WGU D487 PRE-ASSESSMENT SECURE SOFTWARE
DESIGN (KEO1) (PKEO)
1. What is a study of real-world software security initiatives organized so com- panies
can measure their initiatives and understand how to evolve them over time?,
Answer Building Security In Maturity Model (BSIMM)
2. What is the analysis of computer software that is performed without execut- ing
programs?Answer Static analysis
3. Which International Organization for Standardization (ISO) standard is the
benchmark for information security today?
Answer ISO/IEC 27001.
4. What is the analysis of computer software that is performed by executing
programs on a real or virtual processor in real time?,
Answer Dynamic analysis
5. Which person is responsible for designing, planning, and implementing se- cure
coding practices and security testing methodologies?
1/
19
,Answer Software security architect
6. A company is preparing to add a new feature to its flagship software prod- uct.
The new feature is similar to features that have been added in previous years, and
the requirements are well-documented. The project is expected to last three to four
months, at which time the new feature will be released to customers. Project team
members will focus solely on the new feature until the project ends. Which software
development methodology is being used?
Answer Waterfall
7. A new product will require an administration section for a small number of users.
Normal users will be able to view limited customer information and should not see
admin functionality within the application. Which concept is being used?
Answer Principle of least privilege
8. The scrum team is attending their morning meeting, which is scheduled at the
beginning of the work day. Each team member reports what they accom- plished
yesterday, what they plan to accomplish today, and if they have any impediments
that may cause them to miss their delivery deadline. Which scrum ceremony is the
2/
19
, team participating in?
Answer Daily Scrum
9. What is a list of information security vulnerabilities that aims to provide names
for publicly known problems?
Answer Common computer vulnerabilities and exposures (CVE)
10. Which secure coding best practice uses well-tested, publicly available algo- rithms
to hide product data from unauthorized access?
Answer Cryptographic practices
11. Which secure coding best practice ensures servers, frameworks, and system
components are all running the latest approved versions?
Answer System configuration
3/
19
DESIGN (KEO1) (PKEO)
1. What is a study of real-world software security initiatives organized so com- panies
can measure their initiatives and understand how to evolve them over time?,
Answer Building Security In Maturity Model (BSIMM)
2. What is the analysis of computer software that is performed without execut- ing
programs?Answer Static analysis
3. Which International Organization for Standardization (ISO) standard is the
benchmark for information security today?
Answer ISO/IEC 27001.
4. What is the analysis of computer software that is performed by executing
programs on a real or virtual processor in real time?,
Answer Dynamic analysis
5. Which person is responsible for designing, planning, and implementing se- cure
coding practices and security testing methodologies?
1/
19
,Answer Software security architect
6. A company is preparing to add a new feature to its flagship software prod- uct.
The new feature is similar to features that have been added in previous years, and
the requirements are well-documented. The project is expected to last three to four
months, at which time the new feature will be released to customers. Project team
members will focus solely on the new feature until the project ends. Which software
development methodology is being used?
Answer Waterfall
7. A new product will require an administration section for a small number of users.
Normal users will be able to view limited customer information and should not see
admin functionality within the application. Which concept is being used?
Answer Principle of least privilege
8. The scrum team is attending their morning meeting, which is scheduled at the
beginning of the work day. Each team member reports what they accom- plished
yesterday, what they plan to accomplish today, and if they have any impediments
that may cause them to miss their delivery deadline. Which scrum ceremony is the
2/
19
, team participating in?
Answer Daily Scrum
9. What is a list of information security vulnerabilities that aims to provide names
for publicly known problems?
Answer Common computer vulnerabilities and exposures (CVE)
10. Which secure coding best practice uses well-tested, publicly available algo- rithms
to hide product data from unauthorized access?
Answer Cryptographic practices
11. Which secure coding best practice ensures servers, frameworks, and system
components are all running the latest approved versions?
Answer System configuration
3/
19
