D487 PA || Solved Correctly.
BSIMM(Building Security In Maturity Model) correct answers real world software security
initiatives organized so companies can measure their initiatives and understand how to evolve
them over time
Software Security Architect correct answers designing, planning, and implementing secure
coding practices and security testing methodologies
Waterfall development methodology correct answers A development model in which each phase
contains a list of activities that must be performed and documented before the next phase begins.
Agile Development Model correct answers Iterative Development.
Deliver Value Faster
Threat Modeling Steps correct answers 1. Identify Assets
2. Outline Architecture
3. Decompose the App
4. Identify Threats
5. Classify and Structure Threats
6. Rate Severity of Threats
Daily Scrum correct answers A short meeting in which the team shares progress and challenges
cryptographic practices correct answers secure coding practice that uses well-tested, publicly
available algorithms to hide product data from unauthorized access
System Configuration correct answers secure coding best practice ensures servers, frameworks,
and system components are all running the latest approved versions
, Database Security correct answers secure coding best practice, parametrized queries, encrypted
connection strings stored in separate configuration files, and strong passwords/MFA
Communication Security correct answers secure coding best practice, says that all info passed to
other systems should be encrypted
STRIDE Methodology correct answers A2 - architecture
characterizing known threats according to the kinds of exploit that are used (or motivation of the
attacker).
Architecture analysis correct answers create data flow diagrams, threat review, security
assessment
DREAD categories correct answers Damage, Reproducibility, Exploitability/Vulnerability,
Affected users, Discoverability
countermeasure to web application security frame (ASF) configuration management threat
category? correct answers service accounts have no admin capabilities
Compliance Requirements correct answers specifies that file formats the app sends to financial
institutions must be certified every four years
Privacy control requirements correct answers defines how personal info is protected on devices
used by more than a single associate
PASTA (threat modeling) correct answers A2 - architecture
define objectives
define technical scope
decompose the app
analyze the threats
BSIMM(Building Security In Maturity Model) correct answers real world software security
initiatives organized so companies can measure their initiatives and understand how to evolve
them over time
Software Security Architect correct answers designing, planning, and implementing secure
coding practices and security testing methodologies
Waterfall development methodology correct answers A development model in which each phase
contains a list of activities that must be performed and documented before the next phase begins.
Agile Development Model correct answers Iterative Development.
Deliver Value Faster
Threat Modeling Steps correct answers 1. Identify Assets
2. Outline Architecture
3. Decompose the App
4. Identify Threats
5. Classify and Structure Threats
6. Rate Severity of Threats
Daily Scrum correct answers A short meeting in which the team shares progress and challenges
cryptographic practices correct answers secure coding practice that uses well-tested, publicly
available algorithms to hide product data from unauthorized access
System Configuration correct answers secure coding best practice ensures servers, frameworks,
and system components are all running the latest approved versions
, Database Security correct answers secure coding best practice, parametrized queries, encrypted
connection strings stored in separate configuration files, and strong passwords/MFA
Communication Security correct answers secure coding best practice, says that all info passed to
other systems should be encrypted
STRIDE Methodology correct answers A2 - architecture
characterizing known threats according to the kinds of exploit that are used (or motivation of the
attacker).
Architecture analysis correct answers create data flow diagrams, threat review, security
assessment
DREAD categories correct answers Damage, Reproducibility, Exploitability/Vulnerability,
Affected users, Discoverability
countermeasure to web application security frame (ASF) configuration management threat
category? correct answers service accounts have no admin capabilities
Compliance Requirements correct answers specifies that file formats the app sends to financial
institutions must be certified every four years
Privacy control requirements correct answers defines how personal info is protected on devices
used by more than a single associate
PASTA (threat modeling) correct answers A2 - architecture
define objectives
define technical scope
decompose the app
analyze the threats
