Escrito por estudiantes que aprobaron Inmediatamente disponible después del pago Leer en línea o como PDF ¿Documento equivocado? Cámbialo gratis 4,6 TrustPilot
logo-home
Examen

WGU FailSafe Web Application Penetration Test Findings Report | Complete Security Assessment | Passed Performance Assessment 2026.

Puntuación
-
Vendido
-
Páginas
33
Grado
A+
Subido en
08-07-2026
Escrito en
2025/2026

WGU FailSafe Web Application Penetration Test Findings Report | Complete Security Assessment | Passed Performance Assessment 2026.

Institución
WGU FailSafe Web Application Penetration
Grado
WGU FailSafe Web Application Penetration

Vista previa del contenido

WGU FailSafe Web Application Penetration Test
Findings Report | Complete Security Assessment |
Passed Performance Assessment 2026.


Foundational Security Principles

1. Which security principle requires that access to an object should be denied
unless explicitly granted?
A) Complete Mediation
B) Least Privilege
C) Fail-Safe Defaults
D) Open Design

Rationale: The fail-safe defaults principle, also known as "fail closed," dictates that
unless a subject is given explicit access to an object, access should be denied . This
ensures the system defaults to a secure state.

2. What is the application of multiple layers of protection so that if one layer is
breached, the next provides protection?
A) Fail-safe
B) Defense in Depth
C) Separation of Duties
D) Open Design

Rationale: Defense in depth is a security strategy that uses multiple layers of security
controls to provide redundancy in case one control fails or is compromised .

3. Which principle assumes that attackers have access to the sources and the
specifications?
A) Fail-safe

,B) Open Design
C) Economy of Mechanism
D) Psychological Acceptability

Rationale: The open design principle states that the security of a system should not
depend on the secrecy of its design or implementation. It assumes attackers can obtain
the source code and design documents .

4. Which secure coding best practice ensures servers, frameworks, and system
components are all running the latest approved versions?
A) Database Security
B) Cryptographic Practices
C) System Configuration
D) Input Validation

Rationale: System configuration best practices involve keeping all software components
up-to-date with the latest security patches and approved versions to mitigate known
vulnerabilities .

5. Which best practice is being applied when a database uses parameterized
queries and encrypted connection strings?
A) Access Control
B) Database Security
C) File Management
D) Session Management

Rationale: Database security best practices include using parameterized queries to
prevent SQL injection and encrypting connection strings to protect credentials .

6. Which security principle requires that all accesses to objects be checked to
ensure they are allowed?
A) Fail-Safe Defaults
B) Least Privilege

,C) Complete Mediation
D) Separation of Privilege

Rationale: Complete mediation requires that every access attempt to a resource is
checked against the access control policy, ensuring no access is performed without
authorization .

7. Which person is responsible for designing, planning, and implementing secure
coding practices and security testing methodologies?
A) Software Security Champion
B) Product Security Developer
C) Software Security Architect
D) Software Tester

Rationale: The software security architect is responsible for the overarching security
design and the implementation of secure practices and testing methodologies .

8. Which secure coding best practice uses well-tested, publicly available
algorithms to hide product data from unauthorized access?
A) Authentication and Password Management
B) Cryptographic Practices
C) Data Protection
D) Output Encoding

Rationale: Cryptographic practices involve using strong, well-vetted algorithms for
encryption, hashing, and signing to protect sensitive data .

9. Which secure coding best practice states that all information passed to other
systems should be encrypted?
A) Memory Management
B) Database Security
C) Communication Security
D) Output Encoding

, Rationale: Communication security best practices ensure that all data transmitted
between systems is encrypted using protocols like TLS to prevent eavesdropping and
tampering .

10. Which concept is being applied when normal users cannot see admin
functionality within an application?
A) Privacy
B) Principle of Least Privilege (POLP)
C) Software Security Champion
D) Elevation of Privilege

Rationale: The Principle of Least Privilege ensures that users are granted only the
permissions necessary to perform their job functions. This prevents normal users from
accessing administrative functions .


Threat Modeling and Risk Assessment

11. In the STRIDE threat model, what does the 'R' stand for?
A) Resource Exhaustion
B) Repudiation
C) Reconnaissance
D) Replay

Rationale: STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure,
Denial of Service, and Elevation of Privilege. Repudiation is the ability of a user to deny
performing an action without proof .

12. What type of attack is 'surgical' by nature, has highly specific targeting, and is
technologically sophisticated?
A) Tactical Attacks
B) Strategic Attacks

Escuela, estudio y materia

Institución
WGU FailSafe Web Application Penetration
Grado
WGU FailSafe Web Application Penetration

Información del documento

Subido en
8 de julio de 2026
Número de páginas
33
Escrito en
2025/2026
Tipo
Examen
Contiene
Preguntas y respuestas

Temas

$27.99
Accede al documento completo:

¿Documento equivocado? Cámbialo gratis Dentro de los 14 días posteriores a la compra y antes de descargarlo, puedes elegir otro documento. Puedes gastar el importe de nuevo.
Escrito por estudiantes que aprobaron
Inmediatamente disponible después del pago
Leer en línea o como PDF

Conoce al vendedor
Seller avatar
sirtyhuktt

Conoce al vendedor

Seller avatar
sirtyhuktt Teachme2-tutor
Seguir Necesitas iniciar sesión para seguir a otros usuarios o asignaturas
Vendido
5
Miembro desde
2 año
Número de seguidores
2
Documentos
507
Última venta
2 meses hace

0.0

0 reseñas

5
0
4
0
3
0
2
0
1
0

Por qué los estudiantes eligen Stuvia

Creado por compañeros estudiantes, verificado por reseñas

Calidad en la que puedes confiar: escrito por estudiantes que aprobaron y evaluado por otros que han usado estos resúmenes.

¿No estás satisfecho? Elige otro documento

¡No te preocupes! Puedes elegir directamente otro documento que se ajuste mejor a lo que buscas.

Paga como quieras, empieza a estudiar al instante

Sin suscripción, sin compromisos. Paga como estés acostumbrado con tarjeta de crédito y descarga tu documento PDF inmediatamente.

Student with book image

“Comprado, descargado y aprobado. Así de fácil puede ser.”

Alisha Student

Preguntas frecuentes