||||| |||||

,A company is preparing to add a new feature to its flagship software product. The new feature is similar
|||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

to features that have been added in previous years, and the requirements are well-documented. The
|||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

project is expected to last three to four months, at which time the new feature will be released to
|||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

customers. Project team members will focus solely on the new feature until the project ends.
|||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

Which software development methodology is being used?
|||||| |||||| |||| |||||| |||||| ||||||

A) Waterfall

B) Agile

C) Scrum

D) Extremeprogramming |

A) Waterfall

A new product will requirean administration section for a small number of users. Normal users will be
|||||| |||||| |||||| |||||| ||| |||||| |||||| |||||| |||||| |||||| ||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

able to view limited customer information and should not see admin functionality within the
|||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

application.

Which concept is being used? |||||| |||||| ||||| ||||||

A) Principle of least privilege |||||| |||||| ||||||

B) Privacy

C) Software security champion ||||| ||||||

D) Elevation of privilege ||||| ||||||

A) Principle of least privilege |||||| |||||| ||||||

The software security team is currently working to identify approaches for input validation,
|||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

authentication, authorization, and configuration management of a new software product so they can |||||| |||||| |||||| ||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

deliver a security profile. |||||| |||||| ||||||

Which threat modeling step is being described?
|||||| |||||| |||||| |||||| |||||| ||||||

, A) Analyzing the target |||||| ||||||

B) Drawing data flow diagram |||||| |||||| ||||||

C) Rating threats |||||

D) Identifyinganddocumentingthreats | | |

A) Analyzing the target |||||| ||||||

The scrum team is attending their morning meeting, which is scheduled at the beginning of the work
|||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

day. Each team member reports what they accomplished yesterday, what they plan to accomplish
|||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

today, and if they have any impediments that may cause them to miss their delivery deadline.
|||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

Which scrum ceremony is the team participating in?
||||| |||||| |||||| |||| |||||| |||||| |||||

A) Daily scrum ||||||

B) Sprintreview |

C) Sprint retrospective ||||

D) Sprint planning ||||

A) Daily scrum ||||||

what is a list of information security vulnerabilities that aims to provide names for publicly known
|||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| |||||| ||||||

problems?

A) commoncomputervulnerabilities andexposures(CVE) || || ||||| | |

B) SANS institute top cyber security risks |||||| |||||| |||||| |||||| ||||||

C) bugtraq

D) Carnegiemelon computer emergency readinessteam (CERT) || ||||| |||||| |||||| ||| ||||||

A) commoncomputervulnerabilities andexposures(CVE) || || ||||| | |

$32.99

Get access to the full document:

100% satisfaction guarantee

Immediately available after payment

Both online and in PDF

No strings attached

Get to know the seller

Ruiz

3.2

(9)

Get to know the seller

Ruiz Liberty University

View profile

Sold

Member since

1 year

Number of followers

Documents

12070

Last sold

4 hours ago

Top-Quality Study Materials for Success – Ace Your Exams with Expert Resources!

Access high-quality study materials to help you excel in your exams. Get notes, summaries, and guides tailored to your courses!

3.2

9 reviews

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Ruiz. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $32.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews) 53768 documents were sold in the last 30 days Founded in 2010, the go-to place to buy study notes for 16 years now

D487- Secure Software Design NEWEST TESTBANK with Correct Detailed Answers | LATEST 2025/2026

Written for

Document information

Subjects

Content preview

Get to know the seller

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Didn't get what you expected? Choose another document

Pay as you like, start learning right away

Frequently asked questions

What do I get when I buy this document?

Satisfaction guarantee: how does it work?

Who am I buying these notes from?

Will I be stuck with a subscription?

Can Stuvia be trusted?