Free WGU Secure-Software-Design Exam Questions

Question 1

Which threat modeling step collects exploitable weaknesses within the product?

A : Analyze the target

B : Rate threats

C : Identify and document threats

D : Set the scope

Answer: C

Question 2

While performing functional testing of the ordering feature in the new product, a tester noticed that the orderobject was transmitted to the POST endpoint of the API as a human-readable JSON object.How should existing security controls be adjusted to prevent this in the future?

A : Ensure passwords and private information are not logged

B : Ensure sensitive transactions can be traced through an audit log

C : Ensure the contents of authentication cookies are encrypted

D : Ensure all requests and responses are encrypted

Answer: D

Question 3

What is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or distribution to provide confidentiality, integrity, and availability?

A : Availability

B : Integrity

C : Confidentiality

D : Information Security

Answer: D

Question 4

While performing functional testing of the ordering feature in the new product, a tester noticed that the orderobject was transmitted to the POST endpoint of the API as a human-readable JSON object.How should existing security controls be adjusted to prevent this in the future?

A : Ensure passwords and private information are not logged

B : Ensure sensitive transactions can be traced through an audit log

C : Ensure the contents of authentication cookies are encrypted

D : Ensure all requests and responses are encrypted

Answer: D

Question 5

The security team is reviewing all noncommercial software libraries used in the new product to ensure they are being used according to the legal specifications defined by the authors. What activity of the Ship SDL phase is being performed?

A : Policy compliance analysis

B : Open-source licensing review

C : Penetration testing

D : Final security review

Answer: B