Try 5 free practice questions with instant feedback. See how ready you are.
Question 1
In the Waterfall SDLC model, what is the PRIMARY security disadvantage compared to iterative models?
Answer: Security flaws discovered late in development are extremely costly to fix because each phase must be completed before moving to the next, making it difficult to loop back and address vulnerabilities.
Question 2
What does the acronym 'SAMM' stand for, and what is its primary purpose in software security?
Answer: SAMM stands for Software Assurance Maturity Model. It is an open framework that helps organizations formulate and implement a software security strategy aligned with their risk tolerance and business needs.
Question 3
Which phase of the SDLC is the MOST cost-effective place to identify and remediate security requirements?
Answer: The requirements phase. Identifying and addressing security requirements at this earliest stage is significantly cheaper than fixing vulnerabilities discovered during testing or after deployment.
Question 4
What is the primary security principle behind Microsoft's Security Development Lifecycle (SDL)?
Answer: The SDL integrates security and privacy practices at every phase of software development, aiming to reduce the number and severity of vulnerabilities by building security in from the start rather than adding it afterward.
Question 5
In Agile development, what security practice helps ensure that security requirements are addressed within each sprint?
Answer: Including security user stories and acceptance criteria in the product backlog ensures security requirements are defined, prioritized, and tested within each sprint iteration.