Secure-Software-Design 試験問題を無料オンラインアクセス

Which design and development deliverable contains the types of evaluations that were performed, how many times they were performed, and how many times they were re-evaluated?

• A.Security test execution report
• B.Privacy compliance report
• C.Remediation report
• D.Security testing reports

Which concept is demonstrated when every module in a particular abstraction layer of a computing environment can only access the information and resources that are necessary for its legitimate purpose?

• A.Principle of Least Privilege
• B.Privacy
• C.Elevation of Privilege
• D.Confidentiality

Which type of security analysis is performed by reviewing source code line-by-line after other security analysis techniques have been executed?

• A.Dynamic Analysis
• B.Static Analysis
• C.Manual Code Review
• D.Fuzz Testing

A software security team recently completed an internal assessment of the company's security assurance program. The team delivered a set of scorecards to leadership along with proposed changes designed to improve low-scoring governance, development, and deployment functions.
Which software security maturity model did the team use?

• A.International Organization for Standardization ISO/IEC 27034
• B.Open Web Application Security Project (OWASP) Open Software Assurance Maturity Model (SAMM)
• C.Building Security In Maturity Model (BSIMM)
• D.U.S. Department of Homeland Security Software Assurance Program

Which type of security analysis is limited by the fact that a significant time investment of a highly skilled team member is required?

• A.Static code analysis
• B.Dynamic code analysis
• C.Fuzz testing
• D.Manual code review