WGU D487 Secure Software Design Questions and Answers | Study Guide | Grade A+

WGU D487 Secure Software Design
Questions and Answers | Study Guide
| Grade A+
• Which post-release support activity defines the process to communicate, identify,
and alleviate security threats? -✓✓PRSA1: External vulnerability disclosure
response


• What are two core practice areas of the OWASP Security Assurance Maturity
Model (OpenSAMM)? -✓✓Governance, Construction


• Which practice in the Ship (A5) phase of the security development cycle uses
tools to identify weaknesses in the product? -✓✓Vulnerability scan


• Which post-release support activity should be completed when companies are
joining together? -✓✓Security architectural reviews


• Which of the Ship (A5) deliverables of the security development cycle are
performed during the A5 policy compliance analysis? -✓✓Analyze activities and
standards


• Which of the Ship (A5) deliverables of the security development cycle are
performed during the code-assisted penetration testing? -✓✓white-box security
test


• Which of the Ship (A5) deliverables of the security development cycle are
performed during the open-source licensing review? -✓✓license compliance

,• Which of the Ship (A5) deliverables of the security development cycle are
performed during the final security review? -✓✓Release and ship


• How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on agile? -✓✓iterative development


• How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on devops? -✓✓continuous integration and
continuous deployments


• How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on cloud? -✓✓API invocation processes


• How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on digital enterprise? -✓✓enables and
improves business activities


• Which phase of penetration testing allows for remediation to be performed? -
✓✓Deploy


• Which key deliverable occurs during post-release support? -✓✓third-party
reviews


• Which business function of OpenSAMM is associated with governance? -
✓✓Policy and compliance


• Which business function of OpenSAMM is associated with construction? -
✓✓Threat assessment

, • Which business function of OpenSAMM is associated with verification? -
✓✓Code review


• Which business function of OpenSAMM is associated with deployment? -
✓✓Vulnerability management


• What is the product risk profile? -✓✓A security assessment deliverable that
estimates the actual cost of the product.


• A software security team member has been tasked with creating a deliverable that
provides details on where and to what degree sensitive customer information is
collected, stored, or created within a new product offering. What does the team
member need to deliver in order to meet the objective? -✓✓Privacy impact
assessment


• What is the first phase in the security development life cycle? -✓✓A1 Security
Assessment


• What are the three areas of compliance requirements? -✓✓Legal, financial, and
industry standards


• What term refers to how the system should function based on the environment in
which the system will operate? -✓✓operational requirements


• During what phase of SDL do all key stakeholders discuss, identify, and have
common understandings of the security and privacy implications, considerations,
and requirements? -✓✓A1 Security Assessment