Page | 1
D487 SECURE SW DESIGN BRAND
NEW ACTUAL EXAM WITH ANSWERS.
1. Which practice in the Ship (A5) phase of the security
development cycle verifies whether the product meets security
mandates? - correct answer -A5 policy compliance analysis
2. Which post-release support activity defines the process to
communicate, identify, and alleviate security threats? - correct
answer -PRSA1: External vulnerability disclosure response
3. Within OpenSAMM, what focuses on the processes and
activities related to organizational software development
activities within OpenSAMM practice areas? - correct answer -
Governance
4. Within OpenSAMM, what focuses on the processes and
activities related to creating software within development
projects within OpenSAMM practice areas? - correct answer -
Construction
, Page | 2
5. Which practice in the Ship (A5) phase of the security
development cycle uses tools to identify weaknesses in the
product? - correct answer -Vulnerability scan
6. Which post-release support activity should be completed when
companies are joining together? - correct answer -Security
architectural reviews
7. Which of the Ship (A5) deliverables of the security
development cycle are performed with A5 policy compliance
analysis? - correct answer -analyze activities and standards
8. Which of the Ship (A5) deliverables of the security
development cycle are performed with code-assisted
penetration testing? - correct answer -white-box security testing
9. Which of the Ship (A5) deliverables of the security
development cycle are performed with open-source licensing
review? - correct answer -license compliance
, Page | 3
10. Which of the Ship (A5) deliverables of the security
development cycle are performed with final security review? -
correct answer -release and ship
11. Which phase of penetration testing allows for remediation to
be performed? - correct answer -deploy
12. Which key deliverable occurs during post-release support? -
correct answer -Third-party reviews
13. Which business function of OpenSAMM is associated with
the following core practices, governance? - correct answer -
policy and compliance
14. Which business function of OpenSAMM is associated with
the following core practices, construction? - correct answer -
threat assessment
15. Which business function of OpenSAMM is associated with
the following core practices, verification? - correct answer -
code review
D487 SECURE SW DESIGN BRAND
NEW ACTUAL EXAM WITH ANSWERS.
1. Which practice in the Ship (A5) phase of the security
development cycle verifies whether the product meets security
mandates? - correct answer -A5 policy compliance analysis
2. Which post-release support activity defines the process to
communicate, identify, and alleviate security threats? - correct
answer -PRSA1: External vulnerability disclosure response
3. Within OpenSAMM, what focuses on the processes and
activities related to organizational software development
activities within OpenSAMM practice areas? - correct answer -
Governance
4. Within OpenSAMM, what focuses on the processes and
activities related to creating software within development
projects within OpenSAMM practice areas? - correct answer -
Construction
, Page | 2
5. Which practice in the Ship (A5) phase of the security
development cycle uses tools to identify weaknesses in the
product? - correct answer -Vulnerability scan
6. Which post-release support activity should be completed when
companies are joining together? - correct answer -Security
architectural reviews
7. Which of the Ship (A5) deliverables of the security
development cycle are performed with A5 policy compliance
analysis? - correct answer -analyze activities and standards
8. Which of the Ship (A5) deliverables of the security
development cycle are performed with code-assisted
penetration testing? - correct answer -white-box security testing
9. Which of the Ship (A5) deliverables of the security
development cycle are performed with open-source licensing
review? - correct answer -license compliance
, Page | 3
10. Which of the Ship (A5) deliverables of the security
development cycle are performed with final security review? -
correct answer -release and ship
11. Which phase of penetration testing allows for remediation to
be performed? - correct answer -deploy
12. Which key deliverable occurs during post-release support? -
correct answer -Third-party reviews
13. Which business function of OpenSAMM is associated with
the following core practices, governance? - correct answer -
policy and compliance
14. Which business function of OpenSAMM is associated with
the following core practices, construction? - correct answer -
threat assessment
15. Which business function of OpenSAMM is associated with
the following core practices, verification? - correct answer -
code review
