BANK 2026 QUESTIONS WITH SOLUTIONS
GRADED A+
◉ SAMM. Answer: offers a roadmap and a well-defined maturity model
for secure software development and deployment, along with useful
tools for self-assessment and planning.
◉ Core OpenSAMM activities. Answer: Governance
Construction
Verification
Deployment
◉ static analysis. Answer: Source code of an application is reviewed
manually or with automatic tools without running the code
◉ dynamic analysis. Answer: Analysis and testing of a program occurs
while it is being executed or run
◉ Fuzzing. Answer: Injection of randomized data into a software
program in an attempt to find system failures, memory leaks, error
handling issues, and improper input validation
, ◉ OWASP ZAP. Answer: -Open-source web application security
scanner-Can be used as a proxy to manipulate traffic running through it
(even https)
◉ ISO/IEC 27001. Answer: Specifies requirements for establishing,
implementing, operating, monitoring, reviewing, maintaining and
improving a documented information security management system
◉ ISO/IEC 17799. Answer: ISO/EIC is a joint committee that develops
and maintains standards in the IT industry. 17799 is an international
code of practice for information security management. This section
defines confidentiality, integrity and availability controls.
◉ ISO/IEC 27034. Answer: A standard that provides guidance to help
organizations embed security within their processes that help secure
applications running in the environment, including application lifecycle
processes
◉ Software security champion. Answer: a developer with an interest in
security who helps amplify the security message at the team level
◉ waterfall methodology. Answer: a sequential, activity-based process
in which each phase in the SDLC is performed sequentially from
planning through implementation and maintenance