D487 - Secure Software Design Flashcards I
Western Governors University / D 487
WGU D487 PRE-ASSESSMENT: SECURE SOFTWARE DESIGN
(KEO1) (PKEO
Students also studied
WGU D684 Steps System Design Roadmap.sh
Cell
51 terms 7 terms 147 terms
46 term:
hol
christianarmstrong64 Preview ramin shahab01 Preview sdc2168 Preview
Terms in this set (1286)
What is the study of real-world software security A) Building Security in Maturity Model (BSIMM)
initiatives organized so companies can measure their
initiatives and understand how to evolve them over
time?
A) Building Security in Maturity Model (BSIMM)
B) Security features and design
C) OWASP Software Assurance Maturity Model (SAMM)
D) ISO 27001
A) Static analysis
What is the analysis of computer software that is
performed without executing programs?
A) Static analysis
B) Fuzzing
C) Dynamic analysis
D) OWASP ZAP
A) iso 27001
What iso standard is the benchmark for information
security today?
A) iso/iec 27001
B) iso/iec 7799
C) iso/iec 27034
D) iso 8601
1/27
, D487 - Secure Software Design Flashcards
A) dynamic analysis
what is the analysis of computer software that is
performed by executing programs on a real or virtual
processor in real time?
A) dynamic analysis
B) static analysis
C) fuzzing
D) security testing
A) software security architect
which person is responsible for designing, planning, and
implementing secure coding practices and security
testing methodologies?
A) software security architect
B) product security developer
C) software security champion
D) software tester
A) Waterfall
A company is preparing to add a new feature to its
flagship software product. The new feature is similar to
features that have been added in previous years, and
the requirements are well-documented. The project is
expected to last three to four months, at which time the
new feature will be released to customers. Project team
members will focus solely on the new feature until the
project ends.
Which software development methodology is being
Used?
A) Waterfall
B) Agile
C) Scrum
D) Extreme programming
A) Principle of least privilege
A new product will require an administration section for
a small number of users. Normal users will be able to
view limited customer information and should not see
admin functionality within the application.
Which concept is being used?
A) Principle of least privilege
B) Privacy
C) Software security champion
D) Elevation of privilege
2/27
, D487 - Secure Software Design Flashcards
A) Analyzing the target
The software security team is currently working to
identify approaches for input validation,
authentication, authorization, and configuration
management of a new software product so they can
deliver a security profile.
Which threat modeling step is being described?
A) Analyzing the target
B) Drawing data flow diagram
C) Rating threats
D) Identifying and documenting threats
A) Daily scrum
The scrum team is attending their morning meeting,
which is scheduled at the beginning of the work day. Each
team member reports what they accomplished
yesterday, what they plan to accomplish today, and if
they have any impediments that may cause them to miss
their delivery deadline.
Which scrum ceremony is the team participating in?
A) Daily scrum
B) Sprint review
C) Sprint retrospective
D) Sprint planning
A) common computer vulnerabilities and exposures (CVE)
what is a list of information security vulnerabilities that
aims to provide names for publicly known problems?
A) common computer vulnerabilities and exposures
(CVE)
B) SANS institute top cyber security risks
C) bugtraq
D) Carnegie melon computer emergency readiness
team (CERT)
C) cryptographic practices
which secure coding best practice uses well-tested,
publicly available algorithms to hide product data from
unauthorized access?
A) access control
B) authentication and password management
C) cryptographic practices
D) data protection
3/27
Western Governors University / D 487
WGU D487 PRE-ASSESSMENT: SECURE SOFTWARE DESIGN
(KEO1) (PKEO
Students also studied
WGU D684 Steps System Design Roadmap.sh
Cell
51 terms 7 terms 147 terms
46 term:
hol
christianarmstrong64 Preview ramin shahab01 Preview sdc2168 Preview
Terms in this set (1286)
What is the study of real-world software security A) Building Security in Maturity Model (BSIMM)
initiatives organized so companies can measure their
initiatives and understand how to evolve them over
time?
A) Building Security in Maturity Model (BSIMM)
B) Security features and design
C) OWASP Software Assurance Maturity Model (SAMM)
D) ISO 27001
A) Static analysis
What is the analysis of computer software that is
performed without executing programs?
A) Static analysis
B) Fuzzing
C) Dynamic analysis
D) OWASP ZAP
A) iso 27001
What iso standard is the benchmark for information
security today?
A) iso/iec 27001
B) iso/iec 7799
C) iso/iec 27034
D) iso 8601
1/27
, D487 - Secure Software Design Flashcards
A) dynamic analysis
what is the analysis of computer software that is
performed by executing programs on a real or virtual
processor in real time?
A) dynamic analysis
B) static analysis
C) fuzzing
D) security testing
A) software security architect
which person is responsible for designing, planning, and
implementing secure coding practices and security
testing methodologies?
A) software security architect
B) product security developer
C) software security champion
D) software tester
A) Waterfall
A company is preparing to add a new feature to its
flagship software product. The new feature is similar to
features that have been added in previous years, and
the requirements are well-documented. The project is
expected to last three to four months, at which time the
new feature will be released to customers. Project team
members will focus solely on the new feature until the
project ends.
Which software development methodology is being
Used?
A) Waterfall
B) Agile
C) Scrum
D) Extreme programming
A) Principle of least privilege
A new product will require an administration section for
a small number of users. Normal users will be able to
view limited customer information and should not see
admin functionality within the application.
Which concept is being used?
A) Principle of least privilege
B) Privacy
C) Software security champion
D) Elevation of privilege
2/27
, D487 - Secure Software Design Flashcards
A) Analyzing the target
The software security team is currently working to
identify approaches for input validation,
authentication, authorization, and configuration
management of a new software product so they can
deliver a security profile.
Which threat modeling step is being described?
A) Analyzing the target
B) Drawing data flow diagram
C) Rating threats
D) Identifying and documenting threats
A) Daily scrum
The scrum team is attending their morning meeting,
which is scheduled at the beginning of the work day. Each
team member reports what they accomplished
yesterday, what they plan to accomplish today, and if
they have any impediments that may cause them to miss
their delivery deadline.
Which scrum ceremony is the team participating in?
A) Daily scrum
B) Sprint review
C) Sprint retrospective
D) Sprint planning
A) common computer vulnerabilities and exposures (CVE)
what is a list of information security vulnerabilities that
aims to provide names for publicly known problems?
A) common computer vulnerabilities and exposures
(CVE)
B) SANS institute top cyber security risks
C) bugtraq
D) Carnegie melon computer emergency readiness
team (CERT)
C) cryptographic practices
which secure coding best practice uses well-tested,
publicly available algorithms to hide product data from
unauthorized access?
A) access control
B) authentication and password management
C) cryptographic practices
D) data protection
3/27
