WGUND487N-
SECURE SOFTWARE DESIGN EXAM WITH QUESTIONS AND
N N N N N N N N
CORRECT ANSWERS || LATEST UPDATE2024/2025
N N N N N
What is the study of real-
N N N N N
world software security initiatives organized socompanies can measure th
N N N N N N N N N
eir initiatives and understand how to evolve them over time?
N N N N N N N N N
A) Building Security in Maturity Model (BSIMM)
N N N N N
B) Security features and design N N N
C) OWASP Software Assurance Maturity Model (SAMM)
N N N N N
D) ISO 27001 N
A) Building Security in Maturity Model (BSIMM)
N N N N N N
What is the analysis of computer software that is performed withoutexecut
N N N N N N N N N N N
ing programs?
N
A) Static analysis N
B) Fuzzing
C) Dynamic analysis N
D) OWASP ZAP N
A) Static analysis
N N
What iso standard is the benchmark for information security today?
N N N N N N N N N
A) iso/iec 27001 N
B) iso/iec 7799 N
C) iso/iec 27034 N
D) iso 8601 N
A) iso 27001
N N
,what is the analysis of computer software that is performed by executingpr
N N N N N N N N N N N N
ograms on a real or virtual processor in real time?
N N N N N N N N N
A) dynamic analysis N
B) static analysis N
C) fuzzing
D) security testing N
A) dynamic analysis
N N
which person is responsible for designing, planning, and implementingsec
N N N N N N N N N
ure coding practices and security testing methodologies?
N N N N N N
A) software security architect N N
B) product security developer N N
C) software security champion N N
D) software tester N
A) software security architect
N N N
A company is preparing to add a new feature to its flagship software pro
N N N N N N N N N N N N N
duct. The new feature is similar to features that have been added in previ
N N N N N N N N N N N N N
ous years, and the requirements are well-
N N N N N N
documented. The project is expected to last three to four months, at whic
N N N N N N N N N N N N
h time the new feature will be released to customers. Project team memb
N N N N N N N N N N N N
ers will focus solely onthe new feature until the project ends.
N N N N N N N N N N N
Which software development methodology is being used?
N N N N N N
A) Waterfall
B) Agile
C) Scrum
D) Extreme programming N
A) Waterfall
N
,A new product will require an administration section for a small number
N N N N N N N N N N N N
of users. Normal users will be able to view limited customer information
N N N N N N N N N N N N
and should not see admin functionality within the application.
N N N N N N N N
Which concept is being used?
N N N N
A) Principle of least privilege N N N
B) Privacy
C) Software security champion N N
D) Elevation of privilege N N
A) Principle of least privilege
N N N N
The software security team is currently working to identify approachesfo
N N N N N N N N N N
r input validation, authentication, authorization, and configuration mana
N N N N N N N
gement of a new software product so they can deliver a security profile.
N N N N N N N N N N N N
Which threat modeling step is being described?
N N N N N N
A) Analyzing the target N N
B) Drawing data flow diagram N N N
C) Rating threats N
D) Identifying and documenting threats N N N
A) Analyzing the target
N N N
The scrum team is attending their morning meeting, which is scheduled
N N N N N N N N N N N
at the beginning of the work day. Each team member reports what they a
N N N N N N N N N N N N N
ccomplished yesterday, what they plan to accomplish today, and if theyh
N N N N N N N N N N N
ave any impediments that may cause them to miss their delivery deadlin
N N N N N N N N N N N
e.
Which scrum ceremony is the team participating in?
N N N N N N N
, A) Daily scrum N
B) Sprint review N
C) Sprint retrospective N
D) Sprint planning N
A) Daily scrum
N N
what is a list of information security vulnerabilities that aims to providena
N N N N N N N N N N N N
mes for publicly known problems?
N N N N
A) common computer vulnerabilities and exposures (CVE)
N N N N N
B) SANS institute top cyber security risks
N N N N N
C) bugtraq
D) Carnegie melon computer emergency readiness team (CERT)
N N N N N N
A) common computer vulnerabilities and exposures (CVE)
N N N N N N
which secure coding best practice uses well-
N N N N N N
tested, publicly availablealgorithms to hide product data from unauth
N N N N N N N N N
orized access? N
A) access control N
B) authentication and password management N N N
C) cryptographic practices N
D) data protection N
C) cryptographic practices
N N
which secure coding best practice ensures servers, frameworks, andsystem
N N N N N N N N N
components are all running the latest approved versions?
