WGU - D487 OA ACTUL EXAM 2025-
2026 MOST TESTED 150 QUIZS
COVERED
What is a One-Time Requirement in Agile SDL?
✔ Security tasks implemented once and not repeated in every sprint.
✔ Examples: Setting up secure build pipelines, configuring encryption policies.
✔ Provides long-term foundational security.
What is a Final Security Review Requirement in Agile SDL?
✔ Ensures compliance with security policies before release.
✔ Includes penetration testing, privacy reviews, and compliance checks.
✔ Determines if the product is ready for deployment.
What is the Building Security In Maturity Model (BSIMM)?
BSIMM is a data-driven model that evaluates and benchmarks software security initiatives (SSIs) in
organizations based on observed practices from multiple companies. It helps organizations assess
their security maturity by comparing their security programs to industry leaders.
What is OpenSAMM?
OpenSAMM is an open security framework developed by OWASP to help organizations define and
measure their software security assurance activities. It provides a roadmap and self-assessment tool
for improving security at various maturity levels.
What is the main difference between BSIMM and OpenSAMM?
,BSIMM is observational and focuses on benchmarking real-world security practices from top
organizations.
OpenSAMM is prescriptive, providing a structured roadmap and guidance on improving security
practices.
What are the four focus areas of BSIMM?
Governance – Managing security initiatives.
Intelligence – Collecting security knowledge and tools.
SSDL Touchpoints – Applying security to the software development lifecycle.
Deployment – Security controls for operations.
Core Activities in OpenSAMM
Governance – Security policy, compliance, and strategy.
Construction – Security requirements, architecture, and design.
Verification – Code review, security testing, and assurance.
Deployment – Secure deployment, vulnerability management.
What are the Governance practices in BSIMM?
Strategy & Metrics
Compliance & Policy
Training
What are the Intelligence practices in BSIMM?
Attack Models
Security Features & Design6
Standards & Requirements
,What are the SSDL Touchpoints practices in BSIMM?
Architecture Analysis
Code Review
Security Testing
What are the Deployment practices in BSIMM?
Penetration Testing
Software Environment
Configuration & Vulnerability Management
What are the Governance practices in OpenSAMM?
Strategy & Metrics – Security planning & monitoring.
Policy & Compliance – Security regulations and risk management.
Education & Guidance – Developer security training.
What are the Construction practices in OpenSAMM?
Security Requirements – Define security needs.
Threat Assessment – Identify software threats.
Secure Architecture – Enforce security design.
What are the Verification practices in OpenSAMM?
Design Review – Security in the design phase.
Code Review – Secure coding analysis.
Security Testing – Dynamic/static application security testing.
What are the Deployment practices in OpenSAMM?
, Environment Hardening – Secure infrastructure configurations.
Vulnerability Management – Identify and fix security issues.
Operational Enablement – Secure product release & monitoring.
What type of model is BSIMM?
Observational – it studies existing security practices in organizations.
What type of model is OpenSAMM?
Prescriptive – it provides a roadmap to improve security practices.
What are the four focus areas of OpenSAMM?
Governance, Construction, Verification, and Deployment.
How is OpenSAMM primarily used?
OpenSAMM is designed for organizations to actively improve their security practices through a
structured roadmap. It facilitates ongoing measurement and improvement by defining security-
related activities, capturing scores at intervals, and using scorecards to assess changes over time
How is BSIMM primarily used?
BSIMM measures maturity over time by tracking and comparing an organization's security maturity
across different domains based on real-world data from multiple companies. It provides a
benchmarking approach that helps organizations determine where they stand relative to industry
peers and track improvement over time
SSDL BSIMM
2026 MOST TESTED 150 QUIZS
COVERED
What is a One-Time Requirement in Agile SDL?
✔ Security tasks implemented once and not repeated in every sprint.
✔ Examples: Setting up secure build pipelines, configuring encryption policies.
✔ Provides long-term foundational security.
What is a Final Security Review Requirement in Agile SDL?
✔ Ensures compliance with security policies before release.
✔ Includes penetration testing, privacy reviews, and compliance checks.
✔ Determines if the product is ready for deployment.
What is the Building Security In Maturity Model (BSIMM)?
BSIMM is a data-driven model that evaluates and benchmarks software security initiatives (SSIs) in
organizations based on observed practices from multiple companies. It helps organizations assess
their security maturity by comparing their security programs to industry leaders.
What is OpenSAMM?
OpenSAMM is an open security framework developed by OWASP to help organizations define and
measure their software security assurance activities. It provides a roadmap and self-assessment tool
for improving security at various maturity levels.
What is the main difference between BSIMM and OpenSAMM?
,BSIMM is observational and focuses on benchmarking real-world security practices from top
organizations.
OpenSAMM is prescriptive, providing a structured roadmap and guidance on improving security
practices.
What are the four focus areas of BSIMM?
Governance – Managing security initiatives.
Intelligence – Collecting security knowledge and tools.
SSDL Touchpoints – Applying security to the software development lifecycle.
Deployment – Security controls for operations.
Core Activities in OpenSAMM
Governance – Security policy, compliance, and strategy.
Construction – Security requirements, architecture, and design.
Verification – Code review, security testing, and assurance.
Deployment – Secure deployment, vulnerability management.
What are the Governance practices in BSIMM?
Strategy & Metrics
Compliance & Policy
Training
What are the Intelligence practices in BSIMM?
Attack Models
Security Features & Design6
Standards & Requirements
,What are the SSDL Touchpoints practices in BSIMM?
Architecture Analysis
Code Review
Security Testing
What are the Deployment practices in BSIMM?
Penetration Testing
Software Environment
Configuration & Vulnerability Management
What are the Governance practices in OpenSAMM?
Strategy & Metrics – Security planning & monitoring.
Policy & Compliance – Security regulations and risk management.
Education & Guidance – Developer security training.
What are the Construction practices in OpenSAMM?
Security Requirements – Define security needs.
Threat Assessment – Identify software threats.
Secure Architecture – Enforce security design.
What are the Verification practices in OpenSAMM?
Design Review – Security in the design phase.
Code Review – Secure coding analysis.
Security Testing – Dynamic/static application security testing.
What are the Deployment practices in OpenSAMM?
, Environment Hardening – Secure infrastructure configurations.
Vulnerability Management – Identify and fix security issues.
Operational Enablement – Secure product release & monitoring.
What type of model is BSIMM?
Observational – it studies existing security practices in organizations.
What type of model is OpenSAMM?
Prescriptive – it provides a roadmap to improve security practices.
What are the four focus areas of OpenSAMM?
Governance, Construction, Verification, and Deployment.
How is OpenSAMM primarily used?
OpenSAMM is designed for organizations to actively improve their security practices through a
structured roadmap. It facilitates ongoing measurement and improvement by defining security-
related activities, capturing scores at intervals, and using scorecards to assess changes over time
How is BSIMM primarily used?
BSIMM measures maturity over time by tracking and comparing an organization's security maturity
across different domains based on real-world data from multiple companies. It provides a
benchmarking approach that helps organizations determine where they stand relative to industry
peers and track improvement over time
SSDL BSIMM
