WGU D487 PRE-ASSESSMENT: SECURE
SOFTWARE DESIGN (KEO1) (PKEO)
Exam Questions With Revised Correct
Answers
BEST UPDATED!!
1) What are the 11 security design principles? - ANSWER
Least privilege, Separation of duties, Defense in depth, fail-
safe, Economy of mechanism, Complete mediation, Open
Design, Least common mechanism, Psychological
acceptability, Weakest link, Leveraging existing
components
2) Software Security Maturity Models and the SDL
- ANSWER OWASP's Open Software Assurance Maturity
Model (OpenSAMM)
Building Security in Maturity Model
3) OpenSAMM: Governance
- ANSWER is centered on the processes and activities
related to how an organization manages overall software
development activities. More specifically, this includes
,concerns confronting cross-cut groups involved in development
as well as business processes that are established at the
organization level.
4) OpenSAMM: Construction
- ANSWER concerns the processes and activities related to
how an organization defines goals and creates software within
development projects. In general, this includes product
management, requirements gathering, high-level architecture
specifications, detailed design, and implementation.
5) OpenSAMM: Verification
- ANSWER focused on the processes and activities related
to how an organization checks and tests artifacts produced
throughout software development. This typically includes
quality assurance (QA) work such as testing, but it can also
include other review and evaluation activities.
6) OpenSAMM: Deployment
- ANSWER entails the processes and activities related to
how an organization manages the release of software that has
been created. This can involve shipping products to end users,
deploying products to internal or external hosts, and normal
operations of software in the runtime environment.
7) Governance Core Practice Areas
- ANSWER Strategy and Metrics (SM), Policy and
Compliance (PC), Education and Guidance (EG)
, 8) Construction Core Practice Areas
- ANSWER Threat Assessment (TA), Security Requirements
(SR), Secure Architecture (SA)
9) Verification Core Practice Areas
Design Review (DR), Code Review (CR), Security Testing (ST)
Deployment Core Practice Areas
Vulnerability Management (VM), Environment Hardening (EH),
Operation Enablement (OE)
The scrum team is attending their morning meeting, which is
scheduled atthe beginning of the work day. Each team member
reports what they accomplished yesterday, what they plan to
accomplish today, and if they have any impediments that may
cause them to miss their delivery deadline.
Daily scrum
Which secure coding best practice says to use parameterized
queries, encrypted connection strings stored in separate
configuration files, and strong passwords or multi-factor
authentication?
Database security
Which secure coding best practice says that all information
passed to other systems should be encrypted?
Communication security
SOFTWARE DESIGN (KEO1) (PKEO)
Exam Questions With Revised Correct
Answers
BEST UPDATED!!
1) What are the 11 security design principles? - ANSWER
Least privilege, Separation of duties, Defense in depth, fail-
safe, Economy of mechanism, Complete mediation, Open
Design, Least common mechanism, Psychological
acceptability, Weakest link, Leveraging existing
components
2) Software Security Maturity Models and the SDL
- ANSWER OWASP's Open Software Assurance Maturity
Model (OpenSAMM)
Building Security in Maturity Model
3) OpenSAMM: Governance
- ANSWER is centered on the processes and activities
related to how an organization manages overall software
development activities. More specifically, this includes
,concerns confronting cross-cut groups involved in development
as well as business processes that are established at the
organization level.
4) OpenSAMM: Construction
- ANSWER concerns the processes and activities related to
how an organization defines goals and creates software within
development projects. In general, this includes product
management, requirements gathering, high-level architecture
specifications, detailed design, and implementation.
5) OpenSAMM: Verification
- ANSWER focused on the processes and activities related
to how an organization checks and tests artifacts produced
throughout software development. This typically includes
quality assurance (QA) work such as testing, but it can also
include other review and evaluation activities.
6) OpenSAMM: Deployment
- ANSWER entails the processes and activities related to
how an organization manages the release of software that has
been created. This can involve shipping products to end users,
deploying products to internal or external hosts, and normal
operations of software in the runtime environment.
7) Governance Core Practice Areas
- ANSWER Strategy and Metrics (SM), Policy and
Compliance (PC), Education and Guidance (EG)
, 8) Construction Core Practice Areas
- ANSWER Threat Assessment (TA), Security Requirements
(SR), Secure Architecture (SA)
9) Verification Core Practice Areas
Design Review (DR), Code Review (CR), Security Testing (ST)
Deployment Core Practice Areas
Vulnerability Management (VM), Environment Hardening (EH),
Operation Enablement (OE)
The scrum team is attending their morning meeting, which is
scheduled atthe beginning of the work day. Each team member
reports what they accomplished yesterday, what they plan to
accomplish today, and if they have any impediments that may
cause them to miss their delivery deadline.
Daily scrum
Which secure coding best practice says to use parameterized
queries, encrypted connection strings stored in separate
configuration files, and strong passwords or multi-factor
authentication?
Database security
Which secure coding best practice says that all information
passed to other systems should be encrypted?
Communication security
