WGU D487 SECURE SW DESIGN EXAM ACTUAL
QUESTIONS AND 100% CORRECT ANSWERS
Which technique in the Ship (A5) phase of the security development cycle ensures
that the product meets security requirements? - ANSWER A5 Policy Compliance
Analysis
Which post-release support activity specifies the procedure for communicating,
identifying, and addressing security threats? - ANSWER PRSA1: External
vulnerability disclosure ANSWER.
What are the two key practice areas of the OWASP Security Assurance Maturity
Model (OpenSAMM)? - ANSWER Governance and Construction
Which practice in the Ship (A5) stage of the security development cycle uses tools
to uncover product flaws? - ANSWER A vulnerability scan
Which post-release support activities should be undertaken when companies join
forces? - ANSWER Security Architectural Reviews
Which of the Ship (A5) deliverables from the security development cycle are
carried out during the A5 policy compliance analysis? - ANSWER Analyze actions
and standards.
Which of the Ship (A5) deliverables from the security development cycle are
carried out during code-assisted penetration testing? - ANSWER: white box
security test
,Which of the Ship (A5) deliverables of the security development cycle are
reviewed during the open-source licensing process? - ANSWER License
Compliance
Which of the Ship (A5) deliverables from the security development cycle are
carried out during the final security review? - ANSWER Release and ship.
How can you create your own SDL to incorporate security into an agile process
that meets the demands of your organization? - Answer: iterative development.
How can you create your own SDL to incorporate security into a DevOps-based
process that meets the demands of your organization? - ANSWER: Continuous
integration and deployment.
How can you create your own SDL to integrate security into a cloud-based process
that meets the demands of your organization? - ANSWER API invocation
processes.
How can you create your own SDL to incorporate security into a process tailored to
your organization's needs based on digital enterprise? - ANSWER facilitates and
improves business activities.
Which phase of penetration testing allows remediation to take place? - Answer:
Deploy.
Which important deliverable is generated during post-release support? - Respond to
third-party reviews.
Which business function of OpenSAMM is related to governance? - ANSWER
Policy and Compliance
, Which business function of OpenSAMM is related to construction? ANSWER
Threat assessment
Which OpenSAMM business function is responsible for verification? - ANSWER
Code Review
Which business function of OpenSAMM is related to deployment? - ANSWER
vulnerability management
What's the product's risk profile? - ANSWER A security assessment deliverable
that predicts the product's true cost.
A member of the software security team has been entrusted with developing a
deliverable that specifies where and how sensitive customer information is
gathered, kept, or created within a new product offering. What does the team
member need to deliver in order to achieve the goal? - ANSWER Privacy Impact
Assessment
What is the initial step in the security development lifecycle? - ANSWER A1
Security Assessment
What are the three types of compliance requirements? - ANSWER Legal, financial,
and industry standards.
What phrase describes how the system should function based on the environment in
which it will be used? - Answer operational requirements.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller luzlinkuz. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.