Spring Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
WGU
Courses and Certificates
Secure-Software-Design
WGU Secure Software Design (D487, KEO1) Exam Questions and Answers

Pass the WGU Courses and Certificates Secure-Software-Design Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam Secure-Software-Design Premium Access

View all detail and faqs for the Secure-Software-Design exam

Go to Exam

823 Students Passed

95% Average Score

96% Same Questions

Viewing page 4 out of 4 pages

Viewing questions 31-40 out of questions

Questions # 31:

The software security group is conducting a maturity assessment using the Building Security in Maturity Model (BSIMM). They are currently focused on reviewing attack models created during recently completed initiatives.

Which BSIMM domain is being assessed?

Options:

Governance

Software security development life cycle (SSDL) touchpoints

Intelligence

Deployment

Answer

Explanation

The Intelligence domain in the Building Security in Maturity Model (BSIMM) focuses on gathering and using information about software security. This includes understanding the types of attacks that are possible against the software being developed, which is why reviewing attack models falls under this domain. The BSIMM domain of Intelligence involves creating models of potential attacks on software (attack models), analyzing actual attacks that have occurred (attack intelligence), and sharing this information to improve security measures. By reviewing attack models, the software security group is essentially assessing the organization’s ability to anticipate and understand potential security threats, which is a key aspect of the Intelligence domain.

[: The references used to verify this answer include the official BSIMM documentation and related resources that describe the various domains and their activities within the BSIMM framework12345., , ]

Questions # 32:

Which architecture deliverable identifies the organization's tolerance to security issues and how the organization plans to react if a security issue occurs?

Options:

Threat Modeling Artifacts

Risk Mitigation Plan

Business Requirements

Policy Compliance Analysis

Answer

Questions # 33:

The security team has a library of recorded presentations that are required viewing tor all new developers in the organization. The video series details organizational security policies and demonstrates how to define, test for. and code tor possible threats.

Which category of secure software best practices does this represent?

Options:

Attack models

Training

Architecture analysis

Code review

Answer

Explanation

The category of secure software best practices being described is Training. This is because the focus is on educating new developers about organizational security policies and coding practices to mitigate potential threats. Training is a proactive approach to ensure that developers are aware of security concerns and are equipped with the knowledge to address them in their coding practices.

[: The importance of training in secure software best practices is supported by industry resources such as the SAFECode’s “Fundamental Practices for Secure Software Development” which emphasizes the need for application security control definition and management1, and the NIST’s Secure Software Development Framework (SSDF) which recommends integrating secure development practices throughout the software development lifecycle2. Additional support for this category can be found in resources detailing effective secure development practices345., ]

Questions # 34:

While performing functional testing of the ordering feature in the new product, a tester noticed that the order object was transmitted to the POST endpoint of the API as a human-readable JSON object.

How should existing security controls be adjusted to prevent this in the future?

Options:

Ensure passwords and private information are not logged

Ensure sensitive transactions can be traced through an audit log

Ensure the contents of authentication cookies are encrypted

Ensure all requests and responses are encrypted

Answer

Explanation

Comprehensive and Detailed In-Depth Explanation:

Transmitting data in a human-readable format, such as JSON, over an API can expose sensitive information if the communication channel is not secure. To protect the confidentiality and integrity of the data, it's essential to encrypt all requests and responses between clients and servers.

Implementing encryption, typically through protocols like HTTPS (which utilizes TLS/SSL), ensures that data transmitted over the network is not readable by unauthorized parties. This prevents potential attackers from intercepting and understanding the data, thereby safeguarding sensitive information contained within the API communications.

This practice is a fundamental aspect of secure software development and aligns with the Implementation business function of the OWASP SAMM. Within this function, the Secure Build practice emphasizes the importance of configuring the software to operate securely in its intended environment, which includes enforcing encryption for data in transit.

[References:, OWASP SAMM: Implementation - Secure Build]

Questions # 35:

Which secure coding practice uses role-based authentication where department-specific credentials will authorize department-specific functionality?