WGU D487 Secure Software Design
Complete Exam Study Questions
with Verified Answers | Latest
Edition
1. What are the two common best principles of software applications in the
development process? - ANSWER Quality Code & Secure Code
2. What ensures that the user has the appropriate role and privilege to view
data? - ANSWER Authorization
3. Which security goal is defined by "guarding against improper information
modification or destruction and ensuring information non-repudiation and
authenticity"? - ANSWER Integrity
4. What are the goals of each SDL deliverable? - Product Risk Profile -
ANSWER Estimate the actual cost of the product
5. What are the goals of each SDL deliverable? -SDL project outline -
ANSWER Map security activities to the development schedule
6. What are the goals of each SDL deliverable? - Threat profile - ANSWER
Guide security activities to protect the product from vulnerabilities
7. What are the goals of each SDL deliverable? -List of third-party software -
ANSWER Identify the dependence on unmanaged software
,8. What is a threat action that is designed to illegally access and use another
person's credentials? - ANSWER Spoofing
9. What are two steps of the threat modeling process? - ANSWER Survey The
application & Decompose the application
10.What do the "A" and the first "D" in the DREAD acronym represent? -
ANSWER Damage & Affected Users
11.Which shape indicates each type of flow diagram element? - External
elements - ANSWER Rectangle
12.Which shape indicates each type of flow diagram element? - Data Store -
ANSWER Two Parallel horizontal lines
13.Which shape indicates each type of flow diagram element? - Data Flow -
ANSWER Solid Line with an arrow
14.Which shape indicates each type of flow diagram element? - Trust Boundry
- ANSWER Dashed Line
15.What are the two deliverables of the Architecture phase of the SDL? -
ANSWER Threat Modeling artifacts & Policy compliance analysis
16.What SDL security assessment deliverable is used as an input to an SDL
architecture process? - ANSWER Threat profile
,17.Which software security testing technique tests the software from an
external perspective? - ANSWER Black box
18.Which security design principle states that an entity should be given the
minimum privileges and resources for a minimum period of time for a task?
- ANSWER Least privilege
19.After the developer is done coding a functionality, when should code review
be completed? - ANSWER Within hours or the same day
20.What is the order that code reviews should follow in order to be effective? -
Step 1 - ANSWER Identify security code review objectives
21.Which phase in an SDLC helps to define the problem and scope of any
existing systems and determine the objectives of new systems? - ANSWER
Planning
22.What happens during a dynamic code review? - ANSWER Programmers
monitor system memory, functional behavior, response times, and overall
performance.
23.How should you store your application user credentials in your application
database? - ANSWER Store credentials using salted hashes
24.Which software methodology resembles an assembly-line approach? -
ANSWER Waterfall model
25.Which software methodology approach provides faster time to market and
higher business value? - ANSWER Agile model
, 26.In Scrum methodology, who is responsible for making decisions on the
requirements? - ANSWER Product Owner
27.What is the product risk profile? - ANSWER A security assessment
deliverable that estimates the actual cost of the product
28.A software security team member has been tasked with creating a
deliverable that provides details on where and to what degree sensitive
customer information is collected, stored, or created within a new product
offering.
29.What does the team member need to deliver in order to meet the objective? -
ANSWER Privacy impact assessment
30.A software security team member has been tasked with creating a threat
model for the login process of a new product.What is the first step the team
member should take? - ANSWER Identify security objectives
31.What are three parts of the STRIDE methodology? - ANSWER Spoofing,
Elevation, Tampering
32.What is the reason software security teams host discovery meetings with
stakeholders early in the development life cycle? - ANSWER To ensure that
security is built into the product from the start
33.Why should a security team provide documented certification requirements
during the software assessment phase? - ANSWER Depending on the
environment in which the product resides, certifications may be required by
Complete Exam Study Questions
with Verified Answers | Latest
Edition
1. What are the two common best principles of software applications in the
development process? - ANSWER Quality Code & Secure Code
2. What ensures that the user has the appropriate role and privilege to view
data? - ANSWER Authorization
3. Which security goal is defined by "guarding against improper information
modification or destruction and ensuring information non-repudiation and
authenticity"? - ANSWER Integrity
4. What are the goals of each SDL deliverable? - Product Risk Profile -
ANSWER Estimate the actual cost of the product
5. What are the goals of each SDL deliverable? -SDL project outline -
ANSWER Map security activities to the development schedule
6. What are the goals of each SDL deliverable? - Threat profile - ANSWER
Guide security activities to protect the product from vulnerabilities
7. What are the goals of each SDL deliverable? -List of third-party software -
ANSWER Identify the dependence on unmanaged software
,8. What is a threat action that is designed to illegally access and use another
person's credentials? - ANSWER Spoofing
9. What are two steps of the threat modeling process? - ANSWER Survey The
application & Decompose the application
10.What do the "A" and the first "D" in the DREAD acronym represent? -
ANSWER Damage & Affected Users
11.Which shape indicates each type of flow diagram element? - External
elements - ANSWER Rectangle
12.Which shape indicates each type of flow diagram element? - Data Store -
ANSWER Two Parallel horizontal lines
13.Which shape indicates each type of flow diagram element? - Data Flow -
ANSWER Solid Line with an arrow
14.Which shape indicates each type of flow diagram element? - Trust Boundry
- ANSWER Dashed Line
15.What are the two deliverables of the Architecture phase of the SDL? -
ANSWER Threat Modeling artifacts & Policy compliance analysis
16.What SDL security assessment deliverable is used as an input to an SDL
architecture process? - ANSWER Threat profile
,17.Which software security testing technique tests the software from an
external perspective? - ANSWER Black box
18.Which security design principle states that an entity should be given the
minimum privileges and resources for a minimum period of time for a task?
- ANSWER Least privilege
19.After the developer is done coding a functionality, when should code review
be completed? - ANSWER Within hours or the same day
20.What is the order that code reviews should follow in order to be effective? -
Step 1 - ANSWER Identify security code review objectives
21.Which phase in an SDLC helps to define the problem and scope of any
existing systems and determine the objectives of new systems? - ANSWER
Planning
22.What happens during a dynamic code review? - ANSWER Programmers
monitor system memory, functional behavior, response times, and overall
performance.
23.How should you store your application user credentials in your application
database? - ANSWER Store credentials using salted hashes
24.Which software methodology resembles an assembly-line approach? -
ANSWER Waterfall model
25.Which software methodology approach provides faster time to market and
higher business value? - ANSWER Agile model
, 26.In Scrum methodology, who is responsible for making decisions on the
requirements? - ANSWER Product Owner
27.What is the product risk profile? - ANSWER A security assessment
deliverable that estimates the actual cost of the product
28.A software security team member has been tasked with creating a
deliverable that provides details on where and to what degree sensitive
customer information is collected, stored, or created within a new product
offering.
29.What does the team member need to deliver in order to meet the objective? -
ANSWER Privacy impact assessment
30.A software security team member has been tasked with creating a threat
model for the login process of a new product.What is the first step the team
member should take? - ANSWER Identify security objectives
31.What are three parts of the STRIDE methodology? - ANSWER Spoofing,
Elevation, Tampering
32.What is the reason software security teams host discovery meetings with
stakeholders early in the development life cycle? - ANSWER To ensure that
security is built into the product from the start
33.Why should a security team provide documented certification requirements
during the software assessment phase? - ANSWER Depending on the
environment in which the product resides, certifications may be required by