N N N N N N N N
A) file management
N
B) input validation N
C) database security N
D) system configuration N
D) system configuration
N N
SECURE SOFTWARE DESIGN EXAM WITH QUESTIONS AND
N N N N N N N N
CORRECT ANSWERS || LATEST UPDATE2024/2025
N N N N N
What is the study of real-
N N N N N
world software security initiatives organized socompanies can measure th
N N N N N N N N N
eir initiatives and understand how to evolve them over time?
N N N N N N N N N
A) Building Security in Maturity Model (BSIMM)
N N N N N
B) Security features and design N N N
C) OWASP Software Assurance Maturity Model (SAMM)
N N N N N
D) ISO 27001 N
A) Building Security in Maturity Model (BSIMM)
N N N N N N
What is the analysis of computer software that is performed withoutexecut
N N N N N N N N N N N
ing programs?
N
A) Static analysis N
B) Fuzzing
C) Dynamic analysis N
D) OWASP ZAP N
A) Static analysis
N N
What iso standard is the benchmark for information security today?
N N N N N N N N N
A) iso/iec 27001 N
B) iso/iec 7799 N
C) iso/iec 27034 N
D) iso 8601 N
A) iso 27001
N N
,what is the analysis of computer software that is performed by executingpr
N N N N N N N N N N N N
ograms on a real or virtual processor in real time?
N N N N N N N N N
A) dynamic analysis N
B) static analysis N
C) fuzzing
D) security testing N
A) dynamic analysis
N N
which person is responsible for designing, planning, and implementingsec
N N N N N N N N N
ure coding practices and security testing methodologies?
N N N N N N
A) software security architect N N
B) product security developer N N
C) software security champion N N
D) software tester N
A) software security architect
N N N
A company is preparing to add a new feature to its flagship software pro
N N N N N N N N N N N N N
duct. The new feature is similar to features that have been added in previ
N N N N N N N N N N N N N
ous years, and the requirements are well-
N N N N N N
documented. The project is expected to last three to four months, at whic
N N N N N N N N N N N N
h time the new feature will be released to customers. Project team memb
N N N N N N N N N N N N
ers will focus solely onthe new feature until the project ends.
N N N N N N N N N N N
Which software development methodology is being used?
N N N N N N
A) Waterfall
B) Agile
C) Scrum
D) Extreme programming N
A) Waterfall
N
,A new product will require an administration section for a small number
N N N N N N N N N N N N
of users. Normal users will be able to view limited customer information
N N N N N N N N N N N N
and should not see admin functionality within the application.
N N N N N N N N
Which concept is being used?
N N N N
A) Principle of least privilege N N N
B) Privacy
C) Software security champion N N
D) Elevation of privilege N N
A) Principle of least privilege
N N N N
The software security team is currently working to identify approachesfo
N N N N N N N N N N
r input validation, authentication, authorization, and configuration mana
N N N N N N N
gement of a new software product so they can deliver a security profile.
N N N N N N N N N N N N
Which threat modeling step is being described?
N N N N N N
A) Analyzing the target N N
B) Drawing data flow diagram N N N
C) Rating threats N
D) Identifying and documenting threats N N N
A) Analyzing the target
N N N
The scrum team is attending their morning meeting, which is scheduled
N N N N N N N N N N N
at the beginning of the work day. Each team member reports what they a
N N N N N N N N N N N N N
ccomplished yesterday, what they plan to accomplish today, and if theyh
N N N N N N N N N N N
ave any impediments that may cause them to miss their delivery deadlin
N N N N N N N N N N N
e.
Which scrum ceremony is the team participating in?
N N N N N N N
, A) Daily scrum N
B) Sprint review N
C) Sprint retrospective N
D) Sprint planning N
A) Daily scrum
N N
what is a list of information security vulnerabilities that aims to providena
N N N N N N N N N N N N
mes for publicly known problems?
N N N N
A) common computer vulnerabilities and exposures (CVE)
N N N N N
B) SANS institute top cyber security risks
N N N N N
C) bugtraq
D) Carnegie melon computer emergency readiness team (CERT)
N N N N N N
A) common computer vulnerabilities and exposures (CVE)
N N N N N N
which secure coding best practice uses well-
N N N N N N
tested, publicly availablealgorithms to hide product data from unauth
N N N N N N N N N
orized access? N
A) access control N
B) authentication and password management N N N
C) cryptographic practices N
D) data protection N
C) cryptographic practices
N N
which secure coding best practice ensures servers, frameworks, andsystem
N N N N N N N N N
components are all running the latest approved versions?
N N N N N N N N
A) file management
N
B) input validation N
C) database security N
D) system configuration N
D) system configuration
N N
