WGU D487 ONLINE ASSESSMENT {OA} 2024-2025 WITH 80
QUESTIONS AND CORRECT ANSWERS (100% CORRECT
VERIFIED ANSWERS) D487 SECURE SOFTWARE DESIGN
OBJECTIVE ASSESSMENT 2025
Which design and development deliverable details the progress of personal information
requirements created in earlier phases of the security development lifecycle?
-Privacy compliance report
-Security testing reports
-Remediation report
-Security test execution report - ANSWER--Privacy compliance report
Which design and development deliverable contains technical and executive level reports detailing
any newly identified vulnerabilities?
-Updated threat modeling artifacts
-Privacy implementation assessment results
-Security test plans
-Design security review - ANSWER--Updated threat modeling artifacts
Which programming language is highly susceptible to buffer overflow vulnerabilities?
-C++
-Javascript
-C#
-Java - ANSWER--C++
What is the first step of the SDLC/SDL code review process?
-Identify security code review objectives
-Perform preliminary scan
-Review code for security issues
, -Review for security issues unique to the architecture - ANSWER--Identify security code review
objectives
Which type of software testing is being performed when an analyst executes a series of test cases
based on application requirements?
-Unit testing
-Regression testing
-Integration testing
-Functional testing - ANSWER--Functional testing
A security tester changed the application URL from www.app.com/account?id='3' to
www.app.com/account?id='3 or 1=1', which returned a collection of account information. Database
logs showed that the query that was executed was SELECT * FROM ACCOUNTS WHERE accountId=3
or 1=1. How should existing security controls be adjusted to prevent this in the future?
-Ensure server-side queries are parameterized
-Ensure all requests and responses are encrypted
-Ensure sensitive transactions can be traced through a audit log
-Ensure database service accounts do not have administrative access - ANSWER--Ensure serverside
queries are parameterized
The enterprise security team discovered a vulnerability in a third-party logging tool that could allow
unauthorized access to application logs. The vulnerability is fixed in a new release of the third-party
product. How should existing security controls be adjusted to prevent this in the future?
-Ensure third party libraries are kept up to date and reviewed consistently
-Ensure passwords and private information are not logged
-Ensure log files provide audit trails for sensitive transactions
-Ensure auditing and logging are enabled on all servers - ANSWER--Ensure third party libraries are
kept up to date and reviewed consistently
A potential threat was discovered during functional testing of a file upload component when a QA
analyst was allowed to upload a shell script. Users should only be allowed to upload image files. How
should existing security controls be adjusted to prevent this in the future?
-Validate all user input
-Enforce role-based authorization
QUESTIONS AND CORRECT ANSWERS (100% CORRECT
VERIFIED ANSWERS) D487 SECURE SOFTWARE DESIGN
OBJECTIVE ASSESSMENT 2025
Which design and development deliverable details the progress of personal information
requirements created in earlier phases of the security development lifecycle?
-Privacy compliance report
-Security testing reports
-Remediation report
-Security test execution report - ANSWER--Privacy compliance report
Which design and development deliverable contains technical and executive level reports detailing
any newly identified vulnerabilities?
-Updated threat modeling artifacts
-Privacy implementation assessment results
-Security test plans
-Design security review - ANSWER--Updated threat modeling artifacts
Which programming language is highly susceptible to buffer overflow vulnerabilities?
-C++
-Javascript
-C#
-Java - ANSWER--C++
What is the first step of the SDLC/SDL code review process?
-Identify security code review objectives
-Perform preliminary scan
-Review code for security issues
, -Review for security issues unique to the architecture - ANSWER--Identify security code review
objectives
Which type of software testing is being performed when an analyst executes a series of test cases
based on application requirements?
-Unit testing
-Regression testing
-Integration testing
-Functional testing - ANSWER--Functional testing
A security tester changed the application URL from www.app.com/account?id='3' to
www.app.com/account?id='3 or 1=1', which returned a collection of account information. Database
logs showed that the query that was executed was SELECT * FROM ACCOUNTS WHERE accountId=3
or 1=1. How should existing security controls be adjusted to prevent this in the future?
-Ensure server-side queries are parameterized
-Ensure all requests and responses are encrypted
-Ensure sensitive transactions can be traced through a audit log
-Ensure database service accounts do not have administrative access - ANSWER--Ensure serverside
queries are parameterized
The enterprise security team discovered a vulnerability in a third-party logging tool that could allow
unauthorized access to application logs. The vulnerability is fixed in a new release of the third-party
product. How should existing security controls be adjusted to prevent this in the future?
-Ensure third party libraries are kept up to date and reviewed consistently
-Ensure passwords and private information are not logged
-Ensure log files provide audit trails for sensitive transactions
-Ensure auditing and logging are enabled on all servers - ANSWER--Ensure third party libraries are
kept up to date and reviewed consistently
A potential threat was discovered during functional testing of a file upload component when a QA
analyst was allowed to upload a shell script. Users should only be allowed to upload image files. How
should existing security controls be adjusted to prevent this in the future?
-Validate all user input
-Enforce role-based authorization
