WGU D487 SECURE SW DESIGN OA EXAM 2024 ACTUAL EXAM COM-
PLETE ACCURATE EXAM QUESTIONS WITH DETAILED VERIFIED AN-
SWERS
Study online at https://quizlet.com/_g6hbj0
1. Which practice in the Ship (A5) phase of the secu- A5 policy compli-
rity development cycle verifies whether the product ance analysis
meets security mandates?
2. Which post-release support activity defines the PRSA1: External
process to communicate, identify, and alleviate secu- vulnerability dis-
rity threats? closure response
3. What are two core practice areas of the OWASP Se- Governance, Con-
curity Assurance Maturity Model (OpenSAMM)? struction
4. Which practice in the Ship (A5) phase of the security Vulnerability scan
development cycle uses tools to identify weaknesses
in the product?
5. Which post-release support activity should be com- Security architec-
pleted when companies are joining together? tural reviews
6. Which of the Ship (A5) deliverables of the security de- Analyze activities
velopment cycle are performed during the A5 policy and standards
compliance analysis?
7. Which of the Ship (A5) deliverables of the security white-box security
development cycle are performed during the code-as- test
sisted penetration testing?
8. Which of the Ship (A5) deliverables of the secu- license compli-
rity development cycle are performed during the ance
open-source licensing review?
9. Which of the Ship (A5) deliverables of the security Release and ship
development cycle are performed during the final se-
curity review?
10. How can you establish your own SDL to build security iterative develop-
into a process appropriate for your organization's ment
needs based on agile?
, WGU D487 SECURE SW DESIGN OA EXAM 2024 ACTUAL EXAM COM-
PLETE ACCURATE EXAM QUESTIONS WITH DETAILED VERIFIED AN-
SWERS
Study online at https://quizlet.com/_g6hbj0
11. How can you establish your own SDL to build security continuous inte-
into a process appropriate for your organization's gration and contin-
needs based on devops? uous deployments
12. How can you establish your own SDL to build security API invocation
into a process appropriate for your organization's processes
needs based on cloud?
13. How can you establish your own SDL to build security enables and im-
into a process appropriate for your organization's proves business
needs based on digital enterprise? activities
14. Which phase of penetration testing allows for reme- Deploy
diation to be performed?
15. Which key deliverable occurs during post-release third-party reviews
support?
16. Which business function of OpenSAMM is associated Policy and compli-
with governance? ance
17. Which business function of OpenSAMM is associated Threat assess-
with construction? ment
18. Which business function of OpenSAMM is associated Code review
with verification?
19. Which business function of OpenSAMM is associated Vulnerability man-
with deployment? agement
20. What is the product risk profile? A security assess-
ment deliverable
that estimates the
actual cost of the
product.
21. A software security team member has been tasked Privacy impact as-
with creating a deliverable that provides details on sessment
where and to what degree sensitive customer infor-
, WGU D487 SECURE SW DESIGN OA EXAM 2024 ACTUAL EXAM COM-
PLETE ACCURATE EXAM QUESTIONS WITH DETAILED VERIFIED AN-
SWERS
Study online at https://quizlet.com/_g6hbj0
mation is collected, stored, or created within a new
product offering. What does the team member need
to deliver in order to meet the objective?
22. What is the first phase in the security development A1 Security As-
life cycle? sessment
23. What are the three areas of compliance require- Legal, financial,
ments? and industry stan-
dards
24. What term refers to how the system should function operational re-
based on the environment in which the system will quirements
operate?
25. During what phase of SDL do all key stakeholders A1 Security As-
discuss, identify, and have common understandings sessment
of the security and privacy implications, considera-
tions, and requirements?
26. What are the three areas of focus in secure software Gathering the
requirements? software require-
ments, data clas-
sification, and
managing data
protection require-
ments
27. During what phase of SDL is an initial project outline A1 Security As-
for security milestones developed and integrated into sessment
the development project schedule?
