Confidently Practice Online with Free Secure-Software-Design Exam Cram

Company leadership has discovered an untapped revenue stream within its customer base and wants to meet

with IT to share its vision for the future and determine whether to move forward.

Which phase of the software development lifecycle (SDLC) is being described?

While performing functional testing of the ordering feature in the new product, a tester noticed that the order

object was transmitted to the POST endpoint of the API as a human-readable JSON object.

How should existing security controls be adjusted to prevent this in the future?

Which privacy impact statement requirement type defines how personal information will be protected when authorized or independent external entities are involved?

The product security incident response team (PSIRT) has decided to make a formal public disclosure,

including base and temporal common vulnerability scoring system (CVSS) scores and a common

vulnerabilities and exposures (CVE) ID report, of an externally discovered vulnerability.

What is the most likely reason for making a public disclosure?

A company is moving forward with a new product. Product scope has been determined, teams have formed, and backlogs have been created. Developers are actively writing code for the new product, with one team concentrating on delivering data via REST services, one Team working on the mobile apps, and a third team writing the web application. Which phase of the software development lifecycle (SDLC) is being described?