WGU D487 STUDY Questions with verified answers
1. How does a programmer use Data Flow Diagrams in developing software?
Ans✓✓✓ data flow diagramming provides structure before coding begins and is
one of the most helpful application architecture diagrams. Agile Development:
allows developers to better visualize requirements as they build on existing wor
1. What should a Privacy Impact Assessment include? Ans✓✓✓ A privacy impact
assessment (PIA) is an analysis of how personally identifiable information (PII) is
handled to ensure compliance with appropriate regulations, determine the
privacy risks associated with information systems or activities, and evaluate ways
to reduce the privacy risks.
agile Ans✓✓✓ flexible, time boxed sprints, easy to revise during
Agile Development Ans✓✓✓ A software development methodology that delivers
functionality in rapid iterations, measured in weeks, requiring frequent
communication, development, testing, and delivery.
Black-box Ans✓✓✓ a testing technique in which the internal workings of the
software are not known to the tester.
bucket Ans✓✓✓ a data type that groups objects together
Building Security In Maturity Model (BSIMM) Ans✓✓✓ A study of real-world
software security initiatives organized so that you can determine where you stand
with your software security initiative and how to evolve your efforts over time
, change management processes Ans✓✓✓ request, impact analysis,
approve/deny, implement, review
code review process Ans✓✓✓ two or more independent security people look
over the code for bugs
Communication security Ans✓✓✓ New standard for managing traffic and
sessions
Core OpenSAMM activities Ans✓✓✓ Governance
Construction
Verification
Deployment
CVE Ans✓✓✓ common vul exposures. provides identifiers for threats so you can
be alterted if it's on your system
cvss Ans✓✓✓ how serious the threat is from the vendor
Daily scrum Ans✓✓✓ daily time-boxed event of 15 minutes, or less, for the
Development Team to re-plan the next day of development work during a Sprint.
Updates are reflected in the Sprint Backlog.
Data classification requirement Ans✓✓✓ credit cards, pii, phi
DREAD Ans✓✓✓ D - Damage potential
1. How does a programmer use Data Flow Diagrams in developing software?
Ans✓✓✓ data flow diagramming provides structure before coding begins and is
one of the most helpful application architecture diagrams. Agile Development:
allows developers to better visualize requirements as they build on existing wor
1. What should a Privacy Impact Assessment include? Ans✓✓✓ A privacy impact
assessment (PIA) is an analysis of how personally identifiable information (PII) is
handled to ensure compliance with appropriate regulations, determine the
privacy risks associated with information systems or activities, and evaluate ways
to reduce the privacy risks.
agile Ans✓✓✓ flexible, time boxed sprints, easy to revise during
Agile Development Ans✓✓✓ A software development methodology that delivers
functionality in rapid iterations, measured in weeks, requiring frequent
communication, development, testing, and delivery.
Black-box Ans✓✓✓ a testing technique in which the internal workings of the
software are not known to the tester.
bucket Ans✓✓✓ a data type that groups objects together
Building Security In Maturity Model (BSIMM) Ans✓✓✓ A study of real-world
software security initiatives organized so that you can determine where you stand
with your software security initiative and how to evolve your efforts over time
, change management processes Ans✓✓✓ request, impact analysis,
approve/deny, implement, review
code review process Ans✓✓✓ two or more independent security people look
over the code for bugs
Communication security Ans✓✓✓ New standard for managing traffic and
sessions
Core OpenSAMM activities Ans✓✓✓ Governance
Construction
Verification
Deployment
CVE Ans✓✓✓ common vul exposures. provides identifiers for threats so you can
be alterted if it's on your system
cvss Ans✓✓✓ how serious the threat is from the vendor
Daily scrum Ans✓✓✓ daily time-boxed event of 15 minutes, or less, for the
Development Team to re-plan the next day of development work during a Sprint.
Updates are reflected in the Sprint Backlog.
Data classification requirement Ans✓✓✓ credit cards, pii, phi
DREAD Ans✓✓✓ D - Damage potential
