D487- WGU Secure Software Design Practice Exam Guide
with Multiple Choice Questions and Verified Answers
100% Graded A+
1. What is the study of real-world software security initiatives organized so
companies can measure their initiatives and understand how to evolve them
over time?
-Building Security in Maturity Model (BSIMM)
-Security features and design
-OWASP Software Assurance Maturity Model (SAMM)
-ISO 27001: -Building Security in Maturity Model (BSIMM)
2. What is the analysis of computer software that is performed without execut-ing
programs?
-static analysis
-fuzzing
-dynamic analysis
-owasp zap: -static analysis
3. what iso standard is the benchmark for information security today?
-iso 27001
-iso 7799
-iso 27034
-iso 8601: -iso 27001
4. what is the analysis of computer software that is performed by executing
,programs on a real or virtual processor in real time?
-dynamic analysis
-static analysis
-fuzzing
-security testing: -dynamic analysis
5. which person is responsible for designing, planning, and implementing
secure coding practices and security testing methodologies?
-software security architect
-product security developer
-software security champion
-software tester: -software security architect
6. what is a list of information security vulnerabilities that aims to provide
names for publicly known problems?
-common computer vulnerabilities and exposures (CVE)
- SANS institute top cyber security risks
-bugtraq
- Carnegie melon computer emergency readiness team (CERT): -common com-
puter vulnerabilities and exposures (CVE)
7. which secure coding best practice uses well-tested, publicly available algo-
rithms to hide product data from unauthorized access?
, -access control
-authentication and password management
-cryptographic practices
-data protection: -cryptographic practices
8. which secure coding best practice ensures servers, frameworks, and sys-tem
components are all running the latest approved versions?
-file management
-input validation
-database security
-system configuration: -system configuration
9. Which secure coding best practice says to use parameterized queries, en-
crypted connection strings stored in separate configuration files, and strong
passwords or multi-factor authentication?
-access control
-database security
-file management
-session management: -database security
10. which secure coding best practice says that all information passed to other
systems should be encrypted?
-output encoding
-memory management
-communication security
-database security: -communication security
11. A company is preparing to add a new feature to its flagship software prod-uct.
with Multiple Choice Questions and Verified Answers
100% Graded A+
1. What is the study of real-world software security initiatives organized so
companies can measure their initiatives and understand how to evolve them
over time?
-Building Security in Maturity Model (BSIMM)
-Security features and design
-OWASP Software Assurance Maturity Model (SAMM)
-ISO 27001: -Building Security in Maturity Model (BSIMM)
2. What is the analysis of computer software that is performed without execut-ing
programs?
-static analysis
-fuzzing
-dynamic analysis
-owasp zap: -static analysis
3. what iso standard is the benchmark for information security today?
-iso 27001
-iso 7799
-iso 27034
-iso 8601: -iso 27001
4. what is the analysis of computer software that is performed by executing
,programs on a real or virtual processor in real time?
-dynamic analysis
-static analysis
-fuzzing
-security testing: -dynamic analysis
5. which person is responsible for designing, planning, and implementing
secure coding practices and security testing methodologies?
-software security architect
-product security developer
-software security champion
-software tester: -software security architect
6. what is a list of information security vulnerabilities that aims to provide
names for publicly known problems?
-common computer vulnerabilities and exposures (CVE)
- SANS institute top cyber security risks
-bugtraq
- Carnegie melon computer emergency readiness team (CERT): -common com-
puter vulnerabilities and exposures (CVE)
7. which secure coding best practice uses well-tested, publicly available algo-
rithms to hide product data from unauthorized access?
, -access control
-authentication and password management
-cryptographic practices
-data protection: -cryptographic practices
8. which secure coding best practice ensures servers, frameworks, and sys-tem
components are all running the latest approved versions?
-file management
-input validation
-database security
-system configuration: -system configuration
9. Which secure coding best practice says to use parameterized queries, en-
crypted connection strings stored in separate configuration files, and strong
passwords or multi-factor authentication?
-access control
-database security
-file management
-session management: -database security
10. which secure coding best practice says that all information passed to other
systems should be encrypted?
-output encoding
-memory management
-communication security
-database security: -communication security
11. A company is preparing to add a new feature to its flagship software prod-uct.
