WGU D487 OA Verified Multiple Choice and Conceptual Actual Emended Exam
Questions With Reviewed 100% Correct Detailed Answers
Guaranteed Pass!!Current Update
The security team is reviewing whether
new security requirements, based on
identified
threats or changes to organizational poli-
cies, can be implemented prior to releas-
ing the Policy compliance analysis
new product.
• Find privacy review
• Penetration testing
• Open-source licensing review
• Policy compliance analysis
During penetration testing, an attacker
discovered a SQL-based (injection) input
attack can be scripted to silently write
to the application user list for test and
admin
use in short to future relation risk. How
should the organization remediate this Encode encoding of input characters
vulnerability?
• Encode encoding of input characters
• Follow the principle of least privilege
• Confine all data to a trusted repository
• Ensure audits track use of sensitive
transactions
Application credentials are stored in the
database using simple hashes in text
passwords. An undocumented credential
recovery aw allowed a security
analyst to download the database and
expose passwords simply with a GPU to
Enforce the use of strong, salted hashing
crack the simple encryption.
functions when storing passwords
How should the organization remediate
the vulnerability?
-Enforce the use of strong, salted hash-
ing functions when storing passwords
-Enforce encryption on credentials at
rest
, WGU D487 OA Verified Multiple Choice and Conceptual Actual Emended Exam
Questions With Reviewed 100% Correct Detailed Answers
Guaranteed Pass!!Current Update
-Enforce password complexity standards
-Enforce regular password updates
What is the protection of information and
information systems from
unauthorized access, use, disclosure,
disruption, modi cation, or destruction
in order to promote con dentiality, integri-
ty, and availability? Information security
Answer choices:
-Information security
-Availability
-Integrity
-Con dentiality
What are the eight phases of the soft-
ware development lifecycle (SDLC)?
1. Plan, gather requirements, identify at-
tack surface, design, write code, perform
code
reviews, test, deploy
2. Planning, security analysis, require-
ment analysis, design, implementation,
Planning, requirements, design, imple-
threat
mentation, testing, deployment,
mitigation, test, deploy
3. Planning, requirements, design, im-
plementation, testing, deployment,
maintenance, end of life
4. Gather requirements, prototype, per-
form threat modeling, write code, test,
user
acceptance testing, deploy, maintain
Which concept is demonstrated when
every module in a particular abstrac-
tion layer of a computing environment
can only access the information and re-
Principle of least privilege
sources that are necessary for its legiti-
mate purpose?
• Elevation of privilege
• Principle of least privilege
Questions With Reviewed 100% Correct Detailed Answers
Guaranteed Pass!!Current Update
The security team is reviewing whether
new security requirements, based on
identified
threats or changes to organizational poli-
cies, can be implemented prior to releas-
ing the Policy compliance analysis
new product.
• Find privacy review
• Penetration testing
• Open-source licensing review
• Policy compliance analysis
During penetration testing, an attacker
discovered a SQL-based (injection) input
attack can be scripted to silently write
to the application user list for test and
admin
use in short to future relation risk. How
should the organization remediate this Encode encoding of input characters
vulnerability?
• Encode encoding of input characters
• Follow the principle of least privilege
• Confine all data to a trusted repository
• Ensure audits track use of sensitive
transactions
Application credentials are stored in the
database using simple hashes in text
passwords. An undocumented credential
recovery aw allowed a security
analyst to download the database and
expose passwords simply with a GPU to
Enforce the use of strong, salted hashing
crack the simple encryption.
functions when storing passwords
How should the organization remediate
the vulnerability?
-Enforce the use of strong, salted hash-
ing functions when storing passwords
-Enforce encryption on credentials at
rest
, WGU D487 OA Verified Multiple Choice and Conceptual Actual Emended Exam
Questions With Reviewed 100% Correct Detailed Answers
Guaranteed Pass!!Current Update
-Enforce password complexity standards
-Enforce regular password updates
What is the protection of information and
information systems from
unauthorized access, use, disclosure,
disruption, modi cation, or destruction
in order to promote con dentiality, integri-
ty, and availability? Information security
Answer choices:
-Information security
-Availability
-Integrity
-Con dentiality
What are the eight phases of the soft-
ware development lifecycle (SDLC)?
1. Plan, gather requirements, identify at-
tack surface, design, write code, perform
code
reviews, test, deploy
2. Planning, security analysis, require-
ment analysis, design, implementation,
Planning, requirements, design, imple-
threat
mentation, testing, deployment,
mitigation, test, deploy
3. Planning, requirements, design, im-
plementation, testing, deployment,
maintenance, end of life
4. Gather requirements, prototype, per-
form threat modeling, write code, test,
user
acceptance testing, deploy, maintain
Which concept is demonstrated when
every module in a particular abstrac-
tion layer of a computing environment
can only access the information and re-
Principle of least privilege
sources that are necessary for its legiti-
mate purpose?
• Elevation of privilege
• Principle of least privilege
