Reliable Secure Software Design Exam Dumps (V8.02) Are Available with 118 Questions and Answers: Pass Your Exam on the First Attempt

1. The software security team is performing security testing for a new software product that is close to production release. They are concentrating on integrations between the new product and database servers, web servers, and web services.

Which security testing technique is being used?

2. A new product does not display personally identifiable information, will not let private documents be printed, and requires elevation of privilege to retrieve archive documents.

Which secure coding practice is this describing?

3. Which SDL security goal is defined as ensuring timely and reliable access to and use of information?

4. Which mitigation technique can be used to light against a threat where a user may gain access to administrator level functionality?

5. A public library needs to implement security control on publicly used computers to prevent illegal downloads.

Which security control would prevent this threat?

6. What refers to the review of software source code by developers other than the original coders to try to identify oversights, mistakes, assumptions, a lack of knowledge, or even experience?

7. The security team has a library of recorded presentations that are required viewing tor all new developers in the organization. The video series details organizational security policies and demonstrates how to define, test for. and code tor possible threats.

Which category of secure software best practices does this represent?

8. What is the privacy impact rating of an application that stores personally identifiable information, monitors users with ongoing transfers of anonymous data, and changes settings without notifying the user?

9. Which privacy impact statement requirement type defines processes to keep personal information updated and accurate?

10. Which DKEAD category has a risk rating based on the threat exploit's potential level of harm?

11. In which step of the PASTA threat modeling methodology will the team capture infrastructure, application, and software dependencies?

12. Which mitigation technique is used to fight against an identity spoofing threat?

13. What is one of the tour core values of the agile manifesto?

14. Which secure coding best practice says to assume all incoming data should be considered untrusted and should be validated to ensure the system only accepts valid data?

15. Which software-testing technique can be automated or semi-automated and provides invalid, unexpected, or random data to the inputs of a computer software program?

16. What is a countermeasure to the web application security frame (ASF) authentication threat category?

17. Which threat modeling approach concentrates on things the organization wants to protect?

18. In which step of the PASTA threat modeling methodology is vulnerability and exploit analysis performed?

19. Which security assessment deliverable identities possible security vulnerabilities in the product?

20. Which software control test examines the internal logical structures of a program and steps through the code line by line to analyze the program for potential errors?

21. Company leadership has discovered an untapped revenue stream within its customer base and wants to meet with IT to share its vision for the future and determine whether to move forward.

Which phase of the software development lifecycle (SDLC) is being described?

22. Which design and development deliverable contains the types of evaluations that were performed, how many times they were performed, and how many times they were re-evaluated?

23. An individual is developing a software application that has a back-end database and is concerned that a malicious user may run the following SOL query to pull information about all accounts from the database:

Which technique should be used to detect this vulnerability without running the source codes?

24. Which software control test examines an application from a user perspective by providing a wide variety of input scenarios and inspecting the output?

25. Company leadership has contracted with a security firm to evaluate the vulnerability of all externally lacing enterprise applications via automated and manual system interactions.

Which security testing technique is being used?

26. Which type of threat exists when an attacker can intercept and manipulate form data after the user clicks the save button but before the request is posted to the API?

27. The scrum team decided that before any change can be merged and tested, it must be looked at by the learns lead developer, who will ensure accepted coding patterns are being followed and that the code meets the team's quality standards.

Which category of secure software best practices is the team performing?

28. What sits between a browser and an internet connection and alters requests and responses in a way the developer did not intend?

29. Which privacy impact statement requirement type defines how personal information will be protected when authorized or independent external entities are involved?

30. The software security team prepared a detailed schedule napping security development lifecycle phases to the type of analysis they will execute.

Which design and development deliverable aid the team prepare?

31. Which category classifies identified threats that do not have defenses in place and expose the application to exploits?

32. The software security team is performing security testing on a new software product using a testing tool that scans the running application for known exploit signatures.

Which security testing technique is being used?

33. Which secure coding practice involves clearing all local storage as soon as a user logs of for the night and will automatically log a user out after an hour of inactivity?

34. Which secure coding best practice says to require authentication before allowing any files to be uploaded and to limit the types of files to only those needed for the business purpose?

35. Senior IT staff has determined that a new product will be hosted in the cloud and will support web and mobile users. Developers will need to deliver secure REST services. Android and IOS mobile apps. and a web application. Developers are currently determining how to deliver each part of the overall product.

Which phase of the software development lifecycle (SDLC) is being described?

36. Which threat modeling step collects exploitable weaknesses within the product?

37. What is a best practice of secure coding?

38. 1.What are the three primary goals of the secure software development process?

39. Which secure coding best practice says to use a single application-level authorization component that will lock down the application if it cannot access its configuration information?

40. A company is moving forward with a new product. Product scope has been determined, teams have formed, and backlogs have been created. Developers are actively writing code for the new product, with one team concentrating on delivering data via REST services, one Team working on the mobile apps, and a third team writing the web application.

Which phase of the software development lifecycle (SDLC) is being described?