100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
D487 Secure SW Design Exam All Combined Review Questions With Revised Correct Answers $12.99   Add to cart

Exam (elaborations)

D487 Secure SW Design Exam All Combined Review Questions With Revised Correct Answers

 2 views  0 purchase
  • Course
  • D487
  • Institution
  • D487

D487 Secure SW Design Exam All Combined Review Questions With Revised Correct Answers What does DREAD stand for? - ANSWER damage potential, reproducibility, exploitability, affected users, and discoverability What is a weakness that can be exploited? - ANSWER vulnerabilit...

[Show more]

Preview 4 out of 34  pages

  • September 11, 2024
  • 34
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • D487
  • D487
avatar-seller
NURSINGDICTIONARY
D487 Secure SW Design
Exam All Combined Review
Questions With Revised Correct
Answers



What does DREAD stand for? - ANSWER damage potential,
reproducibility, exploitability, affected users, and
discoverability


What is a weakness that can be exploited? - ANSWER
vulnerability


What is a unified conceptual framework for security auditing? -
ANSWER Trike Threat Model


What is the path an attacker can take to exploit a vulnerability?
- ANSWER threat vector

,What is reusable software developed externally from the
organization's platforms? - ANSWER third party codes


What is maliciously changing or modifying persistent data? -
ANSWER Tampering


What defines what needs to be protected and how it will be
protected? - ANSWER software security policy


What is performing illegal operations in a system that lacks the
ability to trace the prohibited operations? - ANSWER
repudiation


What is determining the fundamental functions of an app? -
ANSWER application decomposition


What are threat models focused around senior management
and protecting the assets of an organization? - ANSWER
asset-centric threat modeling

, What are threat models that start with visualizing the
application you are building? - ANSWER application-centric
threat modeling


During what phase of the SDL is any policy that exists outside
of the SDL policy is reviewed? - ANSWER A3 Design and
Development


A software security team member has been tasked with
creating a threat model for the login process of a new product.
What is the first step the team member should take? -
ANSWER identify security objectives


What is the reason software security teams host discovery
meetings with stakeholders early in the development life cycle?
- ANSWER To ensure that security is built into the product
from the start


Why should a security team provide documented certification
requirements during the software assessment phase? -
ANSWER Depending on the environment in which the
product resides, certifications may be required by corporate or
government entities before the software can be released to
customers.

, What are two items that should be included in the privacy
impact assessment plan regardless of which methodology is
used? - ANSWER Required process steps, technologies and
techniques


What are the goals of the product risk profile in the SDL
deliverable? - ANSWER Estimate the actual cost of the
product


What are the goals of the SDL project outline in the SDL
deliverable? - ANSWER map security activities to the
development schedule


What are the goals of the threat profile in the SDL deliverable?
- ANSWER Guide security activities to protect the product
from vulnerabilities


What are the goals of listing the third party software in the SDL
deliverable? - ANSWER identify dependence on
unmanaged software

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller NURSINGDICTIONARY. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $12.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

67096 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$12.99
  • (0)
  Add to cart