Questions and Answers (2026/2027) |
Accurate Solutions | A+
• Which post-release support activity defines the process to
communicate, identify, and alleviate security threats? -✓✓PRSA1:
External vulnerability disclosure response
• What are two core practice areas of the OWASP Security Assurance
Maturity Model (OpenSAMM)? -✓✓Governance, Construction
• Which practice in the Ship (A5) phase of the security development
cycle uses tools to identify weaknesses in the product? -
✓✓Vulnerability scan
• Which post-release support activity should be completed when
companies are joining together? -✓✓Security architectural reviews
• Which of the Ship (A5) deliverables of the security development cycle
are performed during the A5 policy compliance analysis? -✓✓Analyze
activities and standards
• Which of the Ship (A5) deliverables of the security development cycle
are performed during the code-assisted penetration testing? -✓✓white-
box security test
,• Which of the Ship (A5) deliverables of the security development cycle
are performed during the open-source licensing review? -✓✓license
compliance
• Which of the Ship (A5) deliverables of the security development cycle
are performed during the final security review? -✓✓Release and ship
• How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on agile? -✓✓iterative
development
• How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on devops? -
✓✓continuous integration and continuous deployments
• How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on cloud? -✓✓API
invocation processes
• How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on digital enterprise? -
✓✓enables and improves business activities
• Which phase of penetration testing allows for remediation to be
performed? -✓✓Deploy
, • Which key deliverable occurs during post-release support? -✓✓third-
party reviews
• Which business function of OpenSAMM is associated with
governance? -✓✓Policy and compliance
• Which business function of OpenSAMM is associated with
construction? -✓✓Threat assessment
• Which business function of OpenSAMM is associated with
verification? -✓✓Code review
• Which business function of OpenSAMM is associated with
deployment? -✓✓Vulnerability management
• What is the product risk profile? -✓✓A security assessment
deliverable that estimates the actual cost of the product.
• A software security team member has been tasked with creating a
deliverable that provides details on where and to what degree sensitive
customer information is collected, stored, or created within a new
product offering. What does the team member need to deliver in order to
meet the objective? -✓✓Privacy impact assessment