WGU D487 PRE-ASSESSMENT SECURE SOFTWARE DESIGN (KEO1) (PKEO) questions with answers

WGU D487 PRE-ASSESSMENT: SECURE
|\ |\ |\ |\




SOFTWARE DESIGN (KEO1) (PKEO) |\ |\ |\ |\




questions with answers |\ |\




What is a study of real-world software security initiatives
|\ |\ |\ |\ |\ |\ |\ |\ |\


organized so companies can measure their initiatives and
|\ |\ |\ |\ |\ |\ |\ |\


understand how to evolve them over time?, - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\


ANSWERS ✔✔Building Security In Maturity Model (BSIMM)
|\ |\ |\ |\ |\ |\




What is the analysis of computer software that is performed
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\


without executing programs? - CORRECT ANSWERS ✔✔Static
|\ |\ |\ |\ |\ |\ |\


analysis


Which International Organization for Standardization (ISO)
|\ |\ |\ |\ |\ |\


standard is the benchmark for information security today? -
|\ |\ |\ |\ |\ |\ |\ |\ |\


CORRECT ANSWERS ✔✔ISO/IEC 27001.
|\ |\ |\




What is the analysis of computer software that is performed by
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\


executing programs on a real or virtual processor in real time?, -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\


CORRECT ANSWERS ✔✔Dynamic analysis
|\ |\ |\




Which person is responsible for designing, planning, and
|\ |\ |\ |\ |\ |\ |\ |\


implementing secure coding practices and security testing
|\ |\ |\ |\ |\ |\ |\


methodologies? - CORRECT ANSWERS ✔✔Software security |\ |\ |\ |\ |\ |\


architect

, A company is preparing to add a new feature to its flagship
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\


software product. The new feature is similar to features that have
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\


been added in previous years, and the requirements are well-
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\


documented. The project is expected to last three to four |\ |\ |\ |\ |\ |\ |\ |\ |\ |\


months, at which time the new feature will be released to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\


customers. Project team members will focus solely on the new
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\


feature until the project ends. Which software development
|\ |\ |\ |\ |\ |\ |\ |\


methodology is being used? - CORRECT ANSWERS ✔✔Waterfall |\ |\ |\ |\ |\ |\ |\




A new product will require an administration section for a small
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\


number of users. Normal users will be able to view limited
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\


customer information and should not see admin functionality
|\ |\ |\ |\ |\ |\ |\ |\


within the application. Which concept is being used? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\


ANSWERS ✔✔Principle of least privilege |\ |\ |\ |\




The scrum team is attending their morning meeting, which is
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\


scheduled at the beginning of the work day. Each team member
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\


reports what they accomplished yesterday, what they plan to
|\ |\ |\ |\ |\ |\ |\ |\ |\


accomplish today, and if they have any impediments that may
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\


cause them to miss their delivery deadline. Which scrum
|\ |\ |\ |\ |\ |\ |\ |\ |\


ceremony is the team participating in? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\


✔✔Daily Scrum |\




What is a list of information security vulnerabilities that aims to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\


provide names for publicly known problems? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\


ANSWERS ✔✔Common computer vulnerabilities and exposures
|\ |\ |\ |\ |\ |\


(CVE)


Which secure coding best practice uses well-tested, publicly
|\ |\ |\ |\ |\ |\ |\ |\


available algorithms to hide product data from unauthorized
|\ |\ |\ |\ |\ |\ |\ |\


access? - CORRECT ANSWERS ✔✔Cryptographic practices
|\ |\ |\ |\ |\