1 | Page
D487 Questions and Correct Answers/ Latest
Update / Already Graded
What is the study of real-world software security initiatives organized so
companies can measure their initiatives and understand how to evolve them over
time?
-Building Security in Maturity Model (BSIMM)
-Security features and design
-OWASP Software Assurance Maturity Model (SAMM)
-ISO 27001
Ans: -Building Security in Maturity Model (BSIMM)
What is the analysis of computer software that is performed without executing
programs?
-static analysis
-fuzzing
-dynamic analysis
-owasp zap
Ans: -static analysis
what iso standard is the benchmark for information security today?
-iso 27001
-iso 7799
-iso 27034
-iso 8601
Ans: -iso 27001
, 2 | Page
what is the analysis of computer software that is performed by executing programs
on a real or virtual processor in real time?
-dynamic analysis
-static analysis
-fuzzing
-security testing
Ans: -dynamic analysis
which person is responsible for designing, planning, and implementing secure coding
practices and security testing methodologies?
-software security architect
-product security developer
-software security champion
-software tester
Ans: -software security architect
what is a list of information security vulnerabilities that aims to provide names for
publicly known problems?
-common computer vulnerabilities and exposures (CVE)
- SANS institute top cyber security risks
-bugtraq
- Carnegie melon computer emergency readiness team (CERT)
Ans: -common computer vulnerabilities and exposures (CVE)
which secure coding best practice uses well-tested, publicly available algorithms to
hide product data from unauthorized access?
, 3 | Page
-access control
-authentication and password management
-cryptographic practices
-data protection
Ans: -cryptographic practices
which secure coding best practice ensures servers, frameworks, and system
components are all running the latest approved versions?
-file management
-input validation
-database security
-system configuration
Ans: -system configuration
Which secure coding best practice says to use parameterized queries, encrypted
connection strings stored in separate configuration files, and strong passwords or
multi-factor authentication?
-access control
-database security
-file management
-session management
Ans: -database security
which secure coding best practice says that all information passed to other systems
should be encrypted?
-output encoding
D487 Questions and Correct Answers/ Latest
Update / Already Graded
What is the study of real-world software security initiatives organized so
companies can measure their initiatives and understand how to evolve them over
time?
-Building Security in Maturity Model (BSIMM)
-Security features and design
-OWASP Software Assurance Maturity Model (SAMM)
-ISO 27001
Ans: -Building Security in Maturity Model (BSIMM)
What is the analysis of computer software that is performed without executing
programs?
-static analysis
-fuzzing
-dynamic analysis
-owasp zap
Ans: -static analysis
what iso standard is the benchmark for information security today?
-iso 27001
-iso 7799
-iso 27034
-iso 8601
Ans: -iso 27001
, 2 | Page
what is the analysis of computer software that is performed by executing programs
on a real or virtual processor in real time?
-dynamic analysis
-static analysis
-fuzzing
-security testing
Ans: -dynamic analysis
which person is responsible for designing, planning, and implementing secure coding
practices and security testing methodologies?
-software security architect
-product security developer
-software security champion
-software tester
Ans: -software security architect
what is a list of information security vulnerabilities that aims to provide names for
publicly known problems?
-common computer vulnerabilities and exposures (CVE)
- SANS institute top cyber security risks
-bugtraq
- Carnegie melon computer emergency readiness team (CERT)
Ans: -common computer vulnerabilities and exposures (CVE)
which secure coding best practice uses well-tested, publicly available algorithms to
hide product data from unauthorized access?
, 3 | Page
-access control
-authentication and password management
-cryptographic practices
-data protection
Ans: -cryptographic practices
which secure coding best practice ensures servers, frameworks, and system
components are all running the latest approved versions?
-file management
-input validation
-database security
-system configuration
Ans: -system configuration
Which secure coding best practice says to use parameterized queries, encrypted
connection strings stored in separate configuration files, and strong passwords or
multi-factor authentication?
-access control
-database security
-file management
-session management
Ans: -database security
which secure coding best practice says that all information passed to other systems
should be encrypted?
-output encoding
