Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

Secure-Software-Design Exam Dumps - WGU Secure Software Design (D487) Exam

Go to page:
Question # 25

Security testers have completed testing and are documenting the results of vulnerability scans and penetration analysis They are also creating documentation lo share with the organization's largest customers.

Which deliverable is being prepared?

A.

Open-source licensing review report

B.

Customer engagement framework

C.

Remediation report

D.

Security testing reports

Full Access
Question # 26

Which secure coding best practice says to ensure that buffers are allocated correctly and at the right size, that input strings are truncated to a reasonable length, and that resources, connections, objects, and file handles are destroyed once the application no longer needs them?

A.

Input Validation

B.

Memory Management

C.

Session Management

D.

Data Protection

Full Access
Question # 27

The security software team has cloned the source code repository of the new software product so they can perform vulnerability testing by modifying or adding small snippets of code to see if they can cause unexpected behavior and application failure.

Which security testing technique is being used?

A.

Source-Code Fault Injection

B.

Dynamic Code Analysis

C.

Fuzz Testing

D.

Binary Fault Injection

Full Access
Question # 28

The scrum team decided that before any change can be merged and tested, it must be looked at by the learns lead developer, who will ensure accepted coding patterns are being followed and that the code meets the team's quality standards.

Which category of secure software best practices is the team performing?

A.

Architecture analysis

B.

Penetration testing

C.

Code review

D.

Training

Full Access
Question # 29

The security team contracts with an independent security consulting firm to simulate attacks on deployed products and report results to organizational leadership.

Which category of secure software best practices is the team performing?

A.

Attack models

B.

Code review

C.

Architecture analysis

D.

Penetration testing

Full Access
Question # 30

The product security incident response team (PSIRT) has decided to make a formal public disclosure, including base and temporal common vulnerability scoring system (CVSS) scores and a common vulnerabilities and exposures (CVE) ID report, of an externally discovered vulnerability.

What is the most likely reason for making a public disclosure?

A.

The potential for increased public awareness of a vulnerability is probable, which could lead to higher risk for customers.

B.

The vulnerability reporter has threatened to make the finding public after being notified that their case was not credible.

C.

The response team has determined that the vulnerability is credible.

D.

Notification of a vulnerability from an external party has occurred.

Full Access
Question # 31

In which step of the PASTA threat modeling methodology will the team capture infrastructure, application, and software dependencies?

A.

Attack modeling

B.

Define technical scope

C.

Define objectives

D.

Risk and impact analysis

Full Access
Question # 32

What is a countermeasure to the web application security frame (ASF) data validation/parameter validation threat category?

A.

Inputs enforce type, format, length, and range checks.

B.

All administrative activities are logged and audited.

C.

Sensitive information is not logged.

D.

All exceptions are handled in a structured way.

Full Access
Go to page: