WGU D487 Secure COMPUTER SOFTWARE 150 QUESTIONS AND
CORRECT ANSWERS COVERING THE MOST TESTED QUESTIONS
GUARANTEE A+ GRADE
What are threat models that start with visualizing the application you are building? - correct answer -
application-centric threat modeling
During what phase of the SDL is any policy that exists outside of the SDL policy is reviewed? - correct
answer -A3 Design and Development
A software security team member has been tasked with creating a threat model for the login process of
a new product. What is the first step the team member should take? - correct answer -identify security
objectives
What is the reason software security teams host discovery meetings with stakeholders early in the
development life cycle? - correct answer -To ensure that security is built into the product from the
start
Why should a security team provide documented certification requirements during the software
assessment phase? - correct answer -Depending on the environment in which the product resides,
certifications may be required by corporate or government entities before the software can be released
to customers.
What are two items that should be included in the privacy impact assessment plan regardless of which
methodology is used? - correct answer -Required process steps, technologies and techniques
What are the goals of the product risk profile in the SDL deliverable? - correct answer -Estimate the
actual cost of the product
What are the goals of the SDL project outline in the SDL deliverable? - correct answer -map security
activities to the development schedule
What are the goals of the threat profile in the SDL deliverable? - correct answer -Guide security
activities to protect the product from vulnerabilities
, What are the goals of listing the third party software in the SDL deliverable? - correct answer -identify
dependence on unmanaged software
What is a threat action that is designed to illegally access and use another person's credentials? -
correct answer -Spoofing
Which shape indicates the external elements in the flow diagram? - correct answer -rectangle
Which shape indicates the data storage in the flow diagram? - correct answer -two parallel horizontal
lines
Which shape indicates the data flow in the flow diagram? - correct answer -single solid line with an
arrow
Which shape indicates the trust boundary in the flow diagram? - correct answer -dashed line
What are the two deliverables of the Architecture phase of the SDL? - correct answer -threat modeling
artifacts, policy compliance analysis
What SDL security assessment deliverable is used as an input to an SDL architecture process? - correct
answer -threat profile
What is alpha level testing? - correct answer -testing done by the developers themselves
What is beta level testing? - correct answer -testing done by those not familiar with the actual
development of the system
What is black box testing? - correct answer -tests from an external perspective with no prior
knowledge of the software
CORRECT ANSWERS COVERING THE MOST TESTED QUESTIONS
GUARANTEE A+ GRADE
What are threat models that start with visualizing the application you are building? - correct answer -
application-centric threat modeling
During what phase of the SDL is any policy that exists outside of the SDL policy is reviewed? - correct
answer -A3 Design and Development
A software security team member has been tasked with creating a threat model for the login process of
a new product. What is the first step the team member should take? - correct answer -identify security
objectives
What is the reason software security teams host discovery meetings with stakeholders early in the
development life cycle? - correct answer -To ensure that security is built into the product from the
start
Why should a security team provide documented certification requirements during the software
assessment phase? - correct answer -Depending on the environment in which the product resides,
certifications may be required by corporate or government entities before the software can be released
to customers.
What are two items that should be included in the privacy impact assessment plan regardless of which
methodology is used? - correct answer -Required process steps, technologies and techniques
What are the goals of the product risk profile in the SDL deliverable? - correct answer -Estimate the
actual cost of the product
What are the goals of the SDL project outline in the SDL deliverable? - correct answer -map security
activities to the development schedule
What are the goals of the threat profile in the SDL deliverable? - correct answer -Guide security
activities to protect the product from vulnerabilities
, What are the goals of listing the third party software in the SDL deliverable? - correct answer -identify
dependence on unmanaged software
What is a threat action that is designed to illegally access and use another person's credentials? -
correct answer -Spoofing
Which shape indicates the external elements in the flow diagram? - correct answer -rectangle
Which shape indicates the data storage in the flow diagram? - correct answer -two parallel horizontal
lines
Which shape indicates the data flow in the flow diagram? - correct answer -single solid line with an
arrow
Which shape indicates the trust boundary in the flow diagram? - correct answer -dashed line
What are the two deliverables of the Architecture phase of the SDL? - correct answer -threat modeling
artifacts, policy compliance analysis
What SDL security assessment deliverable is used as an input to an SDL architecture process? - correct
answer -threat profile
What is alpha level testing? - correct answer -testing done by the developers themselves
What is beta level testing? - correct answer -testing done by those not familiar with the actual
development of the system
What is black box testing? - correct answer -tests from an external perspective with no prior
knowledge of the software
