D487 SECURE SOFTWARE DESIGN EXAMPREP
STUDY GUIDE 2026 TESTED ACCURATE
CONTENT
◉ What ensures that the user has the appropriate role and privilege
to view data? Answer: Authorization
◉ Which security goal is defined by "guarding against improper
information modification or destruction and ensuring information
non-repudiation and authenticity"? Answer: Integrity
◉ Which phase in an SDLC helps to define the problem and scope of
any existing systems and determine the objectives of new systems?
Answer: Planning
◉ What happens during a dynamic code review? Answer:
Programmers monitor system memory, functional behavior,
response times, and overall performance.
◉ How should you store your application user credentials in your
application database? Answer: Store credentials using salted hashes
,◉ Which software methodology resembles an assembly-line
approach? Answer: Waterfall model
◉ Which software methodology approach provides faster time to
market and higher business value? Answer: Agile model
◉ In Scrum methodology, who is responsible for making decisions
on the requirements? Answer: Product Owner
◉ What is the product risk profile? Answer: A security assessment
deliverable that estimates the actual cost of the product
◉ A software security team member has been tasked with creating a
deliverable that provides details on where and to what degree
sensitive customer information is collected, stored, or created within
a new product offering.
What does the team member need to deliver in order to meet the
objective? Answer: Privacy impact assessment
◉ A software security team member has been tasked with creating a
threat model for the login process of a new product.What is the first
step the team member should take? Answer: Identify security
objectives
, ◉ What are three parts of the STRIDE methodology? Answer:
Spoofing, Elevation, Tampering
◉ What is the reason software security teams host discovery
meetings with stakeholders early in the development life cycle?
Answer: To ensure that security is built into the product from the
start
◉ Why should a security team provide documented certification
requirements during the software assessment phase? Answer:
Depending on the environment in which the product resides,
certifications may be required by corporate or government entities
before the software can be released to customers.
◉ What are two items that should be included in the privacy impact
assessment plan regardless of which methodology is used? Answer:
Required process steps & Technologies and techniques
◉ What are the goals of each SDL deliverable? - Product Risk Profile
Answer: Estimate the actual cost of the product
◉ What are the goals of each SDL deliverable? -SDL project outline
Answer: Map security activities to the development schedule
STUDY GUIDE 2026 TESTED ACCURATE
CONTENT
◉ What ensures that the user has the appropriate role and privilege
to view data? Answer: Authorization
◉ Which security goal is defined by "guarding against improper
information modification or destruction and ensuring information
non-repudiation and authenticity"? Answer: Integrity
◉ Which phase in an SDLC helps to define the problem and scope of
any existing systems and determine the objectives of new systems?
Answer: Planning
◉ What happens during a dynamic code review? Answer:
Programmers monitor system memory, functional behavior,
response times, and overall performance.
◉ How should you store your application user credentials in your
application database? Answer: Store credentials using salted hashes
,◉ Which software methodology resembles an assembly-line
approach? Answer: Waterfall model
◉ Which software methodology approach provides faster time to
market and higher business value? Answer: Agile model
◉ In Scrum methodology, who is responsible for making decisions
on the requirements? Answer: Product Owner
◉ What is the product risk profile? Answer: A security assessment
deliverable that estimates the actual cost of the product
◉ A software security team member has been tasked with creating a
deliverable that provides details on where and to what degree
sensitive customer information is collected, stored, or created within
a new product offering.
What does the team member need to deliver in order to meet the
objective? Answer: Privacy impact assessment
◉ A software security team member has been tasked with creating a
threat model for the login process of a new product.What is the first
step the team member should take? Answer: Identify security
objectives
, ◉ What are three parts of the STRIDE methodology? Answer:
Spoofing, Elevation, Tampering
◉ What is the reason software security teams host discovery
meetings with stakeholders early in the development life cycle?
Answer: To ensure that security is built into the product from the
start
◉ Why should a security team provide documented certification
requirements during the software assessment phase? Answer:
Depending on the environment in which the product resides,
certifications may be required by corporate or government entities
before the software can be released to customers.
◉ What are two items that should be included in the privacy impact
assessment plan regardless of which methodology is used? Answer:
Required process steps & Technologies and techniques
◉ What are the goals of each SDL deliverable? - Product Risk Profile
Answer: Estimate the actual cost of the product
◉ What are the goals of each SDL deliverable? -SDL project outline
Answer: Map security activities to the development schedule
