K
C
LO
YC
D
U
ST
WGU D487 PRE-ASSESSMENT: SECURE
SOFTWARE DESIGN (KEO1) (PKEO)
, What is a study of real-world software security initiatives organized so companies can measure
their initiatives and understand how to evolve them over time?, - ANS Building Security In
Maturity Model (BSIMM)
What is the analysis of computer software that is performed without executing programs? - ANS
Static analysis
Which International Organization for Standardization (ISO) standard is the benchmark for
K
information security today? - ANS ISO/IEC 27001.
What is the analysis of computer software that is performed by executing programs on a real or
C
virtual processor in real time?, - ANS Dynamic analysis
Which person is responsible for designing, planning, and implementing secure coding practices
LO
and security testing methodologies? - ANS Software security architect
A company is preparing to add a new feature to its flagship software product. The new feature is
similar to features that have been added in previous years, and the requirements are
well-documented. The project is expected to last three to four months, at which time the new
YC
feature will be released to customers. Project team members will focus solely on the new
feature until the project ends. Which software development methodology is being used? - ANS
Waterfall
A new product will require an administration section for a small number of users. Normal users
will be able to view limited customer information and should not see admin functionality within
D
the application. Which concept is being used? - ANS Principle of least privilege
The scrum team is attending their morning meeting, which is scheduled at the beginning of the
U
work day. Each team member reports what they accomplished yesterday, what they plan to
accomplish today, and if they have any impediments that may cause them to miss their delivery
deadline. Which scrum ceremony is the team participating in? - ANS Daily Scrum
ST
What is a list of information security vulnerabilities that aims to provide names for publicly known
problems? - ANS Common computer vulnerabilities and exposures (CVE)
Which secure coding best practice uses well-tested, publicly available algorithms to hide
product data from unauthorized access? - ANS Cryptographic practices
Which secure coding best practice uses well-tested, publicly available algorithms to hide
product data from unauthorized access? - ANS Cryptographic practices
C
LO
YC
D
U
ST
WGU D487 PRE-ASSESSMENT: SECURE
SOFTWARE DESIGN (KEO1) (PKEO)
, What is a study of real-world software security initiatives organized so companies can measure
their initiatives and understand how to evolve them over time?, - ANS Building Security In
Maturity Model (BSIMM)
What is the analysis of computer software that is performed without executing programs? - ANS
Static analysis
Which International Organization for Standardization (ISO) standard is the benchmark for
K
information security today? - ANS ISO/IEC 27001.
What is the analysis of computer software that is performed by executing programs on a real or
C
virtual processor in real time?, - ANS Dynamic analysis
Which person is responsible for designing, planning, and implementing secure coding practices
LO
and security testing methodologies? - ANS Software security architect
A company is preparing to add a new feature to its flagship software product. The new feature is
similar to features that have been added in previous years, and the requirements are
well-documented. The project is expected to last three to four months, at which time the new
YC
feature will be released to customers. Project team members will focus solely on the new
feature until the project ends. Which software development methodology is being used? - ANS
Waterfall
A new product will require an administration section for a small number of users. Normal users
will be able to view limited customer information and should not see admin functionality within
D
the application. Which concept is being used? - ANS Principle of least privilege
The scrum team is attending their morning meeting, which is scheduled at the beginning of the
U
work day. Each team member reports what they accomplished yesterday, what they plan to
accomplish today, and if they have any impediments that may cause them to miss their delivery
deadline. Which scrum ceremony is the team participating in? - ANS Daily Scrum
ST
What is a list of information security vulnerabilities that aims to provide names for publicly known
problems? - ANS Common computer vulnerabilities and exposures (CVE)
Which secure coding best practice uses well-tested, publicly available algorithms to hide
product data from unauthorized access? - ANS Cryptographic practices
Which secure coding best practice uses well-tested, publicly available algorithms to hide
product data from unauthorized access? - ANS Cryptographic practices
