WGU D487 PRE-ASSESSMENT: SECURE SOFTWARE
DESIGN (KEO1) (PKEO)
What is a study of real-world software security initiatives organized so companies can measure their
initiatives and understand how to evolve them over time?,
CORRECT ANSWER Building Security In Maturity Model (BSIMM)
What is the analysis of computer software that is performed without executing programs?
CORRECT ANSWER Static analysis
Which International Organization for Standardization (ISO) standard is the benchmark for information
security today?
CORRECT ANSWER ISO/IEC 27001.
What is the analysis of computer software that is performed by executing programs on a real or
virtual processor in real time?,
CORRECT ANSWER Dynamic analysis
Which person is responsible for designing, planning, and implementing secure coding practices and
security testing methodologies?
CORRECT ANSWER Software security architect
A company is preparing to add a new feature to its flagship software product. The new feature is
similar to features that have been added in previous years, and the requirements are well-
documented. The project is expected to last three to four months, at which time the new feature will be
released to customers. Project team members will focus solely on the new feature until the project ends.
Which software development methodology is being used?
CORRECT ANSWER Waterfall
A new product will require an administration section for a small number of users. Normal users will be
able to view limited customer information and should not see admin functionality within the application.
Which concept is being used?
CORRECT ANSWER Principle of least privilege
The scrum team is attending their morning meeting, which is scheduled at the beginning of the work
day. Each team member reports what they accomplished yesterday, what they plan to accomplish
today, and if they have any impediments that may cause them to miss their delivery deadline. Which
scrum ceremony is the team participating in?
, CORRECT ANSWER Daily Scrum
What is a list of information security vulnerabilities that aims to provide names for publicly known
problems?
CORRECT ANSWER Common computer vulnerabilities and exposures (CVE)
Which secure coding best practice uses well-tested, publicly available algorithms to hide product data
from unauthorized access?
CORRECT ANSWER Cryptographic practices
Which secure coding best practice uses well-tested, publicly available algorithms to hide product data
from unauthorized access?
CORRECT ANSWER Cryptographic practices
Which secure coding best practice ensures servers, frameworks, and system components are all running
the latest approved versions?
CORRECT ANSWER System configuration
Which secure coding best practice says to use parameterized queries, encrypted connection strings
stored in separate configuration files, and strong passwords or multi-factor authentication?
CORRECT ANSWER Database security
Which secure coding best practice says that all information passed to other systems should be
encrypted?
CORRECT ANSWER Communication security
eam members are being introduced during sprint zero in the project kickoff meeting. The person being
introduced is a member of the scrum team, responsible for writing feature logic and attending sprint
ceremonies. Which role is the team member playing?
CORRECT ANSWER Software developer
A software security team member has created data flow diagrams, chosen the STRIDE methodology to
perform threat reviews, and created the security assessment for the new product. Which category of
secure software best practices did the team member perform?
CORRECT ANSWER Architecture analysis
DESIGN (KEO1) (PKEO)
What is a study of real-world software security initiatives organized so companies can measure their
initiatives and understand how to evolve them over time?,
CORRECT ANSWER Building Security In Maturity Model (BSIMM)
What is the analysis of computer software that is performed without executing programs?
CORRECT ANSWER Static analysis
Which International Organization for Standardization (ISO) standard is the benchmark for information
security today?
CORRECT ANSWER ISO/IEC 27001.
What is the analysis of computer software that is performed by executing programs on a real or
virtual processor in real time?,
CORRECT ANSWER Dynamic analysis
Which person is responsible for designing, planning, and implementing secure coding practices and
security testing methodologies?
CORRECT ANSWER Software security architect
A company is preparing to add a new feature to its flagship software product. The new feature is
similar to features that have been added in previous years, and the requirements are well-
documented. The project is expected to last three to four months, at which time the new feature will be
released to customers. Project team members will focus solely on the new feature until the project ends.
Which software development methodology is being used?
CORRECT ANSWER Waterfall
A new product will require an administration section for a small number of users. Normal users will be
able to view limited customer information and should not see admin functionality within the application.
Which concept is being used?
CORRECT ANSWER Principle of least privilege
The scrum team is attending their morning meeting, which is scheduled at the beginning of the work
day. Each team member reports what they accomplished yesterday, what they plan to accomplish
today, and if they have any impediments that may cause them to miss their delivery deadline. Which
scrum ceremony is the team participating in?
, CORRECT ANSWER Daily Scrum
What is a list of information security vulnerabilities that aims to provide names for publicly known
problems?
CORRECT ANSWER Common computer vulnerabilities and exposures (CVE)
Which secure coding best practice uses well-tested, publicly available algorithms to hide product data
from unauthorized access?
CORRECT ANSWER Cryptographic practices
Which secure coding best practice uses well-tested, publicly available algorithms to hide product data
from unauthorized access?
CORRECT ANSWER Cryptographic practices
Which secure coding best practice ensures servers, frameworks, and system components are all running
the latest approved versions?
CORRECT ANSWER System configuration
Which secure coding best practice says to use parameterized queries, encrypted connection strings
stored in separate configuration files, and strong passwords or multi-factor authentication?
CORRECT ANSWER Database security
Which secure coding best practice says that all information passed to other systems should be
encrypted?
CORRECT ANSWER Communication security
eam members are being introduced during sprint zero in the project kickoff meeting. The person being
introduced is a member of the scrum team, responsible for writing feature logic and attending sprint
ceremonies. Which role is the team member playing?
CORRECT ANSWER Software developer
A software security team member has created data flow diagrams, chosen the STRIDE methodology to
perform threat reviews, and created the security assessment for the new product. Which category of
secure software best practices did the team member perform?
CORRECT ANSWER Architecture analysis
