Free WGU Secure-Software-Design Exam Questions

Question 1

The security team is reviewing all noncommercial software libraries used in the new product to ensure they are being used according to the legal specifications defined by the authors. What activity of the Ship SDL phase is being performed?

A : Policy compliance analysis

B : Open-source licensing review

C : Penetration testing

D : Final security review

Answer: B

Question 2

Which software-testing technique can be automated or semi-automated and provides invalid, unexpected, or random data to the inputs of a computer software program?

A : Fuzzing

B : Static analysis

C : Dynamic analysis

D : Bugtraq

Answer: A

Question 3

The security team has received notice of an insecure direct object reference vulnerability in a third-party component library that could result in remote code execution. The component library was replaced and is no longer being used within the application. How should the organization remediate this vulnerability?

A : Ensure Sensitive Information Is Not Logged

B : Ensure Auditing and Logging Is Enabled on All Servers

C : Access to Configuration Files Is Limited to Administrators

D : Enforce the Removal of Unused Dependencies

Answer: D

Question 4

Which secure coding best practice says to assume all incoming data should be considered untrusted and should be validated to ensure the system only accepts valid data?

A : General coding practices

B : Input validation

C : Session management

D : System configuration