Pre-Assessment
What is a study of real-world software security initiatives organized so companies can
measure their initiatives and understand how to evolve them over time? - answer
Building Security In Maturity Model (BSIMM)
Which person is responsible for designing, planning, and implementing secure coding
practices and security testing methodologies? - answer Software security architect
Which secure coding best practice uses well-tested, publicly available algorithms to hide
product data from unauthorized access? - answer Cryptographic practices
A company is preparing to add a new feature to its flagship software product. The new
feature is similar to features that have been added in previous years, and the
requirements are well-documented. The project is expected to last three to four months,
at which time the new feature will be released to customers. Project team members will
focus solely on the new feature until the project ends. Which software development
methodology is being used? - answerWaterfall
The software security team is currently working to identify approaches for input
validation, authentication, authorization, and configuration management of a new
software product so they can deliver a security profile. Which threat modeling step is
being described? - answerAnalyzing the target
A software security team member has created data flow diagrams, chosen the STRIDE
methodology to perform threat reviews, and created the security assessment for the
new product. Which category of secure software best practices did the team member
perform? - answerArchitecture analysis
Team members are being introduced during sprint zero in the project kickoff meeting.
The person being introduced will be a facilitator, will try to remove roadblocks and
ensure the team is communicating freely, and will be responsible for facilitating all
scrum ceremonies. Which role is the team member playing? - answerScrum master
What is a countermeasure to the web application security frame (ASF) configuration
management threat category? - answerService accounts have no administration
capabilities.
Which privacy impact statement requirement type defines who has access to personal
information within the product? - answerAccess requirements
What is a study of real-world software security initiatives organized so companies can
measure their initiatives and understand how to evolve them over time? - answer
Building Security In Maturity Model (BSIMM)
Which person is responsible for designing, planning, and implementing secure coding
practices and security testing methodologies? - answer Software security architect
Which secure coding best practice uses well-tested, publicly available algorithms to hide
product data from unauthorized access? - answer Cryptographic practices
A company is preparing to add a new feature to its flagship software product. The new
feature is similar to features that have been added in previous years, and the
requirements are well-documented. The project is expected to last three to four months,
at which time the new feature will be released to customers. Project team members will
focus solely on the new feature until the project ends. Which software development
methodology is being used? - answerWaterfall
The software security team is currently working to identify approaches for input
validation, authentication, authorization, and configuration management of a new
software product so they can deliver a security profile. Which threat modeling step is
being described? - answerAnalyzing the target
A software security team member has created data flow diagrams, chosen the STRIDE
methodology to perform threat reviews, and created the security assessment for the
new product. Which category of secure software best practices did the team member
perform? - answerArchitecture analysis
Team members are being introduced during sprint zero in the project kickoff meeting.
The person being introduced will be a facilitator, will try to remove roadblocks and
ensure the team is communicating freely, and will be responsible for facilitating all
scrum ceremonies. Which role is the team member playing? - answerScrum master
What is a countermeasure to the web application security frame (ASF) configuration
management threat category? - answerService accounts have no administration
capabilities.
Which privacy impact statement requirement type defines who has access to personal
information within the product? - answerAccess requirements
