5/28/25, 12:52 AM D487: Secure Software Design
Correct 58
Incorrect 00
58 Correct terms
Questions and answers
1 of 58
Term
A software security team member has been tasked with creating a
deliverable that provides details on where and to what degree
sensitive customer information is collected, stored, or created within a
new product offering.What does the team member need to deliver in
order to meet the objective?
Threat profile
Privacy impact assessment
,5/28/25, 12:52 AM D487: Secure Software Design
Metrics template
SDL project plan
Give this one a go later!
Privacy impact assessment
A security assessment deliverable that estimates the actual cost of the product
Looking at products from different perspectives allows management to determine
the actual cost of a product, which includes selling it in different markets, and
liabilities that might be incurred.
Estimate the actual cost of the product
Map security activities to the development schedule
Guide security activities to protect the product from vulnerabilities
Identify dependence on unmanaged software
The product risk profile helps management see the actual cost of a product.
The SDL project outline maps security activities to the development schedule.
A threat profile guides the security team on how to protect the product from
threats.
The third-party software list identifies all components the product is using that are
managed outside the organization.
Security that deals with securing the foundational programmatic logic of the
underlying software
Software security focuses on the early stages of the software development life
cycle (SDLC) and the underlying code of a given application.
Don't know?
,5/28/25, 12:52 AM D487: Secure Software Design
2 of 58
Term
A software security team member has been tasked with creating a
threat model for the login process of a new product.What is the first
step the team member should take?
Identify threats
Survey the application
Decompose the application
Identify security objectives
Give this one a go later!
To ensure that security is built into the product from the start
To correctly and cost-effectively introduce security into the software development
life cycle, it needs to be done early.
Threat profile
Threat profiles created in the Security Assessment phase are used to build the
environment in which the product will operate and will include potential threats in
order to determine how to avoid them in the final application.
Order is decided based on value of the items being delivered
Order is decided based on the value of the item/requirement in the backlog as it
helps business when the item is done and business can start using it. The Product
Owner decides the order of items in the backlog.
, 5/28/25, 12:52 AM D487: Secure Software Design
Identify security objectives
An organization must pinpoint what their highest leverage of security
objectives is before the software security team can begin creating the threat
model for the product.
Don't know?
3 of 58
Term
What ensures that the user has the appropriate role and privilege to
view data?
Authentication
Multi-factor authentication
Encryption
Information security
Authorization
Give this one a go later!
Deploy Beta testing
During this phase, the penetration Beta testing samples the intended
test is executed, and any issues will audience to try the product out and
be resolved. analyze its functionality.
Integrity
The data must remain unchanged by
Correct 58
Incorrect 00
58 Correct terms
Questions and answers
1 of 58
Term
A software security team member has been tasked with creating a
deliverable that provides details on where and to what degree
sensitive customer information is collected, stored, or created within a
new product offering.What does the team member need to deliver in
order to meet the objective?
Threat profile
Privacy impact assessment
,5/28/25, 12:52 AM D487: Secure Software Design
Metrics template
SDL project plan
Give this one a go later!
Privacy impact assessment
A security assessment deliverable that estimates the actual cost of the product
Looking at products from different perspectives allows management to determine
the actual cost of a product, which includes selling it in different markets, and
liabilities that might be incurred.
Estimate the actual cost of the product
Map security activities to the development schedule
Guide security activities to protect the product from vulnerabilities
Identify dependence on unmanaged software
The product risk profile helps management see the actual cost of a product.
The SDL project outline maps security activities to the development schedule.
A threat profile guides the security team on how to protect the product from
threats.
The third-party software list identifies all components the product is using that are
managed outside the organization.
Security that deals with securing the foundational programmatic logic of the
underlying software
Software security focuses on the early stages of the software development life
cycle (SDLC) and the underlying code of a given application.
Don't know?
,5/28/25, 12:52 AM D487: Secure Software Design
2 of 58
Term
A software security team member has been tasked with creating a
threat model for the login process of a new product.What is the first
step the team member should take?
Identify threats
Survey the application
Decompose the application
Identify security objectives
Give this one a go later!
To ensure that security is built into the product from the start
To correctly and cost-effectively introduce security into the software development
life cycle, it needs to be done early.
Threat profile
Threat profiles created in the Security Assessment phase are used to build the
environment in which the product will operate and will include potential threats in
order to determine how to avoid them in the final application.
Order is decided based on value of the items being delivered
Order is decided based on the value of the item/requirement in the backlog as it
helps business when the item is done and business can start using it. The Product
Owner decides the order of items in the backlog.
, 5/28/25, 12:52 AM D487: Secure Software Design
Identify security objectives
An organization must pinpoint what their highest leverage of security
objectives is before the software security team can begin creating the threat
model for the product.
Don't know?
3 of 58
Term
What ensures that the user has the appropriate role and privilege to
view data?
Authentication
Multi-factor authentication
Encryption
Information security
Authorization
Give this one a go later!
Deploy Beta testing
During this phase, the penetration Beta testing samples the intended
test is executed, and any issues will audience to try the product out and
be resolved. analyze its functionality.
Integrity
The data must remain unchanged by
