WGU D487- SECURE SOFTWARE
DESIGN EXAM || 1200 EXAM
QUESTIONS AND CORRECT ANSWERS
2024\2025 EXAM
What is the study of real-world software security initiatives organized so
companies can measure their initiatives and understand how to evolve
them over time?
A) Building Security in Maturity Model (BSIMM)
B) Security features and design
C) OWASP Software Assurance Maturity Model (SAMM)
D) ISO 27001
A) Building Security in Maturity Model (BSIMM)
What is the analysis of computer software that is performed without
executing programs?
A) Static analysis
B) Fuzzing
C) Dynamic analysis
D) OWASP ZAP
,A) Static analysis
What iso standard is the benchmark for information security today?
A) iso/iec 27001
B) iso/iec 7799
C) iso/iec 27034
D) iso 8601
A) iso 27001
what is the analysis of computer software that is performed by executing
programs on a real or virtual processor in real time?
A) dynamic analysis
B) static analysis
C) fuzzing
D) security testing
A) dynamic analysis
which person is responsible for designing, planning, and implementing
secure coding practices and security testing methodologies?
A) software security architect
B) product security developer
C) software security champion
D) software tester
A) software security architect
A company is preparing to add a new feature to its flagship software
product. The new feature is similar to features that have been added in
previous years, and the requirements are well-documented. The project
is expected to last three to four months, at which time the new feature
will be released to customers. Project team members will focus solely on
,the new feature until the project ends.
Which software development methodology is being used?
A) Waterfall
B) Agile
C) Scrum
D) Extreme programming
A) Waterfall
A new product will require an administration section for a small number
of users. Normal users will be able to view limited customer information
and should not see admin functionality within the application.
Which concept is being used?
A) Principle of least privilege
B) Privacy
C) Software security champion
D) Elevation of privilege
A) Principle of least privilege
The software security team is currently working to identify approaches
for input validation, authentication, authorization, and configuration
management of a new software product so they can deliver a security
profile.
Which threat modeling step is being described?
A) Analyzing the target
B) Drawing data flow diagram
C) Rating threats
D) Identifying and documenting threats
, A) Analyzing the target
The scrum team is attending their morning meeting, which is scheduled
at the beginning of the work day. Each team member reports what they
accomplished yesterday, what they plan to accomplish today, and if they
have any impediments that may cause them to miss their delivery
deadline.
Which scrum ceremony is the team participating in?
A) Daily scrum
B) Sprint review
C) Sprint retrospective
D) Sprint planning
A) Daily scrum
what is a list of information security vulnerabilities that aims to provide
names for publicly known problems?
A) common computer vulnerabilities and exposures (CVE)
B) SANS institute top cyber security risks
C) bugtraq
D) Carnegie melon computer emergency readiness team (CERT)
A) common computer vulnerabilities and exposures (CVE)
which secure coding best practice uses well-tested, publicly available
algorithms to hide product data from unauthorized access?
A) access control
B) authentication and password management
C) cryptographic practices
D) data protection
C) cryptographic practices
DESIGN EXAM || 1200 EXAM
QUESTIONS AND CORRECT ANSWERS
2024\2025 EXAM
What is the study of real-world software security initiatives organized so
companies can measure their initiatives and understand how to evolve
them over time?
A) Building Security in Maturity Model (BSIMM)
B) Security features and design
C) OWASP Software Assurance Maturity Model (SAMM)
D) ISO 27001
A) Building Security in Maturity Model (BSIMM)
What is the analysis of computer software that is performed without
executing programs?
A) Static analysis
B) Fuzzing
C) Dynamic analysis
D) OWASP ZAP
,A) Static analysis
What iso standard is the benchmark for information security today?
A) iso/iec 27001
B) iso/iec 7799
C) iso/iec 27034
D) iso 8601
A) iso 27001
what is the analysis of computer software that is performed by executing
programs on a real or virtual processor in real time?
A) dynamic analysis
B) static analysis
C) fuzzing
D) security testing
A) dynamic analysis
which person is responsible for designing, planning, and implementing
secure coding practices and security testing methodologies?
A) software security architect
B) product security developer
C) software security champion
D) software tester
A) software security architect
A company is preparing to add a new feature to its flagship software
product. The new feature is similar to features that have been added in
previous years, and the requirements are well-documented. The project
is expected to last three to four months, at which time the new feature
will be released to customers. Project team members will focus solely on
,the new feature until the project ends.
Which software development methodology is being used?
A) Waterfall
B) Agile
C) Scrum
D) Extreme programming
A) Waterfall
A new product will require an administration section for a small number
of users. Normal users will be able to view limited customer information
and should not see admin functionality within the application.
Which concept is being used?
A) Principle of least privilege
B) Privacy
C) Software security champion
D) Elevation of privilege
A) Principle of least privilege
The software security team is currently working to identify approaches
for input validation, authentication, authorization, and configuration
management of a new software product so they can deliver a security
profile.
Which threat modeling step is being described?
A) Analyzing the target
B) Drawing data flow diagram
C) Rating threats
D) Identifying and documenting threats
, A) Analyzing the target
The scrum team is attending their morning meeting, which is scheduled
at the beginning of the work day. Each team member reports what they
accomplished yesterday, what they plan to accomplish today, and if they
have any impediments that may cause them to miss their delivery
deadline.
Which scrum ceremony is the team participating in?
A) Daily scrum
B) Sprint review
C) Sprint retrospective
D) Sprint planning
A) Daily scrum
what is a list of information security vulnerabilities that aims to provide
names for publicly known problems?
A) common computer vulnerabilities and exposures (CVE)
B) SANS institute top cyber security risks
C) bugtraq
D) Carnegie melon computer emergency readiness team (CERT)
A) common computer vulnerabilities and exposures (CVE)
which secure coding best practice uses well-tested, publicly available
algorithms to hide product data from unauthorized access?
A) access control
B) authentication and password management
C) cryptographic practices
D) data protection
C) cryptographic practices
