Which practice in the Ship (A5) phase of the security development cycle
verifies whether the product meets security mandates? - CORRECT
ANSWER A5 policy compliance analysis
Which post-release support activity defines the process to communicate,
identify, and alleviate security threats? - CORRECT ANSWER
PRSA1: External vulnerability disclosure response
What are two core practice areas of the OWASP Security Assurance
Maturity Model (OpenSAMM)? - CORRECT ANSWER Governance,
Construction
Which practice in the Ship (A5) phase of the security development cycle
uses tools to identify weaknesses in the product? - CORRECT
ANSWER Vulnerability scan
Which post-release support activity should be completed when
companies are joining together? - CORRECT ANSWER Security
architectural reviews
,Which of the Ship (A5) deliverables of the security development cycle
are performed during the A5 policy compliance analysis? - CORRECT
ANSWER Analyze activities and standards
Which of the Ship (A5) deliverables of the security development cycle
are performed during the code-assisted penetration testing? -
CORRECT ANSWER white-box security test
Which of the Ship (A5) deliverables of the security development cycle
are performed during the open-source licensing review? - CORRECT
ANSWER license compliance
Which of the Ship (A5) deliverables of the security development cycle
are performed during the final security review? - CORRECT
ANSWER Release and ship
How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on agile? - CORRECT
ANSWER iterative development
How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on devops? -
CORRECT ANSWER continuous integration and continuous
deployments
, How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on cloud? - CORRECT
ANSWER API invocation processes
How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on digital enterprise? -
CORRECT ANSWER enables and improves business activities
Which phase of penetration testing allows for remediation to be
performed? - CORRECT ANSWER Deploy
Which key deliverable occurs during post-release support? -
CORRECT ANSWER third-party reviews
Which business function of OpenSAMM is associated with governance?
- CORRECT ANSWER Policy and compliance
Which business function of OpenSAMM is associated with
construction? - CORRECT ANSWER Threat assessment
Which business function of OpenSAMM is associated with verification?
- CORRECT ANSWER Code review
Which business function of OpenSAMM is associated with deployment?
- CORRECT ANSWER Vulnerability management
verifies whether the product meets security mandates? - CORRECT
ANSWER A5 policy compliance analysis
Which post-release support activity defines the process to communicate,
identify, and alleviate security threats? - CORRECT ANSWER
PRSA1: External vulnerability disclosure response
What are two core practice areas of the OWASP Security Assurance
Maturity Model (OpenSAMM)? - CORRECT ANSWER Governance,
Construction
Which practice in the Ship (A5) phase of the security development cycle
uses tools to identify weaknesses in the product? - CORRECT
ANSWER Vulnerability scan
Which post-release support activity should be completed when
companies are joining together? - CORRECT ANSWER Security
architectural reviews
,Which of the Ship (A5) deliverables of the security development cycle
are performed during the A5 policy compliance analysis? - CORRECT
ANSWER Analyze activities and standards
Which of the Ship (A5) deliverables of the security development cycle
are performed during the code-assisted penetration testing? -
CORRECT ANSWER white-box security test
Which of the Ship (A5) deliverables of the security development cycle
are performed during the open-source licensing review? - CORRECT
ANSWER license compliance
Which of the Ship (A5) deliverables of the security development cycle
are performed during the final security review? - CORRECT
ANSWER Release and ship
How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on agile? - CORRECT
ANSWER iterative development
How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on devops? -
CORRECT ANSWER continuous integration and continuous
deployments
, How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on cloud? - CORRECT
ANSWER API invocation processes
How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on digital enterprise? -
CORRECT ANSWER enables and improves business activities
Which phase of penetration testing allows for remediation to be
performed? - CORRECT ANSWER Deploy
Which key deliverable occurs during post-release support? -
CORRECT ANSWER third-party reviews
Which business function of OpenSAMM is associated with governance?
- CORRECT ANSWER Policy and compliance
Which business function of OpenSAMM is associated with
construction? - CORRECT ANSWER Threat assessment
Which business function of OpenSAMM is associated with verification?
- CORRECT ANSWER Code review
Which business function of OpenSAMM is associated with deployment?
- CORRECT ANSWER Vulnerability management