28. What term means requirements that describe what functional require-
the system will do and its core purpose? ments
29. What term means requirements that describe any non-functional re-
constraints or restrictions on a design but do not quirements
impact the core purpose of the system
PLETE ACCURATE EXAM QUESTIONS WITH DETAILED VERIFIED AN-
SWERS
Study online at https://quizlet.com/_g6hbj0
1. Which practice in the Ship (A5) phase of the secu- A5 policy compli-
rity development cycle verifies whether the product ance analysis
meets security mandates?
2. Which post-release support activity defines the PRSA1: External
process to communicate, identify, and alleviate secu- vulnerability dis-
rity threats? closure response
3. What are two core practice areas of the OWASP Se- Governance, Con-
curity Assurance Maturity Model (OpenSAMM)? struction
4. Which practice in the Ship (A5) phase of the security Vulnerability scan
development cycle uses tools to identify weaknesses
in the product?
5. Which post-release support activity should be com- Security architec-
pleted when companies are joining together? tural reviews
6. Which of the Ship (A5) deliverables of the security de- Analyze activities
velopment cycle are performed during the A5 policy and standards
compliance analysis?
7. Which of the Ship (A5) deliverables of the security white-box security
development cycle are performed during the code-as- test
sisted penetration testing?
8. Which of the Ship (A5) deliverables of the secu- license compli-
rity development cycle are performed during the ance
open-source licensing review?
9. Which of the Ship (A5) deliverables of the security Release and ship
development cycle are performed during the final se-
curity review?
10. How can you establish your own SDL to build security iterative develop-
into a process appropriate for your organization's ment
needs based on agile?
, WGU D487 SECURE SW DESIGN OA EXAM 2024 ACTUAL EXAM COM-
PLETE ACCURATE EXAM QUESTIONS WITH DETAILED VERIFIED AN-
SWERS
Study online at https://quizlet.com/_g6hbj0
11. How can you establish your own SDL to build security continuous inte-
into a process appropriate for your organization's gration and contin-
needs based on devops? uous deployments
12. How can you establish your own SDL to build security API invocation
into a process appropriate for your organization's processes
needs based on cloud?
13. How can you establish your own SDL to build security enables and im-
into a process appropriate for your organization's proves business
needs based on digital enterprise? activities
14. Which phase of penetration testing allows for reme- Deploy
diation to be performed?
15. Which key deliverable occurs during post-release third-party reviews
support?
16. Which business function of OpenSAMM is associated Policy and compli-
with governance? ance
17. Which business function of OpenSAMM is associated Threat assess-
with construction? ment
18. Which business function of OpenSAMM is associated Code review
with verification?
19. Which business function of OpenSAMM is associated Vulnerability man-
with deployment? agement
20. What is the product risk profile? A security assess-
ment deliverable
that estimates the
actual cost of the
product.
21. A software security team member has been tasked Privacy impact as-
with creating a deliverable that provides details on sessment
where and to what degree sensitive customer infor-
, WGU D487 SECURE SW DESIGN OA EXAM 2024 ACTUAL EXAM COM-
PLETE ACCURATE EXAM QUESTIONS WITH DETAILED VERIFIED AN-
SWERS
Study online at https://quizlet.com/_g6hbj0
mation is collected, stored, or created within a new
product offering. What does the team member need
to deliver in order to meet the objective?
22. What is the first phase in the security development A1 Security As-
life cycle? sessment
23. What are the three areas of compliance require- Legal, financial,
ments? and industry stan-
dards
24. What term refers to how the system should function operational re-
based on the environment in which the system will quirements
operate?
25. During what phase of SDL do all key stakeholders A1 Security As-
discuss, identify, and have common understandings sessment
of the security and privacy implications, considera-
tions, and requirements?
26. What are the three areas of focus in secure software Gathering the
requirements? software require-
ments, data clas-
sification, and
managing data
protection require-
ments
27. During what phase of SDL is an initial project outline A1 Security As-
for security milestones developed and integrated into sessment
the development project schedule?
28. What term means requirements that describe what functional require-
the system will do and its core purpose? ments
29. What term means requirements that describe any non-functional re-
constraints or restrictions on a design but do not quirements
impact the core purpose of the system
