1|Page
D487 BSIMM AND ISO 27001 Practice Unanswered
Questions / D487 Secure Software Design Exam
What is the study of real-world software security initiatives organized so
companies can measure their initiatives and understand how to evolve
them over time?
-Building Security in Maturity Model (BSIMM)
-Security features and design
-OWASP Software Assurance Maturity Model (SAMM)
-ISO 27001 - ANSWER --Building Security in Maturity Model (BSIMM)
What is the analysis of computer software that is performed without
executing programs?
-static analysis
-fuzzing
-dynamic analysis
-owasp zap - ANSWER --static analysis
what iso standard is the benchmark for information security today?
-iso 27001
-iso 7799
,2|Page
-iso 27034
-iso 8601 - ANSWER --iso 27001
what is the analysis of computer software that is performed by
executing programs on a real or virtual processor in real time?
-dynamic analysis
-static analysis
-fuzzing
-security testing - ANSWER --dynamic analysis
which person is responsible for designing, planning, and implementing
secure coding practices and security testing methodologies?
-software security architect
-product security developer
-software security champion
-software tester - ANSWER --software security architect
what is a list of information security vulnerabilities that aims to provide
names for publicly known problems?
-common computer vulnerabilities and exposures (CVE)
- SANS institute top cyber security risks
-bugtraq
, 3|Page
- Carnegie melon computer emergency readiness team (CERT) -
ANSWER --common computer vulnerabilities and exposures (CVE)
which secure coding best practice uses well-tested, publicly available
algorithms to hide product data from unauthorized access?
-access control
-authentication and password management
-cryptographic practices
-data protection - ANSWER --cryptographic practices
which secure coding best practice ensures servers, frameworks, and
system components are all running the latest approved versions?
-file management
-input validation
-database security
-system configuration - ANSWER --system configuration
Which secure coding best practice says to use parameterized queries,
encrypted connection strings stored in separate configuration files, and
strong passwords or multi-factor authentication?
-access control
-database security
-file management
D487 BSIMM AND ISO 27001 Practice Unanswered
Questions / D487 Secure Software Design Exam
What is the study of real-world software security initiatives organized so
companies can measure their initiatives and understand how to evolve
them over time?
-Building Security in Maturity Model (BSIMM)
-Security features and design
-OWASP Software Assurance Maturity Model (SAMM)
-ISO 27001 - ANSWER --Building Security in Maturity Model (BSIMM)
What is the analysis of computer software that is performed without
executing programs?
-static analysis
-fuzzing
-dynamic analysis
-owasp zap - ANSWER --static analysis
what iso standard is the benchmark for information security today?
-iso 27001
-iso 7799
,2|Page
-iso 27034
-iso 8601 - ANSWER --iso 27001
what is the analysis of computer software that is performed by
executing programs on a real or virtual processor in real time?
-dynamic analysis
-static analysis
-fuzzing
-security testing - ANSWER --dynamic analysis
which person is responsible for designing, planning, and implementing
secure coding practices and security testing methodologies?
-software security architect
-product security developer
-software security champion
-software tester - ANSWER --software security architect
what is a list of information security vulnerabilities that aims to provide
names for publicly known problems?
-common computer vulnerabilities and exposures (CVE)
- SANS institute top cyber security risks
-bugtraq
, 3|Page
- Carnegie melon computer emergency readiness team (CERT) -
ANSWER --common computer vulnerabilities and exposures (CVE)
which secure coding best practice uses well-tested, publicly available
algorithms to hide product data from unauthorized access?
-access control
-authentication and password management
-cryptographic practices
-data protection - ANSWER --cryptographic practices
which secure coding best practice ensures servers, frameworks, and
system components are all running the latest approved versions?
-file management
-input validation
-database security
-system configuration - ANSWER --system configuration
Which secure coding best practice says to use parameterized queries,
encrypted connection strings stored in separate configuration files, and
strong passwords or multi-factor authentication?
-access control
-database security
-file management
