CDP CDP Secure Software Development Lifecycle

Question 1

Which phase of the Secure SDLC is MOST critical for identifying security requirements before any code is written?

Accepted Answer

Requirements/Design

Answer

Testing

Answer

Deployment

Answer

Maintenance

Question 2

What is the primary purpose of threat modeling in the Secure SDLC?

Accepted Answer

Identify and prioritize potential threats early in design

Answer

Automate code deployment

Answer

Monitor production systems

Answer

Patch vulnerabilities after release

Question 3

Which tool category performs Static Application Security Testing (SAST)?

Accepted Answer

Source code analyzers

Answer

Runtime monitoring agents

Answer

Network scanners

Answer

Penetration testing frameworks

Question 4

Dynamic Application Security Testing (DAST) differs from SAST because it:

Accepted Answer

Tests the running application by sending crafted requests

Answer

Scans infrastructure configurations

Answer

Reviews developer commit history

Answer

Checks software licenses

Question 5

A 'security gate' in a CI/CD pipeline is designed to:

Accepted Answer

Block promotion of code that fails security checks

Answer

Speed up build times

Answer

Notify developers of new features

Answer

Archive build artifacts

Question 6

Software Composition Analysis (SCA) is primarily used to:

Accepted Answer

Identify vulnerabilities in open-source and third-party dependencies

Answer

Test API endpoints for injection

Answer

Monitor user behavior at runtime

Answer

Encrypt data at rest