1|Page
WGU D487 OA TEST EXAM ONLINE ASSESSMENT
ACCURATE AND FREQUENTLY TESTED QUESTIONS
AND 100% CORRECT ANSWERS|| LATEST AND
COMPLETE UPDATE WITH EXPERT VERIFIED
SOLUTIONS|| SURE PASS
Which design and development deliverable details the progress of personal
information requirements created in earlier phases of the security development
lifecycle?
-Privacy compliance report
-Security testing reports
-Remediation report
-Security test execution report - ANSWER: Privacy compliance report
Which design and development deliverable contains technical and executive level
reports detailing any newly identified vulnerabilities?
-Updated threat modeling artifacts
-Privacy implementation assessment results
-Security test plans
-Design security review - ANSWER: Updated threat modeling artifacts
Which programming language is highly susceptible to buffer overflow
vulnerabilities?
-C++
-Javascript
-C#
,2|Page
-Java - ANSWER: C++
What is the first step of the SDLC/SDL code review process?
-Identify security code review objectives
-Perform preliminary scan
-Review code for security issues
-Review for security issues unique to the architecture - ANSWER: Identify
security code review objectives
Which type of software testing is being performed when an analyst executes a
series of test cases based on application requirements?
-Unit testing
-Regression testing
-Integration testing
-Functional testing - ANSWER: Functional testing
A security tester changed the application URL from www.app.com/account?id='3'
to
www.app.com/account?id='3 or 1=1', which returned a collection of account
information. Database logs showed that the query that was executed was SELECT
* FROM ACCOUNTS WHERE accountId=3 or 1=1. How should existing security
controls be adjusted to prevent this in the future?
-Ensure server-side queries are parameterized
-Ensure all requests and responses are encrypted
-Ensure sensitive transactions can be traced through a audit log
, 3|Page
-Ensure database service accounts do not have administrative access - ANSWER:
Ensure serverside queries are parameterized
The enterprise security team discovered a vulnerability in a third-party logging tool
that could allow unauthorized access to application logs. The vulnerability is fixed
in a new release of the third-party product. How should existing security controls
be adjusted to prevent this in the future?
-Ensure third party libraries are kept up to date and reviewed consistently
-Ensure passwords and private information are not logged
-Ensure log files provide audit trails for sensitive transactions
-Ensure auditing and logging are enabled on all servers - ANSWER: Ensure third
party libraries are kept up to date and reviewed consistently
A potential threat was discovered during functional testing of a file upload
component when a QA analyst was allowed to upload a shell script. Users should
only be allowed to upload image files. How should existing security controls be
adjusted to prevent this in the future?
-Validate all user input
-Enforce role-based authorization
-Ensure all data is encrypted in transit
-Force users to re-authenticate when accessing critical functionality - ANSWER:
Validate all user input
An organizational security review discovered multiple database instances that were
installed using publicly available default settings, including security and access.
How should the organization remediate this vulnerability?
WGU D487 OA TEST EXAM ONLINE ASSESSMENT
ACCURATE AND FREQUENTLY TESTED QUESTIONS
AND 100% CORRECT ANSWERS|| LATEST AND
COMPLETE UPDATE WITH EXPERT VERIFIED
SOLUTIONS|| SURE PASS
Which design and development deliverable details the progress of personal
information requirements created in earlier phases of the security development
lifecycle?
-Privacy compliance report
-Security testing reports
-Remediation report
-Security test execution report - ANSWER: Privacy compliance report
Which design and development deliverable contains technical and executive level
reports detailing any newly identified vulnerabilities?
-Updated threat modeling artifacts
-Privacy implementation assessment results
-Security test plans
-Design security review - ANSWER: Updated threat modeling artifacts
Which programming language is highly susceptible to buffer overflow
vulnerabilities?
-C++
-Javascript
-C#
,2|Page
-Java - ANSWER: C++
What is the first step of the SDLC/SDL code review process?
-Identify security code review objectives
-Perform preliminary scan
-Review code for security issues
-Review for security issues unique to the architecture - ANSWER: Identify
security code review objectives
Which type of software testing is being performed when an analyst executes a
series of test cases based on application requirements?
-Unit testing
-Regression testing
-Integration testing
-Functional testing - ANSWER: Functional testing
A security tester changed the application URL from www.app.com/account?id='3'
to
www.app.com/account?id='3 or 1=1', which returned a collection of account
information. Database logs showed that the query that was executed was SELECT
* FROM ACCOUNTS WHERE accountId=3 or 1=1. How should existing security
controls be adjusted to prevent this in the future?
-Ensure server-side queries are parameterized
-Ensure all requests and responses are encrypted
-Ensure sensitive transactions can be traced through a audit log
, 3|Page
-Ensure database service accounts do not have administrative access - ANSWER:
Ensure serverside queries are parameterized
The enterprise security team discovered a vulnerability in a third-party logging tool
that could allow unauthorized access to application logs. The vulnerability is fixed
in a new release of the third-party product. How should existing security controls
be adjusted to prevent this in the future?
-Ensure third party libraries are kept up to date and reviewed consistently
-Ensure passwords and private information are not logged
-Ensure log files provide audit trails for sensitive transactions
-Ensure auditing and logging are enabled on all servers - ANSWER: Ensure third
party libraries are kept up to date and reviewed consistently
A potential threat was discovered during functional testing of a file upload
component when a QA analyst was allowed to upload a shell script. Users should
only be allowed to upload image files. How should existing security controls be
adjusted to prevent this in the future?
-Validate all user input
-Enforce role-based authorization
-Ensure all data is encrypted in transit
-Force users to re-authenticate when accessing critical functionality - ANSWER:
Validate all user input
An organizational security review discovered multiple database instances that were
installed using publicly available default settings, including security and access.
How should the organization remediate this vulnerability?
