WGU University KEO1 - Secure Software Design Exam
Page: 1 / 14
Total 66 questions
Question #1 (Topic: Exam A)
The software security group is conducting a maturity assessment using the Building Security in Maturity Model (BSIMM). They are currently focused on reviewing attack models created during recently completed initiatives.
Which BSIMM domain is being assessed?
Which BSIMM domain is being assessed?
A. Governance
B. Software security development life cycle (SSDL) touchpoints
C. Intelligence
D. Deployment
Answer: C
Question #2 (Topic: Exam A)
Using a web-based common vulnerability scoring system (CVSS) calculator, a security response team member performed an assessment on a reported vulnerability in the user authentication component of the company’s new product. The basso score of the vulnerability was 8.3 and changed to 9.4 after adjusting temporal and environmental metrics.
Which rating would CVSS assign this vulnerability?
Which rating would CVSS assign this vulnerability?
A. High severity
B. Critical severity
C. Medium severity
D. Low severity
Answer: B
Question #3 (Topic: Exam A)
An individual is developing a software application that has a back-end database and is concerned that a malicious user may run the following SQL query to pull information about all accounts from the database:
SELECT * FROM accounts WHERE accountID=’ “ ‘ or ‘1’=’1’;
Which technique should be used to detect this vulnerability without running the source codes?
SELECT * FROM accounts WHERE accountID=’ “ ‘ or ‘1’=’1’;
Which technique should be used to detect this vulnerability without running the source codes?
A. Dynamic analysis
B. Cross-site scripting
C. Static analysis
D. Fuzz testing
Answer: C
Question #4 (Topic: Exam A)
Company leadership has contracted with a security firm to evaluate the vulnerability of all externally facing enterprise applications via automated and manual system interactions.
Which security testing technique is being used?
Which security testing technique is being used?
A. Property-based-testing
B. Source-code analysis
C. Penetration testing
D. Source-code fault injection
Answer: C
Question #5 (Topic: Exam A)
Which secure coding practice involves clearing all local storage as soon as a user logs off for the night and will automatically log a user out after an hour of inactivity?
A. Access control
B. System configuration
C. Communication security
D. Session management
Answer: D
