Secure-Software-Design Practice Exam Questions and Answers

Which threat modeling step identifies the assets that need to be protected?

Which type of security analysis is limited by the fact that a significant time investment of a highly skilled team member is required?

The security software team has cloned the source code repository of the new software product so they can perform vulnerability testing by modifying or adding small snippets of code to see if they can cause unexpected behavior and application failure.

Which security testing technique is being used?

The Chief Information Security Officer (CISO) has recommended contracting with external experts to perform annual reviews of the enterprise's software products, including penetration testing.

Which post-release deliverable is being described?

What is a countermeasure to the web application security frame (ASF) authentication threat category?

Features have been developed and fully tested, the production environment has been created, and leadership has approved the release of the new product. Technicians have scheduled a time and date to make the product available to customers.

Which phase of the software development lifecycle (SDLC) is being described?

Security testers have completed testing and are documenting the results of vulnerability scans and penetration analysis They are also creating documentation lo share with the organization's largest customers.

Which deliverable is being prepared?

Which threat modeling approach concentrates on things the organization wants to protect?

The security team has received notice of an insecure direct object reference vulnerability in a third-party component library that could result in remote code execution. The component library was replaced and is no longer being used within the application.

How should the organization remediate this vulnerability?

What is one of the tour core values of the agile manifesto?