Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

WGU Secure-Software-Design - WGU Secure Software Design (D487, KEO1) Exam

WGU Secure-Software-Design Premium Access     Download Demo    
Page: 1 / 4
Total 118 questions

What is an advantage of using the Agile development methodology?

A.

Customer satisfaction is improved through rapid and continuous delivery of useful software.

B.

Each stage is clearly defined, making it easier to assign clear roles to teams and departments who feed into the project.

C.

The overall plan fits very neatly into a Gantt chart so a project manager can easily view the project timeline.

D.

There is much less predictability throughout the project regarding deliverables.

Which secure software design principle assumes attackers have the source code and specifications of the product?

A.

Open Design

B.

Psychological Acceptability

C.

Total Mediation

D.

Separation of Privileges

The security team is identifying technical resources that will be needed to perform the final product security review.

Which step of the final product security review process are they in?

A.

Release and Ship

B.

Identify Feature Eligibility

C.

Evaluate and Plan for Remediation

D.

Assess Resource Availability

What is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or distribution to provide confidentiality, integrity, and availability?

A.

Availability

B.

Integrity

C.

Confidentiality

D.

Information Security

During fuzz testing of the new product, an exception was thrown on the order entry view, which caused a full stack dump to be displayed in the browser window that included function names from the source code.

How should existing security controls be adjusted to prevent this in the future?

A.

Ensure privileges are restored after application exceptions

B.

Ensure all exceptions are handled in a standardized way

C.

Ensure private information is not logged

D.

Ensure sensitive information is scrubbed from all error messages

Credit card numbers are encrypted when stored in the database but are automatically decrypted when data is fetched. The testing tool intercepted the GET response, and testers were able to view credit card numbers as clear text.

How should the organization remediate this vulnerability?

A.

Never cache sensitive data

B.

Ensure there is an audit trail for all sensitive transactions

C.

Ensure all data in transit is encrypted

D.

Enforce role-based authorization controls in all application layers

Which threat modeling approach concentrates on things the organization wants to protect?

A.

Asset-centric

B.

Server-centric

C.

Attacker-centric

D.

Application-centric

An individual is developing a software application that has a back-end database and is concerned that a malicious user may run the following SOL query to pull information about all accounts from the database:

Which technique should be used to detect this vulnerability without running the source codes?

A.

Dynamic analysis

B.

Cross-site scripting

C.

Static analysis

D.

Fuzz testing

The software security team is performing security testing for a new software product that is close to production release. They are concentrating on integrations between the new product and database servers, web servers, and web services.

Which security testing technique is being used?

A.

Fuzz testing

B.

Dynamic code analysis

C.

Binary fault injection

D.

Binary code analysis

Which mitigation technique can be used to light against a threat where a user may gain access to administrator level functionality?

A.

Encryption

B.

Quality of service

C.

Hashes

D.

Run with least privilege