D487 SECURE SOFTWARE DESIGN SCRIPT
2026 SOLVED QUESTIONS WITH FULL REVIEW
◉ What are three parts of the STRIDE methodology? Answer:
Spoofing, Elevation, Tampering
◉ What is the reason software security teams host discovery
meetings with stakeholders early in the development life cycle?
Answer: To ensure that security is built into the product from the
start
◉ Why should a security team provide documented certification
requirements during the software assessment phase? Answer:
Depending on the environment in which the product resides,
certifications may be required by corporate or government entities
before the software can be released to customers.
◉ What are two items that should be included in the privacy impact
assessment plan regardless of which methodology is used? Answer:
Required process steps & Technologies and techniques
◉ What are the goals of each SDL deliverable? - Product Risk Profile
Answer: Estimate the actual cost of the product
,◉ What are the goals of each SDL deliverable? -SDL project outline
Answer: Map security activities to the development schedule
◉ What are the goals of each SDL deliverable? - Threat profile
Answer: Guide security activities to protect the product from
vulnerabilities
◉ What are the goals of each SDL deliverable? -List of third-party
software Answer: Identify the dependence on unmanaged software
◉ What is a threat action that is designed to illegally access and use
another person's credentials? Answer: Spoofing
◉ What are two steps of the threat modeling process? Answer:
Survey The application & Decompose the application
◉ What do the "A" and the first "D" in the DREAD acronym
represent? Answer: Damage & Affected Users
◉ Which shape indicates each type of flow diagram element? -
External elements Answer: Rectangle
◉ Which shape indicates each type of flow diagram element? - Data
Store Answer: Two Parallel horizontal lines
, ◉ Which shape indicates each type of flow diagram element? - Data
Flow Answer: Solid Line with an arrow
◉ Which shape indicates each type of flow diagram element? - Trust
Boundry Answer: Dashed Line
◉ What are the two deliverables of the Architecture phase of the
SDL? Answer: Threat Modeling artifacts & Policy compliance
analysis
◉ What SDL security assessment deliverable is used as an input to
an SDL architecture process? Answer: Threat profile
◉ Which software security testing technique tests the software from
an external perspective? Answer: Black box
◉ Which security design principle states that an entity should be
given the minimum privileges and resources for a minimum period
of time for a task? Answer: Least privilege
◉ After the developer is done coding a functionality, when should
code review be completed? Answer: Within hours or the same day
2026 SOLVED QUESTIONS WITH FULL REVIEW
◉ What are three parts of the STRIDE methodology? Answer:
Spoofing, Elevation, Tampering
◉ What is the reason software security teams host discovery
meetings with stakeholders early in the development life cycle?
Answer: To ensure that security is built into the product from the
start
◉ Why should a security team provide documented certification
requirements during the software assessment phase? Answer:
Depending on the environment in which the product resides,
certifications may be required by corporate or government entities
before the software can be released to customers.
◉ What are two items that should be included in the privacy impact
assessment plan regardless of which methodology is used? Answer:
Required process steps & Technologies and techniques
◉ What are the goals of each SDL deliverable? - Product Risk Profile
Answer: Estimate the actual cost of the product
,◉ What are the goals of each SDL deliverable? -SDL project outline
Answer: Map security activities to the development schedule
◉ What are the goals of each SDL deliverable? - Threat profile
Answer: Guide security activities to protect the product from
vulnerabilities
◉ What are the goals of each SDL deliverable? -List of third-party
software Answer: Identify the dependence on unmanaged software
◉ What is a threat action that is designed to illegally access and use
another person's credentials? Answer: Spoofing
◉ What are two steps of the threat modeling process? Answer:
Survey The application & Decompose the application
◉ What do the "A" and the first "D" in the DREAD acronym
represent? Answer: Damage & Affected Users
◉ Which shape indicates each type of flow diagram element? -
External elements Answer: Rectangle
◉ Which shape indicates each type of flow diagram element? - Data
Store Answer: Two Parallel horizontal lines
, ◉ Which shape indicates each type of flow diagram element? - Data
Flow Answer: Solid Line with an arrow
◉ Which shape indicates each type of flow diagram element? - Trust
Boundry Answer: Dashed Line
◉ What are the two deliverables of the Architecture phase of the
SDL? Answer: Threat Modeling artifacts & Policy compliance
analysis
◉ What SDL security assessment deliverable is used as an input to
an SDL architecture process? Answer: Threat profile
◉ Which software security testing technique tests the software from
an external perspective? Answer: Black box
◉ Which security design principle states that an entity should be
given the minimum privileges and resources for a minimum period
of time for a task? Answer: Least privilege
◉ After the developer is done coding a functionality, when should
code review be completed? Answer: Within hours or the same day
