WGU D487 Secure Software Design Exam 125 Questions with
Verified Answers
planning - a vision and next steps are created - CORRECT ANSWER SDLC Phase 1
requirements - necessary software requirements are determined - CORRECT
ANSWER SDLC Phase 2
design - requirements are prepared for the technical design - CORRECT ANSWER
SDLC Phase 3
implementation - the resources involved in the application from a known resource
are determined - CORRECT ANSWER SDLC Phase 4
testing - software is tested to verify its functions through a known environment -
CORRECT ANSWER SDLC Phase 5
deployment - security is pushed out - CORRECT ANSWER SDLC Phase 6
maintenance - ongoing security monitoring is implemented - CORRECT ANSWER
SDLC Phase 7
end of life - the proper steps for removing software completely are considered -
CORRECT ANSWER SDLC Phase 8
,a study of real-world software security that allows you to develop your software
security over time - CORRECT ANSWER BSIMM
flexible framework for building security into a software development organization
- CORRECT ANSWER OWASP SAMM
the analysis of computer software that is performed without executing programs -
CORRECT ANSWER Static Analysis
the analysis of computer software that is performed when executing programs on
a real or virtual processor in real time - CORRECT ANSWER Dynamic Analysis
automated or semi-automated testing that provides invalid, unexpected, or
random data to the computer software program - CORRECT ANSWER Fuzz Testing
software development methodology that breaks down development activities into
linear sequential phases; each phase depends on the deliverables of the previous
one and corresponds to a specialization of tasks - CORRECT ANSWER Waterfall
Development
plan -> build -> test -> review -> deploy - CORRECT ANSWER Waterfall Phases
(typical)
each phase of a project is broken down into its own waterfall phases - CORRECT
ANSWER Iterative Waterfall Development
,software development methodology that delivers functionality in rapid iterations
called timeboxes, requiring limited planning but frequent communication -
CORRECT ANSWER Agile Development
framework for Agile that prescribes for teams to break work into goals to be
completed within sprints - CORRECT ANSWER Scrum
responsible for ensuring a Scrum team is operating as effectively as possible by
keeping the team on track, planning and leading meetings, and working out any
obstacles the team might face - CORRECT ANSWER Scrum Master (Scrum Role)
ensures the Scrum team aligns with overall product goals by managing the
product backlog by ordering work by priority, setting the product vision for the
team, and communicating with external stakeholders to translate their needs to
the team - CORRECT ANSWER Product Owner (Scrum Role)
professionals who do the hands-on work of completing the tasks in a Scrum sprint
by lending their expertise to program, design, or improve products - CORRECT
ANSWER Development Team (Scrum Role)
software development methodology that focuses on further isolating risk to the
level of an individual feature - CORRECT ANSWER Lean Development
a variation of the waterfall model, where the stage is turned back upwards after
the coding phase - CORRECT ANSWER V-Model
, an Agile methodology that is intended to improve software quality and
responsiveness - CORRECT ANSWER Extreme Programming (XP)
ensures that the stakeholder security requirements necessary to protect the
organization's mission and business processes are adequately addressed -
CORRECT ANSWER Software Security Architect
an expert on promoting security awareness, best practices, and simplifying
software security - CORRECT ANSWER Software Security Champion
an expert to promote awareness of products to the wider software community -
CORRECT ANSWER Software Security Evangelist
describe what the system will do and its core purpose - CORRECT ANSWER
Functional Requirements
describe any constraints or restrictions on a design but do not impact the core
purpose of the system - CORRECT ANSWER Non-Functional Requirements
process that evaluates issues and privacy impact rating in relation to the privacy of
PII in the software - CORRECT ANSWER Privacy Impact Assessment
helps to determine the actual cost of the product from different perspectives -
CORRECT ANSWER Product Risk Profile
Verified Answers
planning - a vision and next steps are created - CORRECT ANSWER SDLC Phase 1
requirements - necessary software requirements are determined - CORRECT
ANSWER SDLC Phase 2
design - requirements are prepared for the technical design - CORRECT ANSWER
SDLC Phase 3
implementation - the resources involved in the application from a known resource
are determined - CORRECT ANSWER SDLC Phase 4
testing - software is tested to verify its functions through a known environment -
CORRECT ANSWER SDLC Phase 5
deployment - security is pushed out - CORRECT ANSWER SDLC Phase 6
maintenance - ongoing security monitoring is implemented - CORRECT ANSWER
SDLC Phase 7
end of life - the proper steps for removing software completely are considered -
CORRECT ANSWER SDLC Phase 8
,a study of real-world software security that allows you to develop your software
security over time - CORRECT ANSWER BSIMM
flexible framework for building security into a software development organization
- CORRECT ANSWER OWASP SAMM
the analysis of computer software that is performed without executing programs -
CORRECT ANSWER Static Analysis
the analysis of computer software that is performed when executing programs on
a real or virtual processor in real time - CORRECT ANSWER Dynamic Analysis
automated or semi-automated testing that provides invalid, unexpected, or
random data to the computer software program - CORRECT ANSWER Fuzz Testing
software development methodology that breaks down development activities into
linear sequential phases; each phase depends on the deliverables of the previous
one and corresponds to a specialization of tasks - CORRECT ANSWER Waterfall
Development
plan -> build -> test -> review -> deploy - CORRECT ANSWER Waterfall Phases
(typical)
each phase of a project is broken down into its own waterfall phases - CORRECT
ANSWER Iterative Waterfall Development
,software development methodology that delivers functionality in rapid iterations
called timeboxes, requiring limited planning but frequent communication -
CORRECT ANSWER Agile Development
framework for Agile that prescribes for teams to break work into goals to be
completed within sprints - CORRECT ANSWER Scrum
responsible for ensuring a Scrum team is operating as effectively as possible by
keeping the team on track, planning and leading meetings, and working out any
obstacles the team might face - CORRECT ANSWER Scrum Master (Scrum Role)
ensures the Scrum team aligns with overall product goals by managing the
product backlog by ordering work by priority, setting the product vision for the
team, and communicating with external stakeholders to translate their needs to
the team - CORRECT ANSWER Product Owner (Scrum Role)
professionals who do the hands-on work of completing the tasks in a Scrum sprint
by lending their expertise to program, design, or improve products - CORRECT
ANSWER Development Team (Scrum Role)
software development methodology that focuses on further isolating risk to the
level of an individual feature - CORRECT ANSWER Lean Development
a variation of the waterfall model, where the stage is turned back upwards after
the coding phase - CORRECT ANSWER V-Model
, an Agile methodology that is intended to improve software quality and
responsiveness - CORRECT ANSWER Extreme Programming (XP)
ensures that the stakeholder security requirements necessary to protect the
organization's mission and business processes are adequately addressed -
CORRECT ANSWER Software Security Architect
an expert on promoting security awareness, best practices, and simplifying
software security - CORRECT ANSWER Software Security Champion
an expert to promote awareness of products to the wider software community -
CORRECT ANSWER Software Security Evangelist
describe what the system will do and its core purpose - CORRECT ANSWER
Functional Requirements
describe any constraints or restrictions on a design but do not impact the core
purpose of the system - CORRECT ANSWER Non-Functional Requirements
process that evaluates issues and privacy impact rating in relation to the privacy of
PII in the software - CORRECT ANSWER Privacy Impact Assessment
helps to determine the actual cost of the product from different perspectives -
CORRECT ANSWER Product Risk Profile
