Free Secure-Software-Design Practice Test Questions 2026

Which security assessment deliverable identities possible security vulnerabilities in the product?

A. Which security assessment deliverable identities possible security vulnerabilities in the product?

B. SDL project outline

C. Metrics template

D. Threat profile

E. List of third-party software

A company is moving forward with a new product. Product scope has been determined, teams have formed, and backlogs have been created. Developers areactively writing code for the new product, with one team concentrating on delivering data via REST services, one Team working on the mobile apps, and a third team writing the web application.

Which phase of the software development lifecycle(SDLC) is being described?

A. Deployment

B. Design

C. Implementation

D. Requirements

The software security group is conducting a maturity assessment using the Building Security in Maturity Model (BSIMM). They are currently focused on reviewing attack models created during recently completed initiatives.

Which BSIMM domain is being assessed?

A. Governance

B. Software security development life cycle (SSDL) touchpoints

C. Intelligence

D. Deployment

What is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or distribution to provide confidentiality, integrity, and availability?

A. Availability

B. Integrity

C. Confidentiality

D. Information Security

Which security assessment deliverable defines measures that can be periodically reported to management?

A. Metrics Template

B. SDL Project Outline

C. Threat Profile

D. Product Risk Profile

Which software-testing technique can be automated or semi-automated and provides invalid, unexpected, or random data to the inputs of a computer software program?

A. Fuzzing

B. Static analysis

C. Dynamic analysis

D. Bugtraq

Which type of security analysis is performed by injecting malformed data into open interfaces of an executable or running application and is most commonly executed during the testing or deployment phases of the SDLC?

A. Static Analysis

B. Fuzz Testing

C. Dynamic Analysis

D. Manual Code Review

Which secure coding practice uses role-based authentication where department-specific credentials will authorize department-specific functionality?

A. Access Control

B. Data Protection

C. Input Validation

D. Authentication

Which secure coding best practice says to only use tested and approved components and use task-specific, built-in APIs to conduct operating system functions?

A. Session Management

B. Authentication and Password Management

C. Data Protection

D. General Coding Practices

Which secure coding practice involves clearing all local storage as soon as a user logs of for the night and will automatically log a user out after an hour of inactivity?

A. Access control

B. System configuration

C. Communication security

D. Session management

Which software control test examines the internal logical structures of a program and steps through the code line by line to analyze the program for potential errors?

A. White box testing

B. Reasonableness testing

C. Black box testing

D. Dynamic testing

The Chief Information Security Officer (CISO) has recommended contracting with external experts to perform annual reviews of the enterprise's software products, including penetration testing. Which post-release deliverable is being described?

A. Security Strategy for Legacy Code

B. Post-Release Certifications

C. Third-Party Security Review

D. External Vulnerability Disclosure Response Process