D487 Questions with Detailed Verified Answers

Page | 1



D487 Questions with Detailed Verified
Answers

Question:What is the study of real-world software security initiatives
organized so companies can measure their initiatives and understand how to
evolve them over time?
-Building Security in Maturity Model (BSIMM)
-Security features and design
-OWASP Software Assurance Maturity Model (SAMM)
-ISO 27001

Ans: -Building Security in Maturity Model (BSIMM)

Question: What is the analysis of computer software that is performed
without executing programs?
-static analysis
-fuzzing
-dynamic analysis
-owasp zap

Ans: -static analysis

Question: what iso standard is the benchmark for information security today?
-iso 27001
-iso 7799
-iso 27034
-iso 8601

Ans: -iso 27001

Question: what is the analysis of computer software that is performed by
executing programs on a real or virtual processor in real time?
-dynamic analysis
-static analysis
-fuzzing
-security testing

, Page | 2

Ans: -dynamic analysis

Question: which person is responsible for designing, planning, and
implementing secure coding practices and security testing methodologies?
-software security architect
-product security developer
-software security champion
-software tester

Ans: -software security architect

Question: what is a list of information security vulnerabilities that aims to
provide names for publicly known problems?
-common computer vulnerabilities and exposures (CVE)
- SANS institute top cyber security risks
-bugtraq
- Carnegie melon computer emergency readiness team (CERT)

Ans: -common computer vulnerabilities and exposures (CVE)

Question: which secure coding best practice uses well-tested, publicly
available algorithms to hide product data from unauthorized access?
-access control
-authentication and password management
-cryptographic practices
-data protection

Ans: -cryptographic practices

Question: which secure coding best practice ensures servers, frameworks,
and system components are all running the latest approved versions?
-file management
-input validation
-database security
-system configuration

Ans: -system configuration

, Page | 3

Question: Which secure coding best practice says to use parameterized
queries, encrypted connection strings stored in separate configuration files,
and strong passwords or multi-factor authentication?
-access control
-database security
-file management
-session management

Ans: -database security

Question: which secure coding best practice says that all information passed
to other systems should be encrypted?
-output encoding
-memory management
-communication security
-database security

Ans: -communication security

Question: A company is preparing to add a new feature to its flagship
software product. The new feature is similar to features that have been added
in previous years, and the requirements are well-documented. The project is
expected to last three to four months, at which time the new feature will be
released to customers. Project team members will focus solely on the new
feature until the project ends. Which software development methodology is
being used?
-Agile
-Waterfall
-Scrum
-Extreme programming

Ans: -waterfall

Question: A new product will require an administration section for a small
number of users. Normal users will be able to view limited customer
information and should not see admin functionality within the application.
Which concept is being used?
-privacy
-POLP
-software security champion