Winter Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

Secure-Software-Design WGUSecure Software Design (KEO1) Exam Questions and Answers

Questions 4

What are the three primary goals of the secure software development process?

Options:

A.

Performance, reliability, and maintainability

B.

Cost, speed to market, and profitability

C.

Redundancy, scalability, and portability

D.

Confidentiality, integrity, and availability

Buy Now
Questions 5

The software security team is performing security testing for a new software product that is close to production release. They are concentrating on integrations between the new product and database servers, web servers, and web services.

Which security testing technique is being used?

Options:

A.

Fuzz testing

B.

Dynamic code analysis

C.

Binary fault injection

D.

Binary code analysis

Buy Now
Questions 6

The security team has a library of recorded presentations that are required viewing tor all new developers in the organization. The video series details organizational security policies and demonstrates how to define, test for. and code tor possible threats.

Which category of secure software best practices does this represent?

Options:

A.

Attack models

B.

Training

C.

Architecture analysis

D.

Code review

Buy Now
Questions 7

The software security team has been tasked with assessing a document management application that has been in use for many years and developing a plan to ensure it complies with organizational policies.

Which post-release deliverable is being described?

Options:

A.

Security strategy tor M&A products

B.

Security strategy for legacy code

C.

Post-release certifications

D.

External vulnerability disclosure response process

Buy Now
Questions 8

Company leadership has contracted with a security firm to evaluate the vulnerabilityofall externally lacing enterprise applications via automated and manual system interactions. Which security testing technique is being used?

Options:

A.

Properly-based-testing

B.

Source-code analysis

C.

Penetration testing

D.

Source-code fault injection

Buy Now
Questions 9

Credit card numbers are encrypted when stored in the database but are automatically decrypted when data is fetched. The testing tool intercepted the GET response, and testers were able to view credit card numbers as clear text.

How should the organization remediate this vulnerability?

Options:

A.

Never cache sensitive data

B.

Ensure there is an audit trail for all sensitive transactions

C.

Ensure all data in transit is encrypted

D.

Enforce role-based authorization controls in all application layers

Buy Now
Questions 10

Which mitigation technique can be used to light against a threat where a user may gain access to administrator level functionality?

Options:

A.

Encryption

B.

Quality of service

C.

Hashes

D.

Run with least privilege

Buy Now
Questions 11

Which threat modeling approach concentrates on things the organization wants to protect?

Options:

A.

Asset-centric

B.

Server-centric

C.

Attacker-centric

D.

Application-centric

Buy Now
Questions 12

Which secure coding best practice says to require authentication before allowing any files to be uploaded and to limit the types of files to only those needed for the business purpose?

Options:

A.

File management

B.

Communication security

C.

Data protection

D.

Memory management

Buy Now
Questions 13

Which security assessment deliverable identities possible security vulnerabilities in the product?

Options:

A.

SDL project outline

B.

Metrics template

C.

Threat profile

D.

List of third-party software

Buy Now
Questions 14

A company is moving forward with a new product. Product scope has been determined, teams have formed, and backlogs have been created. Developers areactively writing code for the new product, with one team concentrating on delivering data via REST services, one Team working on the mobile apps, and a third team writing the web application.

Which phase of the software developmentlifecycle(SDLC) is being described?

Options:

A.

Deployment

B.

Design

C.

Implementation

D.

Requirements

Buy Now
Questions 15

The software security group is conducting a maturity assessment using the Building Security in Maturity Model (BSIMM). They are currently focused on reviewing attack models created during recently completed initiatives.

Which BSIMM domain is being assessed?

Options:

A.

Governance

B.

Software security development life cycle (SSDL) touchpoints

C.

Intelligence

D.

Deployment

Buy Now
Exam Name: WGUSecure Software Design (KEO1) Exam
Last Update: Nov 16, 2024
Questions: 65

PDF + Testing Engine

$64  $159.99

Testing Engine

$48  $119.99
buy now Secure-Software-Design testing engine

PDF (Q&A)

$40  $99.99
buy now Secure-Software-Design pdf