WGU D487 SECURE SW DESIGN TEST LATEST COMPLETE REAL TEST QUESTIONS AND WELL ELABORATED ANSWERS (CORRECT VERIFIED ANSWERS) A NEW UPDATED VERSION |GUARANTEED PASS A+ (FULL REVISED EXAM)

WGU D487 SECURE SW DESIGN TEST LATEST COMPLETE
REAL TEST QUESTIONS AND WELL ELABORATED
ANSWERS (CORRECT VERIFIED ANSWERS) A NEW
UPDATED VERSION |GUARANTEED PASS A+ (FULL
REVISED EXAM)
Which practice in the Ship (A5) phase of the security development cycle verifies
whether the product meets security mandates? - ANSWER: A5 policy compliance
analysis

Which post-release support activity defines the process to communicate, identify,
and alleviate security threats? - ANSWER: PRSA1: External vulnerability disclosure
response

What are two core practice areas of the OWASP Security Assurance Maturity Model
(OpenSAMM)? - ANSWER: Governance, Construction

Which practice in the Ship (A5) phase of the security development cycle uses tools to
identify weaknesses in the product? - ANSWER: Vulnerability scan

Which post-release support activity should be completed when companies are
joining together? - ANSWER: Security architectural reviews

Which of the Ship (A5) deliverables of the security development cycle are performed
during the A5 policy compliance analysis? - ANSWER: Analyze activities and
standards

Which of the Ship (A5) deliverables of the security development cycle are performed
during the code-assisted penetration testing? - ANSWER: white-box security test

Which of the Ship (A5) deliverables of the security development cycle are performed
during the open-source licensing review? - ANSWER: license compliance

Which of the Ship (A5) deliverables of the security development cycle are performed
during the final security review? - ANSWER: Release and ship

How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on agile? - ANSWER: iterative development

How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on devops? - ANSWER: continuous integration and
continuous deployments

How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on cloud? - ANSWER: API invocation processes

, How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on digital enterprise? - ANSWER: enables and
improves business activities

Which phase of penetration testing allows for remediation to be performed? -
ANSWER: Deploy

Which key deliverable occurs during post-release support? - ANSWER: third-party
reviews

Which business function of OpenSAMM is associated with governance? - ANSWER:
Policy and compliance

Which business function of OpenSAMM is associated with construction? - ANSWER:
Threat assessment

Which business function of OpenSAMM is associated with verification? - ANSWER:
Code review

Which business function of OpenSAMM is associated with deployment? - ANSWER:
Vulnerability management

What is the product risk profile? - ANSWER: A security assessment deliverable that
estimates the actual cost of the product.

A software security team member has been tasked with creating a deliverable that
provides details on where and to what degree sensitive customer information is
collected, stored, or created within a new product offering. What does the team
member need to deliver in order to meet the objective? - ANSWER: Privacy impact
assessment

What is the first phase in the security development life cycle? - ANSWER: A1 Security
Assessment

What are the three areas of compliance requirements? - ANSWER: Legal, financial,
and industry standards

What term refers to how the system should function based on the environment in
which the system will operate? - ANSWER: operational requirements

During what phase of SDL do all key stakeholders discuss, identify, and have common
understandings of the security and privacy implications, considerations, and
requirements? - ANSWER: A1 Security Assessment