Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

Secure-Software-Design Exam Dumps - WGU Secure Software Design (D487) Exam

Go to page:
Question # 9

Which secure software design principle assumes attackers have the source code and specifications of the product?

A.

Open Design

B.

Psychological Acceptability

C.

Total Mediation

D.

Separation of Privileges

Full Access
Question # 10

Features have been developed and fully tested, the production environment has been created, and leadership has approved the release of the new product. Technicians have scheduled a time and date to make the product available to customers.

Which phase of the software development lifecycle (SDLC) is being described?

A.

Maintenance

B.

Deployment

C.

End of life

D.

Testing

Full Access
Question # 11

In which step of the PASTA threat modeling methodology is vulnerability and exploit analysis performed?

A.

Define technical scope

B.

Attack modeling

C.

Define objectives

D.

Application decomposition

Full Access
Question # 12

The security team has received notice of an insecure direct object reference vulnerability in a third-party component library that could result in remote code execution. The component library was replaced and is no longer being used within the application.

How should the organization remediate this vulnerability?

A.

Ensure Sensitive Information Is Not Logged

B.

Ensure Auditing and Logging Is Enabled on All Servers

C.

Access to Configuration Files Is Limited to Administrators

D.

Enforce the Removal of Unused Dependencies

Full Access
Question # 13

What is a countermeasure to the web application security frame (ASF) authentication threat category?

A.

Role-based access controls restrict access

B.

Credentials and tokens are encrypted.

C.

Cookies have expiration timestamps.

D.

Sensitive information is scrubbed from error messages

Full Access
Question # 14

The security team is reviewing whether changes or open issues exist that would affect requirements for handling personal information documented in earlier phases of the development life cycle.

Which activity of the Ship SDL phase is being performed?

A.

Vulnerability scan

B.

Final security review

C.

Open-source licensing review

D.

Final privacy review

Full Access
Question # 15

Which software-testing technique can be automated or semi-automated and provides invalid, unexpected, or random data to the inputs of a computer software program?

A.

Fuzzing

B.

Static analysis

C.

Dynamic analysis

D.

Bugtraq

Full Access
Question # 16

Which privacy impact statement requirement type defines processes to keep personal information updated and accurate?

A.

Access requirements

B.

Collection of personal information requirements

C.

Data integrity requirements

D.

Personal information retention requirements

Full Access
Go to page: