Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

WGU FailSafe Web Application Penetration Test Findings Report | Complete Security Assessment | Passed Performance Assessment 2026.

Rating
-
Sold
-
Pages
33
Grade
A+
Uploaded on
08-07-2026
Written in
2025/2026

WGU FailSafe Web Application Penetration Test Findings Report | Complete Security Assessment | Passed Performance Assessment 2026.

Institution
WGU FailSafe Web Application Penetration
Course
WGU FailSafe Web Application Penetration

Content preview

WGU FailSafe Web Application Penetration Test
Findings Report | Complete Security Assessment |
Passed Performance Assessment 2026.


Foundational Security Principles

1. Which security principle requires that access to an object should be denied
unless explicitly granted?
A) Complete Mediation
B) Least Privilege
C) Fail-Safe Defaults
D) Open Design

Rationale: The fail-safe defaults principle, also known as "fail closed," dictates that
unless a subject is given explicit access to an object, access should be denied . This
ensures the system defaults to a secure state.

2. What is the application of multiple layers of protection so that if one layer is
breached, the next provides protection?
A) Fail-safe
B) Defense in Depth
C) Separation of Duties
D) Open Design

Rationale: Defense in depth is a security strategy that uses multiple layers of security
controls to provide redundancy in case one control fails or is compromised .

3. Which principle assumes that attackers have access to the sources and the
specifications?
A) Fail-safe

,B) Open Design
C) Economy of Mechanism
D) Psychological Acceptability

Rationale: The open design principle states that the security of a system should not
depend on the secrecy of its design or implementation. It assumes attackers can obtain
the source code and design documents .

4. Which secure coding best practice ensures servers, frameworks, and system
components are all running the latest approved versions?
A) Database Security
B) Cryptographic Practices
C) System Configuration
D) Input Validation

Rationale: System configuration best practices involve keeping all software components
up-to-date with the latest security patches and approved versions to mitigate known
vulnerabilities .

5. Which best practice is being applied when a database uses parameterized
queries and encrypted connection strings?
A) Access Control
B) Database Security
C) File Management
D) Session Management

Rationale: Database security best practices include using parameterized queries to
prevent SQL injection and encrypting connection strings to protect credentials .

6. Which security principle requires that all accesses to objects be checked to
ensure they are allowed?
A) Fail-Safe Defaults
B) Least Privilege

,C) Complete Mediation
D) Separation of Privilege

Rationale: Complete mediation requires that every access attempt to a resource is
checked against the access control policy, ensuring no access is performed without
authorization .

7. Which person is responsible for designing, planning, and implementing secure
coding practices and security testing methodologies?
A) Software Security Champion
B) Product Security Developer
C) Software Security Architect
D) Software Tester

Rationale: The software security architect is responsible for the overarching security
design and the implementation of secure practices and testing methodologies .

8. Which secure coding best practice uses well-tested, publicly available
algorithms to hide product data from unauthorized access?
A) Authentication and Password Management
B) Cryptographic Practices
C) Data Protection
D) Output Encoding

Rationale: Cryptographic practices involve using strong, well-vetted algorithms for
encryption, hashing, and signing to protect sensitive data .

9. Which secure coding best practice states that all information passed to other
systems should be encrypted?
A) Memory Management
B) Database Security
C) Communication Security
D) Output Encoding

, Rationale: Communication security best practices ensure that all data transmitted
between systems is encrypted using protocols like TLS to prevent eavesdropping and
tampering .

10. Which concept is being applied when normal users cannot see admin
functionality within an application?
A) Privacy
B) Principle of Least Privilege (POLP)
C) Software Security Champion
D) Elevation of Privilege

Rationale: The Principle of Least Privilege ensures that users are granted only the
permissions necessary to perform their job functions. This prevents normal users from
accessing administrative functions .


Threat Modeling and Risk Assessment

11. In the STRIDE threat model, what does the 'R' stand for?
A) Resource Exhaustion
B) Repudiation
C) Reconnaissance
D) Replay

Rationale: STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure,
Denial of Service, and Elevation of Privilege. Repudiation is the ability of a user to deny
performing an action without proof .

12. What type of attack is 'surgical' by nature, has highly specific targeting, and is
technologically sophisticated?
A) Tactical Attacks
B) Strategic Attacks

Written for

Institution
WGU FailSafe Web Application Penetration
Course
WGU FailSafe Web Application Penetration

Document information

Uploaded on
July 8, 2026
Number of pages
33
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$27.99
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller
Seller avatar
sirtyhuktt

Get to know the seller

Seller avatar
sirtyhuktt Teachme2-tutor
View profile
Follow You need to be logged in order to follow users or courses
Sold
5
Member since
2 year
Number of followers
2
Documents
507
Last sold
2 months ago

0.0

0 reviews

5
0
4
0
3
0
2
0
1
0

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions