D487 Lesson 6 + 7 || with Certified Answers.
Design and Development (A3) correct answers the third phase of the security development life
cycle, in which you analyze and test software to determine security and privacy issues as you
make informed decisions moving forward with your software (any policy that exists outside of
the SDL policy is reviewed.)
alpha level testing correct answers testing done by the developers themselves
beta level testing correct answers testing done by those not familiar with the actual development
of the system (external testing)
black box testing correct answers beta level testing: testing done by those not familiar with the
actual development of the system
external resources correct answers resources hired on a temporary basis to come into a project,
test the application, and report findings
functional testing scripts correct answers step-by-step instructions for a specific scenario or
situation
gray box testing correct answers analyzes the source code for the software to help design the test
cases
internal resources correct answers resources from the company's organization
secure testing scripts correct answers scripts created specifically for the application being tested
(ongoing)
scripts correct answers detailed, logical steps of instructions to tell a person or tool what to do
during the testing
, system test correct answers test the system and its interaction with other systems
white box testing correct answers tests from an internal perspective with full knowledge of the
software
vulnerability assessments correct answers examining a product to identify security deficiencies
Which software security testing technique tests the software from an external perspective?
correct answers black box
Which security design principle states that an entity should be given the minimum privileges and
resources for a minimum period of time for a task? correct answers least privilege
Design and Development (A4) correct answers the fourth phase of the security development life
cycle, in which you will build onto the proper process of security testing and continue to analyze
necessities at the security level (any policy that exists outside the domain of the SDL policy is
reviewed)
abstract syntax tree (AST) correct answers the basis for software metrics and issues to be
generated at a later stage
active scanner correct answers modifies the hypertext transfer protocol secure (HTTPS) inputs
and analyzes the response to identify vulnerabilities
AppSec correct answers the process of finding, fixing, and preventing security vulnerabilities at
the application level (difficult to scale for large organizations.)
benchmarks correct answers tests used to compare estimates to actual results
Design and Development (A3) correct answers the third phase of the security development life
cycle, in which you analyze and test software to determine security and privacy issues as you
make informed decisions moving forward with your software (any policy that exists outside of
the SDL policy is reviewed.)
alpha level testing correct answers testing done by the developers themselves
beta level testing correct answers testing done by those not familiar with the actual development
of the system (external testing)
black box testing correct answers beta level testing: testing done by those not familiar with the
actual development of the system
external resources correct answers resources hired on a temporary basis to come into a project,
test the application, and report findings
functional testing scripts correct answers step-by-step instructions for a specific scenario or
situation
gray box testing correct answers analyzes the source code for the software to help design the test
cases
internal resources correct answers resources from the company's organization
secure testing scripts correct answers scripts created specifically for the application being tested
(ongoing)
scripts correct answers detailed, logical steps of instructions to tell a person or tool what to do
during the testing
, system test correct answers test the system and its interaction with other systems
white box testing correct answers tests from an internal perspective with full knowledge of the
software
vulnerability assessments correct answers examining a product to identify security deficiencies
Which software security testing technique tests the software from an external perspective?
correct answers black box
Which security design principle states that an entity should be given the minimum privileges and
resources for a minimum period of time for a task? correct answers least privilege
Design and Development (A4) correct answers the fourth phase of the security development life
cycle, in which you will build onto the proper process of security testing and continue to analyze
necessities at the security level (any policy that exists outside the domain of the SDL policy is
reviewed)
abstract syntax tree (AST) correct answers the basis for software metrics and issues to be
generated at a later stage
active scanner correct answers modifies the hypertext transfer protocol secure (HTTPS) inputs
and analyzes the response to identify vulnerabilities
AppSec correct answers the process of finding, fixing, and preventing security vulnerabilities at
the application level (difficult to scale for large organizations.)
benchmarks correct answers tests used to compare estimates to actual results
