Secure-Software-Design 試験問題を無料オンラインアクセス

A recent security review has identified an aging credential recovery/forgotten password component that emails temporary passwords to users who claim to have forgotten their application password.
How should the organization remediate this vulnerability?

• A.Implement Role-Based Authorization
• B.Implement Multifactor Authentication
• C.Ensure All Authorization Requests Are Logged
• D.Lock a User Account After Multiple Failed Authentication Attempts

The software security team has been tasked with assessing a document management application that has been in use for many years and developing a plan to ensure it complies with organizational policies.
Which post-release deliverable is being described?

• A.External vulnerability disclosure response process
• B.Security strategy for legacy code
• C.Post-release certifications
• D.Security strategy tor M&A products

What is a best practice of secure coding?

• A.User acceptance testing
• B.Planning
• C.Session management
• D.Microservices

Senior IT staff has determined that a new product will be hosted in the cloud and will support web and mobile users. Developers will need to deliver secure REST services. Android and IOS mobile apps. and a web application. Developers are currently determining how to deliver each part of the overall product.
Which phase of the software development lifecycle (SDLC) is being described?

• A.Deployment
• B.End of life
• C.Maintenance
• D.Design

The security team is reviewing whether changes or open issues exist that would affect requirements for handling personal information documented in earlier phases of the development life cycle.
Which activity of the Ship SDL phase is being performed?

• A.Final privacy review
• B.Final security review
• C.Vulnerability scan
• D.Open-source licensing review