WGU D487 SECURE SW DESIGN OA AND PRE
ASSESSMENT QUESTIONS WITH T CORRECT
ANSWERS
What is a study of real-
world software security initiatives organized so companies can measure their
initiatives and un derstand how to evolve them over time?, - CORRECT ANSWER -
Building Security In Maturity Model (BSIMM)
What is the analysis of computer software that is performed without executing
programs? - CORRECT ANSWER -Static analysis
Which International Organization for Standardization (ISO) standard is the benchmark
for infor mation security today? - CORRECT ANSWER -ISO/IEC 27001.
What is the analysis of computer software that is performed by executing
,programs on a real o r virtual processor in real time?, - CORRECT ANSWER -
Dynamic analysis
Which person is responsible for designing, planning, and implementing secure
coding practices and security testing methodologies? - CORRECT ANSWER -
Software security architect
A company is preparing to add a new feature to its flagship software product. The
new feature is similar to features that have been added in previous years, and the
requirements are well- documented. The project is expected to last three to four
months, at which time the new featu re will be released to customers. Project team
members will focus solely on the new feature un til the project ends. Which
software development methodology is being used? -
CORRECT ANSWER -Waterfall
A new product will require an administration section for a small number of users.
Normal users will be able to view limited customer information and should not
see admin functionality withi
, n the application. Which concept is being used? - CORRECT
ANSWER - Principle of least privilege
The scrum team is attending their morning meeting, which is scheduled at the
beginning of the work day. Each team member reports what they accomplished
yesterday, what they plan to ac complish today, and if they have any impediments that
may cause them to miss their delivery deadline. Which scrum ceremony is the team
participating in? - CORRECT ANSWER -
Daily Scrum
What is a list of information security vulnerabilities that aims to provide names for
publicly kno wn problems? - CORRECT ANSWER -Common computer
vulnerabilities and exposures (CVE)
Which secure coding best practice uses well-
tested, publicly available algorithms to hide product data from unauthorized
access? - CORRECT ANSWER -Cryptographic practices
ASSESSMENT QUESTIONS WITH T CORRECT
ANSWERS
What is a study of real-
world software security initiatives organized so companies can measure their
initiatives and un derstand how to evolve them over time?, - CORRECT ANSWER -
Building Security In Maturity Model (BSIMM)
What is the analysis of computer software that is performed without executing
programs? - CORRECT ANSWER -Static analysis
Which International Organization for Standardization (ISO) standard is the benchmark
for infor mation security today? - CORRECT ANSWER -ISO/IEC 27001.
What is the analysis of computer software that is performed by executing
,programs on a real o r virtual processor in real time?, - CORRECT ANSWER -
Dynamic analysis
Which person is responsible for designing, planning, and implementing secure
coding practices and security testing methodologies? - CORRECT ANSWER -
Software security architect
A company is preparing to add a new feature to its flagship software product. The
new feature is similar to features that have been added in previous years, and the
requirements are well- documented. The project is expected to last three to four
months, at which time the new featu re will be released to customers. Project team
members will focus solely on the new feature un til the project ends. Which
software development methodology is being used? -
CORRECT ANSWER -Waterfall
A new product will require an administration section for a small number of users.
Normal users will be able to view limited customer information and should not
see admin functionality withi
, n the application. Which concept is being used? - CORRECT
ANSWER - Principle of least privilege
The scrum team is attending their morning meeting, which is scheduled at the
beginning of the work day. Each team member reports what they accomplished
yesterday, what they plan to ac complish today, and if they have any impediments that
may cause them to miss their delivery deadline. Which scrum ceremony is the team
participating in? - CORRECT ANSWER -
Daily Scrum
What is a list of information security vulnerabilities that aims to provide names for
publicly kno wn problems? - CORRECT ANSWER -Common computer
vulnerabilities and exposures (CVE)
Which secure coding best practice uses well-
tested, publicly available algorithms to hide product data from unauthorized
access? - CORRECT ANSWER -Cryptographic practices
