WGU D487 PRE-ASSESSMENT: SECURE
SOFTWARE DESIGN (KEO1) (PKEO)
QUESTIONS AND ANSWERS
What is a study of real- i i i i i
world software security initiatives organized so companies can measure their initiatives and u
i i i i i i i i i i i i
nderstand how to evolve them over time?, - i i i i i i i
correct answer...✔✔Building Security In Maturity Model (BSIMM)
i i i i i i i
What is the analysis of computer software that is performed without executing programs? -
i i i i i i i i i i i i i
correct answer...✔✔Static analysis
i i i
Which International Organization for Standardization (ISO) standard is the benchmark for inf
i i i i i i i i i i i
ormation security today? - correct answer...✔✔ISO/IEC 27001.i i i i i i
What is the analysis of computer software that is performed by executing programs on a real or
i i i i i i i i i i i i i i i i i
virtual processor in real time?, - correct answer...✔✔Dynamic analysis
i i i i i i i i
Which person is responsible for designing, planning, and implementing secure coding practic
i i i i i i i i i i i
es and security testing methodologies? - correct answer...✔✔Software security architect
i i i i i i i i i
A company is preparing to add a new feature to its flagship software product. The new feature i
i i i i i i i i i i i i i i i i i
s similar to features that have been added in previous years, and the requirements are well-
i i i i i i i i i i i i i i i
documented. The project is expected to last three to four months, at which time the new feature i i i i i i i i i i i i i i i i i
will be released to customers. Project team members will focus solely on the new feature until t
i i i i i i i i i i i i i i i i
he project ends. Which software development methodology is being used? - correct answer...
i i i i i i i i i i i i
✔✔Waterfall
A new product will require an administration section for a small number of users. Normal users
i i i i i i i i i i i i i i i i
will be able to view limited customer information and should not see admin functionality within t
i i i i i i i i i i i i i i i
he application. Which concept is being used? - correct answer...✔✔
i i i i i i i i i
Principle of least privilege i i i
The scrum team is attending their morning meeting, which is scheduled at the beginning of the
i i i i i i i i i i i i i i i i
work day. Each team member reports what they accomplished yesterday, what they plan to ac
i i i i i i i i i i i i i i
complish today, and if they have any impediments that may cause them to miss their delivery d
i i i i i i i i i i i i i i i i
eadline. Which scrum ceremony is the team participating in? - correct answer...✔✔
i i i i i i i i i i i
Daily Scrum i
What is a list of information security vulnerabilities that aims to provide names for publicly know
i i i i i i i i i i i i i i i
n problems? - correct answer...✔✔Common computer vulnerabilities and exposures (CVE)
i i i i i i i i i
, Which secure coding best practice uses well- i i i i i i
tested, publicly available algorithms to hide product data from unauthorized access? -
i i i i i i i i i i i
correct answer...✔✔Cryptographic practices
i i i
Which secure coding best practice uses well- i i i i i i
tested, publicly available algorithms to hide product data from unauthorized access? -
i i i i i i i i i i i
correct answer...✔✔Cryptographic practices
i i i
Which secure coding best practice ensures servers, frameworks, and system components ar
i i i i i i i i i i i
e all running the latest approved versions? - correct answer...✔✔System configuration
i i i i i i i i i i
Which secure coding best practice says to use parameterized queries, encrypted connection
i i i i i i i i i i i i
strings stored in separate configuration files, and strong passwords or multi-
i i i i i i i i i i
factor authentication? - correct answer...✔✔Database security
i i i i i
Which secure coding best practice says that all information passed to other systems should be
i i i i i i i i i i i i i i i
encrypted? - correct answer...✔✔Communication security i i i i
eam members are being introduced during sprint zero in the project kickoff meeting. The perso
i i i i i i i i i i i i i i
n being introduced is a member of the scrum team, responsible for writing feature logic and atte
i i i i i i i i i i i i i i i i
nding sprint ceremonies. Which role is the team member playing? - correct answer...✔✔
i i i i i i i i i i i i
Software developer i
A software security team member has created data flow diagrams, chosen the STRIDE metho
i i i i i i i i i i i i i
dology to perform threat reviews, and created the security assessment for the new product. W
i i i i i i i i i i i i i i
hich category of secure software best practices did the team member perform? -
i i i i i i i i i i i i
correct answer...✔✔Architecture analysis
i i i
Team members are being introduced during sprint zero in the project kickoff meeting. The per
i i i i i i i i i i i i i i
son being introduced will be a facilitator, will try to remove roadblocks and ensure the team is co
i i i i i i i i i i i i i i i i i
mmunicating freely, and will be responsible for facilitating all scrum ceremonies. Which role is ti i i i i i i i i i i i i i
he team member playing? - correct answer...✔✔Scrum master
i i i i i i i
The new product standards state that all traffic must be secure and encrypted. What is the nam
i i i i i i i i i i i i i i i i
e for this secure coding practice? - correct answer...✔✔Communication security
i i i i i i i i i
Which DREAD category is based on how easily a threat exploit can be repeated? -
i i i i i i i i i i i i i i
correct answer...✔✔Reproducibility
i i
Which mitigation technique can be used to fight against a data tampering threat? -
i i i i i i i i i i i i i
correct answer...✔✔Digital signatures
i i i
What is a countermeasure to the web application security frame (ASF) configuration manage
i i i i i i i i i i i i
ment threat category? - correct answer...✔✔Compliance requirement
i i i i i i
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller agradesolutions. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.