WGU D487 PRE-ASSESSMENT:
SECURE SOFTWARE DESIGN (KEO1)
(PKEO)Latest Update(100%
ACCURATE!!)
What is a study of real-world software security initiatives organized so companies can measure their
initiatives and understand how to evolve them over time?, - ANSWER Building Security In Maturity
Model (BSIMM)
What is the analysis of computer software that is performed without executing programs? - ANSWER
Static analysis
Which International Organization for Standardization (ISO) standard is the benchmark for information
security today? - ANSWER ISO/IEC 27001.
What is the analysis of computer software that is performed by executing programs on a real or
virtual processor in real time?, - ANSWER Dynamic analysis
Which person is responsible for designing, planning, and implementing secure coding practices and
security testing methodologies? - ANSWER Software security architect
A company is preparing to add a new feature to its flagship software product. The new feature is
similar to features that have been added in previous years, and the requirements are well-
documented. The project is expected to last three to four months, at which time the new feature will
be released to customers. Project team members will focus solely on the new feature until the
project ends. Which software development methodology is being used? - ANSWER Waterfall
A new product will require an administration section for a small number of users. Normal users will
be able to view limited customer information and should not see admin functionality within the
application. Which concept is being used? - ANSWER Principle of least privilege
The scrum team is attending their morning meeting, which is scheduled at the beginning of the work
day. Each team member reports what they accomplished yesterday, what they plan to accomplish
today, and if they have any impediments that may cause them to miss their delivery deadline. Which
scrum ceremony is the team participating in? - ANSWER Daily Scrum
, What is a list of information security vulnerabilities that aims to provide names for publicly known
problems? - ANSWER Common computer vulnerabilities and exposures (CVE)
Which secure coding best practice uses well-tested, publicly available algorithms to hide product
data from unauthorized access? - ANSWER Cryptographic practices
Which type of requirement specifies that file formats the application sends to financial institutions
must be certified every four years? - ANSWER Compliance requirement
Which type of requirement specifies that credit card numbers displayed in the application will be
masked so they only show the last four digits? - ANSWER Privacy requirement
Which type of requirement specifies that user passwords will require a minimum of 8 characters and
must include at least one uppercase character, one number, and one special character? - ANSWER
Security requirement
Which type of requirement specifies that credit card numbers are designated as highly sensitive
confidential personal information? - ANSWER Data classification requirement
Which privacy impact statement requirement type defines how personal information is protected on
devices used by more than a single associate? - ANSWER Privacy control requirements
In which step of the PASTA threat modeling methodology does design flaw analysis take place? -
ANSWER Vulnerability and weakness analysis
Which privacy impact statement requirement type defines who has access to personal information
within the product? - ANSWER Access requirements
Which security assessment deliverable defines milestones that will be met during each phase of the
project, merged into the product development schedule? - ANSWER SDL project outline
Which architecture deliverable identifies whether the product adheres to organization security rules?
- ANSWER Policy compliance analysis
SECURE SOFTWARE DESIGN (KEO1)
(PKEO)Latest Update(100%
ACCURATE!!)
What is a study of real-world software security initiatives organized so companies can measure their
initiatives and understand how to evolve them over time?, - ANSWER Building Security In Maturity
Model (BSIMM)
What is the analysis of computer software that is performed without executing programs? - ANSWER
Static analysis
Which International Organization for Standardization (ISO) standard is the benchmark for information
security today? - ANSWER ISO/IEC 27001.
What is the analysis of computer software that is performed by executing programs on a real or
virtual processor in real time?, - ANSWER Dynamic analysis
Which person is responsible for designing, planning, and implementing secure coding practices and
security testing methodologies? - ANSWER Software security architect
A company is preparing to add a new feature to its flagship software product. The new feature is
similar to features that have been added in previous years, and the requirements are well-
documented. The project is expected to last three to four months, at which time the new feature will
be released to customers. Project team members will focus solely on the new feature until the
project ends. Which software development methodology is being used? - ANSWER Waterfall
A new product will require an administration section for a small number of users. Normal users will
be able to view limited customer information and should not see admin functionality within the
application. Which concept is being used? - ANSWER Principle of least privilege
The scrum team is attending their morning meeting, which is scheduled at the beginning of the work
day. Each team member reports what they accomplished yesterday, what they plan to accomplish
today, and if they have any impediments that may cause them to miss their delivery deadline. Which
scrum ceremony is the team participating in? - ANSWER Daily Scrum
, What is a list of information security vulnerabilities that aims to provide names for publicly known
problems? - ANSWER Common computer vulnerabilities and exposures (CVE)
Which secure coding best practice uses well-tested, publicly available algorithms to hide product
data from unauthorized access? - ANSWER Cryptographic practices
Which type of requirement specifies that file formats the application sends to financial institutions
must be certified every four years? - ANSWER Compliance requirement
Which type of requirement specifies that credit card numbers displayed in the application will be
masked so they only show the last four digits? - ANSWER Privacy requirement
Which type of requirement specifies that user passwords will require a minimum of 8 characters and
must include at least one uppercase character, one number, and one special character? - ANSWER
Security requirement
Which type of requirement specifies that credit card numbers are designated as highly sensitive
confidential personal information? - ANSWER Data classification requirement
Which privacy impact statement requirement type defines how personal information is protected on
devices used by more than a single associate? - ANSWER Privacy control requirements
In which step of the PASTA threat modeling methodology does design flaw analysis take place? -
ANSWER Vulnerability and weakness analysis
Which privacy impact statement requirement type defines who has access to personal information
within the product? - ANSWER Access requirements
Which security assessment deliverable defines milestones that will be met during each phase of the
project, merged into the product development schedule? - ANSWER SDL project outline
Which architecture deliverable identifies whether the product adheres to organization security rules?
- ANSWER Policy compliance analysis
