WGU - D487 Latest Update Questions with
Verified Answers Graded Perfect Score,
Reliable.
8 phases of the SDLC - Correct Answers-planning, requirements, design, implementation,
testing, deployment, maintenance and end of life
A Privacy Impact Assessment should include - Correct Answers-The summary of the
legislation, required process steps, technologies, and techniques, and any additional resources
A software security team member has been tasked with creating a deliverable that provides
details on where and to what degree sensitive customer information is collected, stored, or
created within a new product offering. - Correct Answers-Privacy impact assessment
A5 Policy Compliance Analysis - Correct Answers-Analyze activities and standards, white-box
security test, License compliance, release and ship, iterative development, continuous
integration and continuous deployment, API invocation process, Enables and improves business
activities,
abstract syntax tree (AST): - Correct Answers-the basis for software metrics and issues to be
generated at a later stage
After the developer is done coding a functionality, when should code review be completed -
Correct Answers-Within hours or the same day
Agile - Correct Answers-Uses collaboration between self-organizing and cross-functional
teams. 4 core values and 12 principles
Agile Advantage - Correct Answers-customer satisfaction through rapid, continuous delivery
of useful software
Agile disadvantage - Correct Answers-difficult to asses the effort required at the beginning of
the SDL
alpha level testing - Correct Answers-testing done by the developers themselves
An initial project outline for security milestones is developed and integrated into the
development project schedule - Correct Answers-Security Assessment
, application decomposition - Correct Answers-determining the fundamental functions of an
app
application-centric threat modeling - Correct Answers-threat models that start with
visualizing the application you are building
AppSec - Correct Answers-is the overall process of identifying, fixing, and preventing security
vulnerabilities within the application level
Architecture (A2) phase - Correct Answers-the second phase of the security development life
cycle that examines security from perspective of business risks
asset-centric threat modeling - Correct Answers-threat models focused around senior
management and protecting the assets of an organization
authenticated scans - Correct Answers-scans that require software to log onto a system to
scan it
benchmarks - Correct Answers-tests used to compare estimates to actual results
beta level testing - Correct Answers-testing done by those not familiar with the actual
development of the system
black box testing - Correct Answers-tests from an external perspective with no prior
knowledge of the software
BSIMM - Correct Answers-a study of real-world software security that allows you to develop
your software security over time
code review - Correct Answers-a process done to identify security vulnerabilities during
software development
code review (CR): - Correct Answers-a practice of verification involving review of an
organization's secure code to identify vulnerabilities
Common Vulnerability Scoring System (CVSS) - Correct Answers-a model used to assess the
severity of a vulnerability
Computer Vulnerabilities and Exposures - Correct Answers-A list of information that aims to
provide common names for publicly known security vulnerabilities
construction - Correct Answers-a function of OpenSAMM centered around how
organizations define goals and create software within development projects
Verified Answers Graded Perfect Score,
Reliable.
8 phases of the SDLC - Correct Answers-planning, requirements, design, implementation,
testing, deployment, maintenance and end of life
A Privacy Impact Assessment should include - Correct Answers-The summary of the
legislation, required process steps, technologies, and techniques, and any additional resources
A software security team member has been tasked with creating a deliverable that provides
details on where and to what degree sensitive customer information is collected, stored, or
created within a new product offering. - Correct Answers-Privacy impact assessment
A5 Policy Compliance Analysis - Correct Answers-Analyze activities and standards, white-box
security test, License compliance, release and ship, iterative development, continuous
integration and continuous deployment, API invocation process, Enables and improves business
activities,
abstract syntax tree (AST): - Correct Answers-the basis for software metrics and issues to be
generated at a later stage
After the developer is done coding a functionality, when should code review be completed -
Correct Answers-Within hours or the same day
Agile - Correct Answers-Uses collaboration between self-organizing and cross-functional
teams. 4 core values and 12 principles
Agile Advantage - Correct Answers-customer satisfaction through rapid, continuous delivery
of useful software
Agile disadvantage - Correct Answers-difficult to asses the effort required at the beginning of
the SDL
alpha level testing - Correct Answers-testing done by the developers themselves
An initial project outline for security milestones is developed and integrated into the
development project schedule - Correct Answers-Security Assessment
, application decomposition - Correct Answers-determining the fundamental functions of an
app
application-centric threat modeling - Correct Answers-threat models that start with
visualizing the application you are building
AppSec - Correct Answers-is the overall process of identifying, fixing, and preventing security
vulnerabilities within the application level
Architecture (A2) phase - Correct Answers-the second phase of the security development life
cycle that examines security from perspective of business risks
asset-centric threat modeling - Correct Answers-threat models focused around senior
management and protecting the assets of an organization
authenticated scans - Correct Answers-scans that require software to log onto a system to
scan it
benchmarks - Correct Answers-tests used to compare estimates to actual results
beta level testing - Correct Answers-testing done by those not familiar with the actual
development of the system
black box testing - Correct Answers-tests from an external perspective with no prior
knowledge of the software
BSIMM - Correct Answers-a study of real-world software security that allows you to develop
your software security over time
code review - Correct Answers-a process done to identify security vulnerabilities during
software development
code review (CR): - Correct Answers-a practice of verification involving review of an
organization's secure code to identify vulnerabilities
Common Vulnerability Scoring System (CVSS) - Correct Answers-a model used to assess the
severity of a vulnerability
Computer Vulnerabilities and Exposures - Correct Answers-A list of information that aims to
provide common names for publicly known security vulnerabilities
construction - Correct Answers-a function of OpenSAMM centered around how
organizations define goals and create software within development projects
