SECURE-SOFTWARE-DESIGN Online Practice Questions and Answers
What is one of the four core values of the agile manifesto?
A. Communication between team members.
B. Individuals and interactions over processes and tools.
C. Business people and developers must work together daily throughout the project.
D. Teams should have a dedicated and open workspace.
Which design and development deliverable contains the types of evaluations that were performed, how many times they were performed, and how many times they were re-evaluated?
A. Privacy compliance report
B. Remediation report
C. Security testing reports
D. Security test execution report
Which secure coding best practice says to assume all incoming data should be considered untrusted and should be validated to ensure the system only accepts valid data?
A. General coding practices
B. Input validation
C. Session management
D. System configuration
What sits between a browser and an internet connection and alters requests and responses in a way the developer did not intend?
A. Load testing
B. Input validation
C. Intercept proxy
D. Reverse engineering
Company leadership has discovered an untapped revenue stream within its customer base and wants to meet with IT to share its vision for the future and determine whether to move forward. Which phase of the software development lifecycle (SDLC) is being described?
A. Implementation
B. Design
C. Planning
D. Requirements
Which SDL security goal is defined as ensuring timely and reliable access to and use of information?
A. Information security
B. Confidentiality
C. Availability
D. Integrity
In which step of the PASTA threat modeling methodology is vulnerability and exploit analysis performed?
A. Define technical scope
B. Attack modeling
C. Define objectives
D. Application decomposition
A public library needs to implement security control on publicly used computers to prevent illegal downloads. Which security control would prevent this threat?
A. Nonrepudiation
B. Authentication
C. Integrity
D. Availability
Which threat modeling approach concentrates on things the organization wants to protect?
A. Asset-centric
B. Server-centric
C. Attacker-centric
D. Application-centric
What is the last step of the SDLC/SDL code review process?
A. Review for security issues unique to the architecture
B. Identify security code review objectives
C. Perform preliminary scan
D. Review code for security issues
What Makes leads4pass.com Differ From Others?
There are tens of thousands of certification exam dumps provided on the internet. To keep the exam dumps valid, the exam questions latest and the exam answers accurate should be the first aim. Also, to make the exam PDF and exam VCE simulator easy to use is very important. Besides, leads4pass.com has 100% pass guarantee policy. Free exam demo is available. Customer support team is ready to help at any time when required.
All rights are reserved by leads4pass.com. Any changes, copy or trademarks abuse will be regarded as infringement. leads4pass.com will reserve the right to pursue accountability.
Copyright © 2004-2024 leads4pass.com.