WGU D487 Secure Software Design Latest
Questions and Answers | Professional Prep |
Grade A+
• Which security goal is defined by "guarding against improper information
modification or destruction and ensuring information non-repudiation and
authenticity"? CORRECT ANSWER: Integrity
• Which phase in an SDLC helps to define the problem and scope of any existing
systems and determine the objectives of new systems? CORRECT ANSWER:
Planning
• What happens during a dynamic code review? CORRECT ANSWER:
Programmers monitor system memory, functional behavior, response times, and
overall performance.
• How should you store your application user credentials in your application
database? CORRECT ANSWER: Store credentials using salted hashes
• Which software methodology resembles an assembly-line approach? CORRECT
ANSWER: Waterfall model
• Which software methodology approach provides faster time to market and higher
business value? CORRECT ANSWER: Agile model
• In Scrum methodology, who is responsible for making decisions on the
requirements? CORRECT ANSWER: Product Owner
,• What is the product risk profile? CORRECT ANSWER: A security assessment
deliverable that estimates the actual cost of the product
• A software security team member has been tasked with creating a deliverable that
provides details on where and to what degree sensitive customer information is
collected, stored, or created within a new product offering.
What does the team member need to deliver in order to meet the objective?
CORRECT ANSWER: Privacy impact assessment
• A software security team member has been tasked with creating a threat model
for the login process of a new product.What is the first step the team member
should take? CORRECT ANSWER: Identify security objectives
• What are three parts of the STRIDE methodology? CORRECT ANSWER:
Spoofing, Elevation, Tampering
• What is the reason software security teams host discovery meetings with
stakeholders early in the development life cycle? CORRECT ANSWER: To
ensure that security is built into the product from the start
• Why should a security team provide documented certification requirements
during the software assessment phase? CORRECT ANSWER: Depending on the
environment in which the product resides, certifications may be required by
corporate or government entities before the software can be released to customers.
• What are two items that should be included in the privacy impact assessment plan
regardless of which methodology is used? CORRECT ANSWER: Required
process steps & Technologies and techniques
, • What are the goals of each SDL deliverable? - Product Risk Profile CORRECT
ANSWER: Estimate the actual cost of the product
• What are the goals of each SDL deliverable? -SDL project outline CORRECT
ANSWER: Map security activities to the development schedule
• What are the goals of each SDL deliverable? - Threat profile CORRECT
ANSWER: Guide security activities to protect the product from vulnerabilities
• What are the goals of each SDL deliverable? -List of third-party software
CORRECT ANSWER: Identify the dependence on unmanaged software
• What is a threat action that is designed to illegally access and use another
person's credentials? CORRECT ANSWER: Spoofing
• What are two steps of the threat modeling process? CORRECT ANSWER:
Survey The application & Decompose the application
• What do the "A" and the first "D" in the DREAD acronym represent?
CORRECT ANSWER: Damage & Affected Users
• Which shape indicates each type of flow diagram element? - External elements
CORRECT ANSWER: Rectangle
• Which shape indicates each type of flow diagram element? - Data Store
CORRECT ANSWER: Two Parallel horizontal lines
• Which shape indicates each type of flow diagram element? - Data Flow
CORRECT ANSWER: Solid Line with an arrow
Questions and Answers | Professional Prep |
Grade A+
• Which security goal is defined by "guarding against improper information
modification or destruction and ensuring information non-repudiation and
authenticity"? CORRECT ANSWER: Integrity
• Which phase in an SDLC helps to define the problem and scope of any existing
systems and determine the objectives of new systems? CORRECT ANSWER:
Planning
• What happens during a dynamic code review? CORRECT ANSWER:
Programmers monitor system memory, functional behavior, response times, and
overall performance.
• How should you store your application user credentials in your application
database? CORRECT ANSWER: Store credentials using salted hashes
• Which software methodology resembles an assembly-line approach? CORRECT
ANSWER: Waterfall model
• Which software methodology approach provides faster time to market and higher
business value? CORRECT ANSWER: Agile model
• In Scrum methodology, who is responsible for making decisions on the
requirements? CORRECT ANSWER: Product Owner
,• What is the product risk profile? CORRECT ANSWER: A security assessment
deliverable that estimates the actual cost of the product
• A software security team member has been tasked with creating a deliverable that
provides details on where and to what degree sensitive customer information is
collected, stored, or created within a new product offering.
What does the team member need to deliver in order to meet the objective?
CORRECT ANSWER: Privacy impact assessment
• A software security team member has been tasked with creating a threat model
for the login process of a new product.What is the first step the team member
should take? CORRECT ANSWER: Identify security objectives
• What are three parts of the STRIDE methodology? CORRECT ANSWER:
Spoofing, Elevation, Tampering
• What is the reason software security teams host discovery meetings with
stakeholders early in the development life cycle? CORRECT ANSWER: To
ensure that security is built into the product from the start
• Why should a security team provide documented certification requirements
during the software assessment phase? CORRECT ANSWER: Depending on the
environment in which the product resides, certifications may be required by
corporate or government entities before the software can be released to customers.
• What are two items that should be included in the privacy impact assessment plan
regardless of which methodology is used? CORRECT ANSWER: Required
process steps & Technologies and techniques
, • What are the goals of each SDL deliverable? - Product Risk Profile CORRECT
ANSWER: Estimate the actual cost of the product
• What are the goals of each SDL deliverable? -SDL project outline CORRECT
ANSWER: Map security activities to the development schedule
• What are the goals of each SDL deliverable? - Threat profile CORRECT
ANSWER: Guide security activities to protect the product from vulnerabilities
• What are the goals of each SDL deliverable? -List of third-party software
CORRECT ANSWER: Identify the dependence on unmanaged software
• What is a threat action that is designed to illegally access and use another
person's credentials? CORRECT ANSWER: Spoofing
• What are two steps of the threat modeling process? CORRECT ANSWER:
Survey The application & Decompose the application
• What do the "A" and the first "D" in the DREAD acronym represent?
CORRECT ANSWER: Damage & Affected Users
• Which shape indicates each type of flow diagram element? - External elements
CORRECT ANSWER: Rectangle
• Which shape indicates each type of flow diagram element? - Data Store
CORRECT ANSWER: Two Parallel horizontal lines
• Which shape indicates each type of flow diagram element? - Data Flow
CORRECT ANSWER: Solid Line with an arrow
