•Which type of requirement specifies that credit card numbers displayed in the application will be masked so they only show the last four digits?
Privacy requirement
3 multiple choice options
•Which type of requirement specifies that file formats the application sends to financial institutio...
D487 EXAM STUDY QUESTIONS AND
ANSWERS TOP GRADED 2025
•Which type of requirement specifies that credit card numbers displayed in the
application will be masked so they only show the last four digits?
Privacy requirement
3 multiple choice options
•Which type of requirement specifies that file formats the application sends to
financial institutions must be certified every four years?
Compliance requirement
3 multiple choice options
1. What is a study of real-world software security initiatives organized so
companies can measure their initiatives and understand how to evolve them over
time?
Building Security in Maturity Model
What is the analysis of computer software that is performed without executing
programs?
Static Analysis
Which International Organization for Standardization (ISO) standard is the
benchmark for information security today?
ISO/IEC 27001
•What is the analysis of computer software that is performed by executing
programs on a real or virtual processor in real time?
Dynamic Analysis
•Which person is responsible for designing, planning, and implementing secure
coding practices and security testing methodologies?
Software Security Architect.
•What is a list of information security vulnerabilities that aims to provide names
for publicly known problems?
Common computer vulnerabilities exposures (CVE)
•Which secure coding best practice uses well-tested, publicly available
algorithms to hide product data from unauthorized access?
Cryptographic practices.
•Which secure coding best practice ensures servers, frameworks, and system
components are all running the latest approved versions?
System configuration
•Which secure coding best practice says to use parameterized queries, encrypted
connection strings stored in separate configuration files, and strong passwords
or multi-factor authentication?
Database security
•Which secure coding best practice says that all information passed to other
systems should be encrypted?
Communication security
D487 EXAM
, D487 EXAM
Team members are being introduced during sprint zero in the project kickoff
meeting. The person being introduced is a member of the scrum team,
responsible for writing feature logic and attending sprint ceremonies.Which role
is the team member playing?
Software developer
•A software security team member has created data flow diagrams, chosen the
STRIDE methodology to perform threat reviews, and created the security
assessment for the new product.Which category of secure software best
practices did the team member perform?
Architectural analysis
3 multiple choice options
•Team members are being introduced during sprint zero in the project kickoff
meeting. The person being introduced will be a facilitator, will try to remove
roadblocks and ensure the team is communicating freely, and will be responsible
for facilitating all scrum ceremonies.
Scrum master
3 multiple choice options
•The new product standards state that all traffic must be secure and
encrypted.What is the name for this secure coding practice?
Communication security
3 multiple choice options
•Which DREAD category is based on how easily a threat exploit can be repeated?
Reproducibility
3 multiple choice options
•Which mitigation technique can be used to fight against a data tampering threat?
Digital signatures
3 multiple choice options
•What is a countermeasure to the web application security frame (ASF)
configuration management threat category?
Service accounts have no administration capabilities
3 multiple choice options
•Which type of requirement specifies that user passwords will require a minimum
of 8 characters and must include at least one uppercase character, one number,
and one special character?
Security requirement
3 multiple choice options
•Which type of requirement specifies that credit card numbers are designated as
highly sensitive confidential personal information?
Data classificagion requirmenent
3 multiple choice options
•Which type of requirement specifies that credit card numbers are designated as
highly sensitive confidential personal information?
Privacy control requirements
3 multiple choice options
•In which step of the PASTA threat modeling methodology does design flaw
analysis take place?
D487 EXAM
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller PossibleA. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.49. You're not tied to anything after your purchase.
