D487: Secure Software Design Study
Guide Test Newest 2025 With 152
Questions And Correct Explanations
Graded A+
Building Security In Maturity Model (BSIMM) - CORRECT ANSWER-A study of real-
world software security initiatives organized so that you can determine where you stand
with your software security initiative and how to evolve your efforts over time
SAMM - CORRECT ANSWER-offers a roadmap and a well-defined maturity model for
secure software development and deployment, along with useful tools for self-
assessment and planning.
Core OpenSAMM activities - CORRECT ANSWER-Governance
Construction
Verification
Deployment
static analysis - CORRECT ANSWER-Source code of an application is reviewed
manually or with automatic tools without running the code
dynamic analysis - CORRECT ANSWER-Analysis and testing of a program occurs
while it is being executed or run
Fuzzing - CORRECT ANSWER-Injection of randomized data into a software program in
an attempt to find system failures, memory leaks, error handling issues, and improper
input validation
, OWASP ZAP - CORRECT ANSWER--Open-source web application security scanner-
Can be used as a proxy to manipulate traffic running through it (even https)
ISO/IEC 27001 - CORRECT ANSWER-Specifies requirements for establishing,
implementing, operating, monitoring, reviewing, maintaining and improving a
documented information security management system
ISO/IEC 17799 - CORRECT ANSWER-ISO/EIC is a joint committee that develops and
maintains standards in the IT industry. 17799 is an international code of practice for
information security management. This section defines confidentiality, integrity and
availability controls.
ISO/IEC 27034 - CORRECT ANSWER-A standard that provides guidance to help
organizations embed security within their processes that help secure applications
running in the environment, including application lifecycle processes
Software security champion - CORRECT ANSWER-a developer with an interest in
security who helps amplify the security message at the team level
waterfall methodology - CORRECT ANSWER-a sequential, activity-based process in
which each phase in the SDLC is performed sequentially from planning through
implementation and maintenance
Agile Development - CORRECT ANSWER-A software development methodology that
delivers functionality in rapid iterations, measured in weeks, requiring frequent
communication, development, testing, and delivery.
Scrum - CORRECT ANSWER-an agile project management framework that helps
teams structure and manage their work through a set of values, principles, and
practices
Daily scrum - CORRECT ANSWER-daily time-boxed event of 15 minutes, or less, for
the Development Team to re-plan the next day of development work during a Sprint.
Updates are reflected in the Sprint Backlog.
Sprint review - CORRECT ANSWER-A meeting that occurs after each sprint to show
the product or process to stakeholders for approval and to receive feedback.
Sprint retrospective - CORRECT ANSWER-an opportunity for the Scrum Team to
inspect itself and create a plan for improvements to be enacted during the next Sprint.
Sprint planning - CORRECT ANSWER-A collaborative event in Scrum in which the
Scrum team plans the work for the current sprint.
Guide Test Newest 2025 With 152
Questions And Correct Explanations
Graded A+
Building Security In Maturity Model (BSIMM) - CORRECT ANSWER-A study of real-
world software security initiatives organized so that you can determine where you stand
with your software security initiative and how to evolve your efforts over time
SAMM - CORRECT ANSWER-offers a roadmap and a well-defined maturity model for
secure software development and deployment, along with useful tools for self-
assessment and planning.
Core OpenSAMM activities - CORRECT ANSWER-Governance
Construction
Verification
Deployment
static analysis - CORRECT ANSWER-Source code of an application is reviewed
manually or with automatic tools without running the code
dynamic analysis - CORRECT ANSWER-Analysis and testing of a program occurs
while it is being executed or run
Fuzzing - CORRECT ANSWER-Injection of randomized data into a software program in
an attempt to find system failures, memory leaks, error handling issues, and improper
input validation
, OWASP ZAP - CORRECT ANSWER--Open-source web application security scanner-
Can be used as a proxy to manipulate traffic running through it (even https)
ISO/IEC 27001 - CORRECT ANSWER-Specifies requirements for establishing,
implementing, operating, monitoring, reviewing, maintaining and improving a
documented information security management system
ISO/IEC 17799 - CORRECT ANSWER-ISO/EIC is a joint committee that develops and
maintains standards in the IT industry. 17799 is an international code of practice for
information security management. This section defines confidentiality, integrity and
availability controls.
ISO/IEC 27034 - CORRECT ANSWER-A standard that provides guidance to help
organizations embed security within their processes that help secure applications
running in the environment, including application lifecycle processes
Software security champion - CORRECT ANSWER-a developer with an interest in
security who helps amplify the security message at the team level
waterfall methodology - CORRECT ANSWER-a sequential, activity-based process in
which each phase in the SDLC is performed sequentially from planning through
implementation and maintenance
Agile Development - CORRECT ANSWER-A software development methodology that
delivers functionality in rapid iterations, measured in weeks, requiring frequent
communication, development, testing, and delivery.
Scrum - CORRECT ANSWER-an agile project management framework that helps
teams structure and manage their work through a set of values, principles, and
practices
Daily scrum - CORRECT ANSWER-daily time-boxed event of 15 minutes, or less, for
the Development Team to re-plan the next day of development work during a Sprint.
Updates are reflected in the Sprint Backlog.
Sprint review - CORRECT ANSWER-A meeting that occurs after each sprint to show
the product or process to stakeholders for approval and to receive feedback.
Sprint retrospective - CORRECT ANSWER-an opportunity for the Scrum Team to
inspect itself and create a plan for improvements to be enacted during the next Sprint.
Sprint planning - CORRECT ANSWER-A collaborative event in Scrum in which the
Scrum team plans the work for the current sprint.
