Exam Complete Review (2026/2027) |
100% Verified Responses | A+
• Privacy Compliance Report -✓✓The _________ report should provide
progress against privacy requirements provided in earlier phases. Any
outstanding requirement should be implemented as soon as possible. It is
also prudent to assess any changes in laws/regulations to identify (and
put on a roadmap) any new requirements. A4 D&D
• Security Testing Reports -✓✓A findings summary should be prepared
for each type of security testing: manual code review, static analysis,
dynamic analysis, penetration testing, and fuzzing. The reports should
provide the type and number of issues identified and any consistent
theme that can be derived from the findings. A4 D&D
• Remediation Report -✓✓A ____ report/dashboard should be prepared
and updated regularly from this stage. The purpose of this report is to
showcase the security posture and risk of the product at a technical level.
A4 D&D
• Security Assessment
What are the key activities in the Security Assessment phase of SDL? -
✓✓SDL Phase 1 (A1) = SDLC 1 Concept
Software security team is looped in early
Security team hosts a discovery meeting
,Software security team discusses project plan
States what further work will be done
Privacy Impact Assessment (PIA) plan is created
• Architecture
What are the key activities in the Architecture phase of SDL? -✓✓SDL
Phase 2 (A2) = SDLC 2 Planning
A2 Policy compliance analysis
SDL policy assessment and scoping
Threat modeling & architecture security analysis
Open-source selection
Privacy information gathering and analysis
• Design & Development
What are the key activities in the Design & Development phase of SDL?
-✓✓SDL Phase 3 (A3) = SDLC 3 Design & Development
A3 Policy compliance analysis
Security test plan composition
Static analysis updating
Threat modeling analysis & review
Privacy implementation assessment
,• Design & Development Cont.
What are the key activities in the Design & Development Cont. phase of
SDL? -✓✓SDL Phase 4 (A4) = SDLC 4 Readiness
A4 Policy compliance analysis
Security test case execution
Static analysis
Fuzz testing
Privacy code review
Privacy validation and remediation
• Ship
What are the key activities in the Ship phase of SDL? -✓✓SDL Phase 5
(A5) = SDLC 5 Release & Launch
A5 Policy compliance analysis
Vulnerability scan
Penetration testing
Open-source licensing review
Final privacy review
• What is the purpose of the Product risk profile deliverable in Security
Assessment (A1)? -✓✓To estimate the actual cost of the product.
, • What is the goal of the SDL project outline in Security Assessment
(A1)? -✓✓To map SDL activities to the development schedule.
• Why are Applicable laws and regulations important in Security
Assessment (A1)? -✓✓To obtain formal sign-off from stakeholders on
applicable laws.
• What is the purpose of the Threat profile in Security Assessment (A1)?
-✓✓To guide SDL activities to mitigate threats.
• What is the goal of the Certification requirements deliverable in
Security Assessment (A1)? -✓✓To list requirements for product and
operations certifications.
• Why is maintaining a List of third-party software important in Security
Assessment (A1)? -✓✓To identify dependence on third-party software.
• What is the purpose of the Metrics template in Security Assessment
(A1)? -✓✓To establish a cadence for regular reporting to executives.
• What is the purpose of defining Business requirements in A2
Architecture? -✓✓To establish software requirements, including
Confidentiality, Integrity, and Availability (CIA).