WGU (D487, KEO1) Secure Software Design Exam Questions Instant Access

Question 1

A potential threat was discovered during vulnerability testing when an environment configuration file was found that contained the database username and password stored in plain text.

How should existing security controls be adjusted to prevent this in the future?

AEnforce Role-Based Authorization

BEncrypt Secrets in Storage and Transit

CEnsure Strong Password Policies are in Effect

DValidate All User Input

Answer : B

Question 2

What is an advantage of using the Agile development methodology?

ACustomer satisfaction is improved through rapid and continuous delivery of useful software.

BEach stage is clearly defined, making it easier to assign clear roles to teams and departments who feed into the project.

CThe overall plan fits very neatly into a Gantt chart so a project manager can easily view the project timeline.

DThere is much less predictability throughout the project regarding deliverables.

Answer : A

Question 3

Which category classifies identified threats that have some defenses in place and expose the application to limited exploits?

AFully Mitigated Threat

BUnmitigated Threats

CThreat Profile

DPartially Mitigated Threat

Answer : D

Question 4

What refers to the review of software source code by developers other than the original coders to try to identify oversights, mistakes, assumptions, a lack of knowledge, or even experience?

AUser acceptance testing

BManual peer review

CFault injection

DDynamic code review

Answer : B

Manual peer review refers to the systematic examination of software source code by developers other than the original author. This practice is recognized as a valuable tool for reducing software defects and improving the quality of software projects. It involves developers inspecting the code to find and fix mistakes overlooked in the initial development phase, which enhances both the overall quality of software and the developers' skills. Peer code review is less formal and more ''lightweight'' than the code inspections performed in the past, and it provides benefits such as knowledge transfer, increased team awareness, and creation of alternative solutions to problems.

Expectations, Outcomes, and Challenges Of Modern Code Review1

Introduction to Software Engineering/Quality/Code Review2

Software Security during Modern Code Review: The Developer's Perspective3

Question 5

The software security group is conducting a maturity assessment using the Open Web Application Security Project Software Assurance Maturity Model (OWASP OpenSAMM). They are currently focused on reviewing design artifacts to ensure they comply with organizational security standards.

Which OpenSAMM business function is being assessed?

AConstruction

BDeployment

CVerification

DGovernance

Answer : C

The OpenSAMM business function being assessed is Verification. This function involves activities related to reviewing and testing to ensure that the software meets the required security standards and practices. In the context of the question, the software security group's focus on reviewing design artifacts to ensure compliance with organizational security standards falls under the Verification function. This includes tasks such as design review, implementation review, and security testing, which are all aimed at verifying that the security measures and controls are correctly integrated into the software design.

Question 6

Which secure coding best practice says to only use tested and approved components and use task-specific, built-in APIs to conduct operating system functions?

ASession Management

BAuthentication and Password Management

CData Protection

DGeneral Coding Practices

Answer : D

Question 7

Which privacy impact statement requirement type defines how personal information will be protected when authorized or independent external entities are involved?

APersonal information retention requirements

BUser controls requirements

CThird party requirements

DData integrity requirements

Answer : C

The privacy impact statement requirement that defines how personal information will be protected when authorized or independent external entities are involved is best categorized under Third party requirements. This aspect of privacy impact assessments ensures that personal data is safeguarded even when it is necessary to involve third parties, which could be service providers, partners, or other entities that might handle personal information on behalf of the primary organization. These requirements typically include stipulations for data handling agreements, security measures, and compliance checks to ensure that third parties maintain the confidentiality and integrity of the personal information they process.

Guide to undertaking privacy impact assessments | OAIC1

A guide to Privacy Impact Assessments - Information and Privacy2

Personal Information Protection Law of China: Key Compliance Considerations3

Privacy Impact Assessment - General Data Protection Regulation (GDPR)4

Privacy impact assessment (PIA) - TechTarget5

WGU Secure Software Design (D487, KEO1) Exam WGU (D487, KEO1) Secure Software Design Exam Questions