D487 STUDY GUIDE 2026 TEST QUESTIONS
WITH CORRECT ANSWERS DETAILED
LEARNING RESOURCE ACCURATE
CONTENT GRADED A+
⩥ SAMM.
Answer: offers a roadmap and a well-defined maturity model for secure
software development and deployment, along with useful tools for self-
assessment and planning.
⩥ Core OpenSAMM activities.
Answer: Governance
Construction
Verification
Deployment
⩥ static analysis.
Answer: Source code of an application is reviewed manually or with
automatic tools without running the code
⩥ dynamic analysis.
,Answer: Analysis and testing of a program occurs while it is being
executed or run
⩥ Fuzzing.
Answer: Injection of randomized data into a software program in an
attempt to find system failures, memory leaks, error handling issues, and
improper input validation
⩥ OWASP ZAP.
Answer: -Open-source web application security scanner-Can be used as
a proxy to manipulate traffic running through it (even https)
⩥ ISO/IEC 27001.
Answer: Specifies requirements for establishing, implementing,
operating, monitoring, reviewing, maintaining and improving a
documented information security management system
⩥ ISO/IEC 17799.
Answer: ISO/EIC is a joint committee that develops and maintains
standards in the IT industry. 17799 is an international code of practice
for information security management. This section defines
confidentiality, integrity and availability controls.
⩥ ISO/IEC 27034.
, Answer: A standard that provides guidance to help organizations embed
security within their processes that help secure applications running in
the environment, including application lifecycle processes
⩥ Software security champion.
Answer: a developer with an interest in security who helps amplify the
security message at the team level
⩥ waterfall methodology.
Answer: a sequential, activity-based process in which each phase in the
SDLC is performed sequentially from planning through implementation
and maintenance
⩥ Agile Development.
Answer: A software development methodology that delivers
functionality in rapid iterations, measured in weeks, requiring frequent
communication, development, testing, and delivery.
⩥ Scrum.
Answer: an agile project management framework that helps teams
structure and manage their work through a set of values, principles, and
practices
⩥ Daily scrum.
WITH CORRECT ANSWERS DETAILED
LEARNING RESOURCE ACCURATE
CONTENT GRADED A+
⩥ SAMM.
Answer: offers a roadmap and a well-defined maturity model for secure
software development and deployment, along with useful tools for self-
assessment and planning.
⩥ Core OpenSAMM activities.
Answer: Governance
Construction
Verification
Deployment
⩥ static analysis.
Answer: Source code of an application is reviewed manually or with
automatic tools without running the code
⩥ dynamic analysis.
,Answer: Analysis and testing of a program occurs while it is being
executed or run
⩥ Fuzzing.
Answer: Injection of randomized data into a software program in an
attempt to find system failures, memory leaks, error handling issues, and
improper input validation
⩥ OWASP ZAP.
Answer: -Open-source web application security scanner-Can be used as
a proxy to manipulate traffic running through it (even https)
⩥ ISO/IEC 27001.
Answer: Specifies requirements for establishing, implementing,
operating, monitoring, reviewing, maintaining and improving a
documented information security management system
⩥ ISO/IEC 17799.
Answer: ISO/EIC is a joint committee that develops and maintains
standards in the IT industry. 17799 is an international code of practice
for information security management. This section defines
confidentiality, integrity and availability controls.
⩥ ISO/IEC 27034.
, Answer: A standard that provides guidance to help organizations embed
security within their processes that help secure applications running in
the environment, including application lifecycle processes
⩥ Software security champion.
Answer: a developer with an interest in security who helps amplify the
security message at the team level
⩥ waterfall methodology.
Answer: a sequential, activity-based process in which each phase in the
SDLC is performed sequentially from planning through implementation
and maintenance
⩥ Agile Development.
Answer: A software development methodology that delivers
functionality in rapid iterations, measured in weeks, requiring frequent
communication, development, testing, and delivery.
⩥ Scrum.
Answer: an agile project management framework that helps teams
structure and manage their work through a set of values, principles, and
practices
⩥ Daily scrum.
