WGU D487 OA 2025 TEST BANK 3 WITH 420 QUESTIONS AND
CORRECT ANSWERS (100% CORRECT VERIFIED ANSWERS) D487
SECURE SOFTWARE DESIGN OBJECTIVE ASSESSMENT 2025 TEST
BANK V3
Post-Release Support phase - CORRECT ANSWERS-the phase of the SDLC in which
organizations prepare for vulnerabilities after the product has been released
Which security goal is defined by guarding against improper information modification or destruction, and
ensuring information non-repudiation and authenticity - CORRECT ANSWERS-Integrity
Which phase in the SDLC helps to define the problem and scope of any existing systems and determine
the objectives of new systems - CORRECT ANSWERS-Planning
What happens during a dynamic code review - CORRECT ANSWERS-Programmers monitor
system memory, functional behavior, response times, and overall performance
How should you store your application credentials in your application database - CORRECT
ANSWERS-Store credentials using salted hashes
Post-Release PSIRT Response: - CORRECT ANSWERS-responds to software product security
incidents that involve the external discovery of post-release software vulnerabilities
Software Security Champion (SSC) - CORRECT ANSWERS-an expert on promoting security
awareness, best practices, and simplifying software security
Software Security Evangelist (SSE) - CORRECT ANSWERS-an expert to promote awareness of
products to the wider software community
What are the three core elements of security - CORRECT ANSWERS-confidentiality, integrity,
and availability
,8 phases of the SDLC - CORRECT ANSWERS-planning, requirements, design, implementation,
testing, deployment, maintenance and end of life
What is software security - CORRECT ANSWERS-Security that deals with securing the
foundational programmatic logic of the underlying software
Which part of the CIA keeps unauthorized users from accessing confidential information - CORRECT
ANSWERS-Confidentiality
BSIMM - CORRECT ANSWERS-a study of real-world software security that allows you to
develop your software security over time
dynamic analysis - CORRECT ANSWERS-analysis of computer software that is performed when
executing the program on a real or virtual processor in real time
fuzz testing - CORRECT ANSWERS-automated or semi-automated testing that provides invalid,
unexpected, or random data to the computer program.
measure model - CORRECT ANSWERS-A set of data security methods that developers take to
protect against vulnerabilities
metric model - CORRECT ANSWERS-allows organizations to determine the effectiveness of
their security controls
OWASP - CORRECT ANSWERS-A flexible and prospective framework to build security into your
software development organization
static analysis - CORRECT ANSWERS-The analysis of computer software that is performed
without executing programs
Computer Vulnerabilities and Exposures - CORRECT ANSWERS-A list of information that aims
to provide common names for publicly known security vulnerabilities
, What are the three primary tools basic to the SDLC - CORRECT ANSWERS-Fuzz testing, static
analysis, and dynamic analysis testing
In which phase of the SDLC should the software security team be involved - CORRECT
ANSWERS-Concept
Waterfall - CORRECT ANSWERS-An approach that divides the process of software
development into separate phases. The outcome of one phase acts as the input for the next phase
Waterfall advantages - CORRECT ANSWERS-Splitting into different stages makes it easier for
an organization to control the development process.
Waterfall Disadvantages - CORRECT ANSWERS-Does not allow time for reflection or a revision
to the design
Agile - CORRECT ANSWERS-Uses collaboration between self-organizing and cross-functional
teams. 4 core values and 12 principles
Agile Advantage - CORRECT ANSWERS-customer satisfaction through rapid, continuous
delivery of useful software
Agile disadvantage - CORRECT ANSWERS-difficult to asses the effort required at the beginning
of the SDL
SCRUM - CORRECT ANSWERS-Development team that works flexibly and holistically to reach
a common goal
Deployment Phase (SDLC) - CORRECT ANSWERS-Security is pushed out
Design Phase (SDLC) - CORRECT ANSWERS-Requirements are prepared for the technical
design
CORRECT ANSWERS (100% CORRECT VERIFIED ANSWERS) D487
SECURE SOFTWARE DESIGN OBJECTIVE ASSESSMENT 2025 TEST
BANK V3
Post-Release Support phase - CORRECT ANSWERS-the phase of the SDLC in which
organizations prepare for vulnerabilities after the product has been released
Which security goal is defined by guarding against improper information modification or destruction, and
ensuring information non-repudiation and authenticity - CORRECT ANSWERS-Integrity
Which phase in the SDLC helps to define the problem and scope of any existing systems and determine
the objectives of new systems - CORRECT ANSWERS-Planning
What happens during a dynamic code review - CORRECT ANSWERS-Programmers monitor
system memory, functional behavior, response times, and overall performance
How should you store your application credentials in your application database - CORRECT
ANSWERS-Store credentials using salted hashes
Post-Release PSIRT Response: - CORRECT ANSWERS-responds to software product security
incidents that involve the external discovery of post-release software vulnerabilities
Software Security Champion (SSC) - CORRECT ANSWERS-an expert on promoting security
awareness, best practices, and simplifying software security
Software Security Evangelist (SSE) - CORRECT ANSWERS-an expert to promote awareness of
products to the wider software community
What are the three core elements of security - CORRECT ANSWERS-confidentiality, integrity,
and availability
,8 phases of the SDLC - CORRECT ANSWERS-planning, requirements, design, implementation,
testing, deployment, maintenance and end of life
What is software security - CORRECT ANSWERS-Security that deals with securing the
foundational programmatic logic of the underlying software
Which part of the CIA keeps unauthorized users from accessing confidential information - CORRECT
ANSWERS-Confidentiality
BSIMM - CORRECT ANSWERS-a study of real-world software security that allows you to
develop your software security over time
dynamic analysis - CORRECT ANSWERS-analysis of computer software that is performed when
executing the program on a real or virtual processor in real time
fuzz testing - CORRECT ANSWERS-automated or semi-automated testing that provides invalid,
unexpected, or random data to the computer program.
measure model - CORRECT ANSWERS-A set of data security methods that developers take to
protect against vulnerabilities
metric model - CORRECT ANSWERS-allows organizations to determine the effectiveness of
their security controls
OWASP - CORRECT ANSWERS-A flexible and prospective framework to build security into your
software development organization
static analysis - CORRECT ANSWERS-The analysis of computer software that is performed
without executing programs
Computer Vulnerabilities and Exposures - CORRECT ANSWERS-A list of information that aims
to provide common names for publicly known security vulnerabilities
, What are the three primary tools basic to the SDLC - CORRECT ANSWERS-Fuzz testing, static
analysis, and dynamic analysis testing
In which phase of the SDLC should the software security team be involved - CORRECT
ANSWERS-Concept
Waterfall - CORRECT ANSWERS-An approach that divides the process of software
development into separate phases. The outcome of one phase acts as the input for the next phase
Waterfall advantages - CORRECT ANSWERS-Splitting into different stages makes it easier for
an organization to control the development process.
Waterfall Disadvantages - CORRECT ANSWERS-Does not allow time for reflection or a revision
to the design
Agile - CORRECT ANSWERS-Uses collaboration between self-organizing and cross-functional
teams. 4 core values and 12 principles
Agile Advantage - CORRECT ANSWERS-customer satisfaction through rapid, continuous
delivery of useful software
Agile disadvantage - CORRECT ANSWERS-difficult to asses the effort required at the beginning
of the SDL
SCRUM - CORRECT ANSWERS-Development team that works flexibly and holistically to reach
a common goal
Deployment Phase (SDLC) - CORRECT ANSWERS-Security is pushed out
Design Phase (SDLC) - CORRECT ANSWERS-Requirements are prepared for the technical
design
