D487 Secure SW Design Exam 2025|2026 Actual
Comprehensive Real Exam Questions And Correct Answers
(Verified Answers) Already Graded A+ |
Newest Exam | Just Released!!
How should you rank an organization's threats? - ANSWER-
based on their
probability and damage
potential.
During what phase in the SDL do product and security teams
work together to
verify that the product complies with security policies? -
ANSWER-A5 Ship
In what phase does the the security development life cycle
takes place in the
last phase of the software development life cycle when the
organization is
preparing to release the product? -
ANSWER-A5 Ship
,What are the four phases of penetration testing? - ANSWER-
assess, identify,
evaluate and plan, and
deploy.
What are scans that target security issues that are found
outside the firewall? -
ANSWER-external
scans
What are scans that require software to log onto a
system to scan it? -
ANSWER-authenticated
scans
What are scans to identify security issues that a malicious
attacker could exploit
from inside the network? - ANSWER-
internal scans
What are scans to exploit a vulnerability when it is
identified? - ANSWER-
intrusive target
search
,What are regulations regarding the software licensing of in-
house products -
ANSWER-open-source software license
compliance
Which activity in the Ship (A5) phase of the security
development cycle sets requirements for quality gates that
must be met before release? - ANSWER-A5 policy compliance
analysis
The company's website uses query string parameters to filter
products by category. The URL, when filtering on a product
category, looks like this: company.com/products?category=2.If
the security team saw a URL of
company.com/products?category=2 OR 1=1 in the logs, what
assumption should they make? - ANSWER-An attacker is
attempting to use SQL injection to gain access to information.
The model used to assess the severity of a vulnerability... -
ANSWER-Common
Vulnerability Scoring System
(CVSS)
The team that receives, investigates, and reports security
vulnerabilities... -
, ANSWER-Product Security Incident Response
Team (PSIRT)
What is the phase of the SDLC in which organizations prepare
for vulnerabilities after the product has been released? -
ANSWER-Post-Release Support phase
Who responds to software product security incidents that
involve the external discovery of post-release software
vulnerabilities? - ANSWER-Post-Release
PSIRT
Response
Who is an expert on promoting security awareness, best
practices, and
simplifying software security? - ANSWER-Software Security
Champion (SSC)
Who is an expert to promote awareness of products to the
wider software
community? - ANSWER-Software Security
Evangelist (SSE)
Which post-release support activity (PRSA) details the process
for investigating, mitigating, and communicating findings when
Comprehensive Real Exam Questions And Correct Answers
(Verified Answers) Already Graded A+ |
Newest Exam | Just Released!!
How should you rank an organization's threats? - ANSWER-
based on their
probability and damage
potential.
During what phase in the SDL do product and security teams
work together to
verify that the product complies with security policies? -
ANSWER-A5 Ship
In what phase does the the security development life cycle
takes place in the
last phase of the software development life cycle when the
organization is
preparing to release the product? -
ANSWER-A5 Ship
,What are the four phases of penetration testing? - ANSWER-
assess, identify,
evaluate and plan, and
deploy.
What are scans that target security issues that are found
outside the firewall? -
ANSWER-external
scans
What are scans that require software to log onto a
system to scan it? -
ANSWER-authenticated
scans
What are scans to identify security issues that a malicious
attacker could exploit
from inside the network? - ANSWER-
internal scans
What are scans to exploit a vulnerability when it is
identified? - ANSWER-
intrusive target
search
,What are regulations regarding the software licensing of in-
house products -
ANSWER-open-source software license
compliance
Which activity in the Ship (A5) phase of the security
development cycle sets requirements for quality gates that
must be met before release? - ANSWER-A5 policy compliance
analysis
The company's website uses query string parameters to filter
products by category. The URL, when filtering on a product
category, looks like this: company.com/products?category=2.If
the security team saw a URL of
company.com/products?category=2 OR 1=1 in the logs, what
assumption should they make? - ANSWER-An attacker is
attempting to use SQL injection to gain access to information.
The model used to assess the severity of a vulnerability... -
ANSWER-Common
Vulnerability Scoring System
(CVSS)
The team that receives, investigates, and reports security
vulnerabilities... -
, ANSWER-Product Security Incident Response
Team (PSIRT)
What is the phase of the SDLC in which organizations prepare
for vulnerabilities after the product has been released? -
ANSWER-Post-Release Support phase
Who responds to software product security incidents that
involve the external discovery of post-release software
vulnerabilities? - ANSWER-Post-Release
PSIRT
Response
Who is an expert on promoting security awareness, best
practices, and
simplifying software security? - ANSWER-Software Security
Champion (SSC)
Who is an expert to promote awareness of products to the
wider software
community? - ANSWER-Software Security
Evangelist (SSE)
Which post-release support activity (PRSA) details the process
for investigating, mitigating, and communicating findings when
