D487 - Secure Software Design Knowlege Check and Quiz

D487 - Secure Software Design Knowlege Check and Quiz 5.0 (2 reviews) Students also studied Terms in this set (77) Western Governors UniversityD 487 Save

WGU D487 PRE-ASSESSMENT: SEC...

60 terms Shaun_Krause Preview

D487: Secure Software Design Ques...

58 terms chadl97Preview D487 - Secure Software Design 1,286 terms SpaceChimpanzee Preview

D487 S

70 terms paw What are the two common best principles of software applications in the development process?Quality Code & Secure Code

• multiple choice options

What ensures that the user has the appropriate role and privilege to view data?Authorization

• multiple choice options

Which security goal is defined by "guarding against improper information modification or destruction and ensuring information non-repudiation and authenticity"?Integrity

• multiple choice options

Which phase in an SDLC helps to define the problem and scope of any existing systems and determine the objectives of new systems?Planning

• multiple choice options

What happens during a dynamic code review?Programmers monitor system memory, functional behavior, response times, and overall performance.

• multiple choice options

How should you store your application user credentials in your application database?Store credentials using salted hashes

• multiple choice options

Which software methodology resembles an assembly- line approach?Waterfall model

• multiple choice options

Which software methodology approach provides faster time to market and higher business value?Agile model

• multiple choice options

In Scrum methodology, who is responsible for making decisions on the requirements?Product Owner

• multiple choice options

What is the product risk profile?A security assessment deliverable that estimates the actual cost of the product

• multiple choice options

A software security team member has been tasked with creating a deliverable that provides details on where and to what degree sensitive customer information is collected, stored, or created within a new product offering.What does the team member need to deliver in order to meet the objective?Privacy impact assessment

• multiple choice options

A software security team member has been tasked with creating a threat model for the login process of a new product.What is the first step the team member should take?Identify security objectives

• multiple choice options

What are three parts of the STRIDE methodology? Spoofing, Elevation, Tampering

• multiple choice options

What is the reason software security teams host discovery meetings with stakeholders early in the development life cycle?To ensure that security is built into the product from the start

• multiple choice options

Why should a security team provide documented certification requirements during the software assessment phase?Depending on the environment in which the product resides, certifications may be required by corporate or government entities before the software can be released to customers.

• multiple choice options

What are two items that should be included in the privacy impact assessment plan regardless of which methodology is used?Required process steps & Technologies and techniques

• multiple choice options

What are the goals of each SDL deliverable? - Product Risk Profile Estimate the actual cost of the product

• multiple choice options

What are the goals of each SDL deliverable? -SDL project outline Map security activities to the development schedule

• multiple choice options

What are the goals of each SDL deliverable? - Threat profile Guide security activities to protect the product from vulnerabilities

• multiple choice options

What are the goals of each SDL deliverable? -List of third-party software Identify the dependence on unmanaged software

• multiple choice options

What is a threat action that is designed to illegally access and use another person's credentials?Spoofing

• multiple choice options

What are two steps of the threat modeling process? Survey The application & Decompose the application

• multiple choice options

What do the "A" and the first "D" in the DREAD acronym represent?Damage & Affected Users

• multiple choice options

Which shape indicates each type of flow diagram element? - External elements Rectangle

• multiple choice options

Which shape indicates each type of flow diagram element? - Data Store Two Parallel horizontal lines

• multiple choice options

Which shape indicates each type of flow diagram element? - Data Flow Solid Line with an arrow

• multiple choice options

Which shape indicates each type of flow diagram element? - Trust Boundry Dashed Line

• multiple choice options

What are the two deliverables of the Architecture phase of the SDL?Threat Modeling artifacts & Policy compliance analysis

• multiple choice options

What SDL security assessment deliverable is used as an input to an SDL architecture process?Threat profile

• multiple choice options

Which software security testing technique tests the software from an external perspective?Black box

• multiple choice options

Which security design principle states that an entity should be given the minimum privileges and resources for a minimum period of time for a task?Least privilege

• multiple choice options

After the developer is done coding a functionality, when should code review be completed?Within hours or the same day

• multiple choice options

What is the order that code reviews should follow in order to be effective? - Step 1 Identify security code review objectives

• multiple choice options

What is the order that code reviews should follow in order to be effective? - Step 2 Preform preliminary scan

• multiple choice options

What is the order that code reviews should follow in order to be effective? - Step 3 Review code for security issues

• multiple choice options

What is the order that code reviews should follow in order to be effective? - Step 4 Review for security issues unique to the architecture

• multiple choice options

When a software application handles personally identifiable information (PII) data, what will be the Privacy Impact Rating?

P1: High privacy risk

• multiple choice options

Which key success factor identifies threats to the software?Effective threat modeling

• multiple choice options

What is the goal of design security review deliverables? To make modifications to the design of software components based on security assessments

• multiple choice options

Which application scanner component is useful in identifying vulnerabilities such as cookie misconfigurations and insecure configuration of HTTP response headers?Passive scanner

• multiple choice options

Which type of attack occurs when an attacker uses malicious code in the data sent in a form?Cross-site scripting

• multiple choice options

Which tools provide the given functions? - Self Managed Automatic Code Review Product SonarQube

• multiple choice options

Which tools provide the given functions? - Proprietary issue tracking product JIRA

• multiple choice options

Which tools provide the given functions? - Open-source automation server Jenkins

• multiple choice options

Which tools provide the given functions? - AI-Powered managemnt soltuion Dynatrace

• multiple choice options

A new application is released, and users perform initial testing on the application.Which type of testing are the users performing?Beta Testing What is a non-system-related component in software security testing attack surface validation?Users

• multiple choice options

When an application's input validation is not handled properly, it could result in which kind of vulnerabilities?SQL injection, cross-site scripting

• multiple choice options

What are the advantages of the following security analysis tools? - Static Code Analysis Access to the actual instructions the software will be guessing

• multiple choice options