ESTUDYR
SOFTWARE SECURITY AND TESTING (WGU - D385) MOST TESTED
QUESTIONS AND ANSWERS GRADED A+ WITH RATIONALES
Question 1
What does HTTP status code 403 Forbidden indicate?
A. The resource does not exist
B. The server encountered an error
C. The client lacks necessary permissions
D. The request syntax is invalid
Correct Answer: C
Rationale: A 403 response means the server understood the request but refuses to authorize it.
Question 2
What does HTTP status code 405 Method Not Allowed mean?
A. The resource cannot be found
B. The endpoint does not support the HTTP method used
C. Authentication credentials are missing
D. The request is malformed
Correct Answer: B
Rationale: A 405 error occurs when an HTTP method (e.g., POST) is not supported by the
endpoint.
Question 3
What does HTTP status code 404 Not Found indicate?
A. Authentication failed
B. Server error
C. The requested resource does not exist
D. Invalid request syntax
Correct Answer: C
Rationale: A 404 response indicates the server cannot locate the requested resource.
,ESTUDYR
Question 4
What is the purpose of the User-Agent HTTP header?
A. Defines encryption standards
B. Identifies authentication credentials
C. Specifies the client software making the request
D. Controls server caching
Correct Answer: C
Rationale: The User-Agent header identifies the browser, application, or tool sending the
request.
Question 5
What does the Authorization header specify?
A. Content type
B. Response encoding
C. Credentials of the user calling the API
D. Server software
Correct Answer: C
Rationale: The Authorization header transmits credentials such as tokens or API keys.
Question 6
Which best describes a Denial of Service (DoS) attack?
A. Code execution via input
B. Credential theft
C. Overloading a system to degrade performance
D. Intercepting encrypted traffic
Correct Answer: C
Rationale: DoS attacks flood systems with traffic, making services unavailable.
Question 7
What is Code Injection?
,ESTUDYR
A. Buffer overflow attack
B. Insertion of malicious code into a program
C. Credential replay
D. Log manipulation
Correct Answer: B
Rationale: Code injection allows attackers to execute arbitrary code.
Question 8
Absence of HSTS headers indicates vulnerability to which attack?
A. SQL Injection
B. CSRF
C. Man-in-the-Middle (MitM)
D. Buffer Overflow
Correct Answer: C
Rationale: HSTS forces HTTPS and prevents downgrade attacks.
Question 9
What does the Accept HTTP header specify?
A. Server software
B. Authentication scheme
C. Content types the client can accept
D. Response length
Correct Answer: C
Rationale: It informs the server of acceptable response formats.
Question 10
What does the Content-Type header specify?
A. Client software
B. Type of content sent or returned
C. Authentication token
D. Compression method
, ESTUDYR
Correct Answer: B
Rationale: Content-Type defines how the message body should be interpreted.
Question 11
HTTP status code 400 Bad Request means:
A. Unauthorized
B. Not found
C. Invalid syntax or formatting
D. Server failure
Correct Answer: C
Rationale: A 400 error results from malformed client requests.
Question 12
What is Regression Testing?
A. Security scanning
B. Performance testing
C. Re-running old tests after changes
D. User acceptance testing
Correct Answer: C
Rationale: Regression testing ensures changes do not break existing functionality.
Question 13
When should regression testing be performed?
A. Before coding
B. During requirements gathering
C. After code changes are implemented
D. Only before deployment
Correct Answer: C
Rationale: It validates that new changes did not introduce defects.
SOFTWARE SECURITY AND TESTING (WGU - D385) MOST TESTED
QUESTIONS AND ANSWERS GRADED A+ WITH RATIONALES
Question 1
What does HTTP status code 403 Forbidden indicate?
A. The resource does not exist
B. The server encountered an error
C. The client lacks necessary permissions
D. The request syntax is invalid
Correct Answer: C
Rationale: A 403 response means the server understood the request but refuses to authorize it.
Question 2
What does HTTP status code 405 Method Not Allowed mean?
A. The resource cannot be found
B. The endpoint does not support the HTTP method used
C. Authentication credentials are missing
D. The request is malformed
Correct Answer: B
Rationale: A 405 error occurs when an HTTP method (e.g., POST) is not supported by the
endpoint.
Question 3
What does HTTP status code 404 Not Found indicate?
A. Authentication failed
B. Server error
C. The requested resource does not exist
D. Invalid request syntax
Correct Answer: C
Rationale: A 404 response indicates the server cannot locate the requested resource.
,ESTUDYR
Question 4
What is the purpose of the User-Agent HTTP header?
A. Defines encryption standards
B. Identifies authentication credentials
C. Specifies the client software making the request
D. Controls server caching
Correct Answer: C
Rationale: The User-Agent header identifies the browser, application, or tool sending the
request.
Question 5
What does the Authorization header specify?
A. Content type
B. Response encoding
C. Credentials of the user calling the API
D. Server software
Correct Answer: C
Rationale: The Authorization header transmits credentials such as tokens or API keys.
Question 6
Which best describes a Denial of Service (DoS) attack?
A. Code execution via input
B. Credential theft
C. Overloading a system to degrade performance
D. Intercepting encrypted traffic
Correct Answer: C
Rationale: DoS attacks flood systems with traffic, making services unavailable.
Question 7
What is Code Injection?
,ESTUDYR
A. Buffer overflow attack
B. Insertion of malicious code into a program
C. Credential replay
D. Log manipulation
Correct Answer: B
Rationale: Code injection allows attackers to execute arbitrary code.
Question 8
Absence of HSTS headers indicates vulnerability to which attack?
A. SQL Injection
B. CSRF
C. Man-in-the-Middle (MitM)
D. Buffer Overflow
Correct Answer: C
Rationale: HSTS forces HTTPS and prevents downgrade attacks.
Question 9
What does the Accept HTTP header specify?
A. Server software
B. Authentication scheme
C. Content types the client can accept
D. Response length
Correct Answer: C
Rationale: It informs the server of acceptable response formats.
Question 10
What does the Content-Type header specify?
A. Client software
B. Type of content sent or returned
C. Authentication token
D. Compression method
, ESTUDYR
Correct Answer: B
Rationale: Content-Type defines how the message body should be interpreted.
Question 11
HTTP status code 400 Bad Request means:
A. Unauthorized
B. Not found
C. Invalid syntax or formatting
D. Server failure
Correct Answer: C
Rationale: A 400 error results from malformed client requests.
Question 12
What is Regression Testing?
A. Security scanning
B. Performance testing
C. Re-running old tests after changes
D. User acceptance testing
Correct Answer: C
Rationale: Regression testing ensures changes do not break existing functionality.
Question 13
When should regression testing be performed?
A. Before coding
B. During requirements gathering
C. After code changes are implemented
D. Only before deployment
Correct Answer: C
Rationale: It validates that new changes did not introduce defects.
