2024 D487 Wgu Secure SW Design Exam With 140+
Questions & Correct Answers
Which practice in the Ship (A5) phase of the security development cycle verifies
whether the product meets security mandates? - ANSWER-A5 policy compliance
analysis
Which post-release support activity defines the process to communicate, identify,
and alleviate security threats? - ANSWER-PRSA1: External vulnerability
disclosure response
What are two core practice areas of the OWASP Security Assurance Maturity
Model (OpenSAMM)? - ANSWER-Governance, Construction
Which practice in the Ship (A5) phase of the security development cycle uses tools
to identify weaknesses in the product? - ANSWER-Vulnerability scan
Which post-release support activity should be completed when companies are
joining together? - ANSWER-Security architectural reviews
Which of the Ship (A5) deliverables of the security development cycle are
performed during the A5 policy compliance analysis? - ANSWER-Analyze
activities and standards
Which of the Ship (A5) deliverables of the security development cycle are
performed during the code-assisted penetration testing? - ANSWER-white-box
security test
,Which of the Ship (A5) deliverables of the security development cycle are
performed during the open-source licensing review? - ANSWER-license
compliance
Which of the Ship (A5) deliverables of the security development cycle are
performed during the final security review? - ANSWER-Release and ship
How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on agile? - ANSWER-iterative development
How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on devops? - ANSWER-continuous integration
and continuous deployments
How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on cloud? - ANSWER-API invocation
processes
How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on digital enterprise? - ANSWER-enables and
improves business activities
Which phase of penetration testing allows for remediation to be performed? -
ANSWER-Deploy
Which key deliverable occurs during post-release support? - ANSWER-third-party
reviews
Which business function of OpenSAMM is associated with governance? -
ANSWER-Policy and compliance
, Which business function of OpenSAMM is associated with construction? -
ANSWER-Threat assessment
Which business function of OpenSAMM is associated with verification? -
ANSWER-Code review
Which business function of OpenSAMM is associated with deployment? -
ANSWER-Vulnerability management
What is the product risk profile? - ANSWER-A security assessment deliverable
that estimates the actual cost of the product.
A software security team member has been tasked with creating a deliverable that
provides details on where and to what degree sensitive customer information is
collected, stored, or created within a new product offering. What does the team
member need to deliver in order to meet the objective? - ANSWER-Privacy impact
assessment
What is the first phase in the security development life cycle? - ANSWER-A1
Security Assessment
What are the three areas of compliance requirements? - ANSWER-Legal,
financial, and industry standards
What term refers to how the system should function based on the environment in
which the system will operate? - ANSWER-operational requirements
Questions & Correct Answers
Which practice in the Ship (A5) phase of the security development cycle verifies
whether the product meets security mandates? - ANSWER-A5 policy compliance
analysis
Which post-release support activity defines the process to communicate, identify,
and alleviate security threats? - ANSWER-PRSA1: External vulnerability
disclosure response
What are two core practice areas of the OWASP Security Assurance Maturity
Model (OpenSAMM)? - ANSWER-Governance, Construction
Which practice in the Ship (A5) phase of the security development cycle uses tools
to identify weaknesses in the product? - ANSWER-Vulnerability scan
Which post-release support activity should be completed when companies are
joining together? - ANSWER-Security architectural reviews
Which of the Ship (A5) deliverables of the security development cycle are
performed during the A5 policy compliance analysis? - ANSWER-Analyze
activities and standards
Which of the Ship (A5) deliverables of the security development cycle are
performed during the code-assisted penetration testing? - ANSWER-white-box
security test
,Which of the Ship (A5) deliverables of the security development cycle are
performed during the open-source licensing review? - ANSWER-license
compliance
Which of the Ship (A5) deliverables of the security development cycle are
performed during the final security review? - ANSWER-Release and ship
How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on agile? - ANSWER-iterative development
How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on devops? - ANSWER-continuous integration
and continuous deployments
How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on cloud? - ANSWER-API invocation
processes
How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on digital enterprise? - ANSWER-enables and
improves business activities
Which phase of penetration testing allows for remediation to be performed? -
ANSWER-Deploy
Which key deliverable occurs during post-release support? - ANSWER-third-party
reviews
Which business function of OpenSAMM is associated with governance? -
ANSWER-Policy and compliance
, Which business function of OpenSAMM is associated with construction? -
ANSWER-Threat assessment
Which business function of OpenSAMM is associated with verification? -
ANSWER-Code review
Which business function of OpenSAMM is associated with deployment? -
ANSWER-Vulnerability management
What is the product risk profile? - ANSWER-A security assessment deliverable
that estimates the actual cost of the product.
A software security team member has been tasked with creating a deliverable that
provides details on where and to what degree sensitive customer information is
collected, stored, or created within a new product offering. What does the team
member need to deliver in order to meet the objective? - ANSWER-Privacy impact
assessment
What is the first phase in the security development life cycle? - ANSWER-A1
Security Assessment
What are the three areas of compliance requirements? - ANSWER-Legal,
financial, and industry standards
What term refers to how the system should function based on the environment in
which the system will operate? - ANSWER-operational requirements
