WGU D487 PRE-ASSESSMENT: SECURE SOFTWARE DESIGN
(KEO1) (PKEO) QUESTIONS & ANSWERS NEWEST ACTUAL
EXAM STUDY THIS ONE
A company is preparing to add a new feature to its flagship software product. The new feature is similar
to features that have been added in previous years, and the requirements are well-documented. The
project is expected to last three to four months, at which time the new feature will be released to
customers. Project team members will focus solely on the new feature until the project ends. Which
software development methodology is being used? - CORRECT ANSWERS-Waterfall
A new product will require an administration section for a small number of users. Normal users will be
able to view limited customer information and should not see admin functionality within the application.
Which concept is being used? - CORRECT ANSWERS-Principle of least privilege
The scrum team is attending their morning meeting, which is scheduled at the beginning of the work
day. Each team member reports what they accomplished yesterday, what they plan to accomplish today,
and if they have any impediments that may cause them to miss their delivery deadline. Which scrum
ceremony is the team participating in? - CORRECT ANSWERS-Daily Scrum
What is a list of information security vulnerabilities that aims to provide names for publicly known
problems? - CORRECT ANSWERS-Common computer vulnerabilities and exposures (CVE)
Which secure coding best practice uses well-tested, publicly available algorithms to hide product data
from unauthorized access? - CORRECT ANSWERS-Cryptographic practices
Which secure coding best practice uses well-tested, publicly available algorithms to hide product data
from unauthorized access? - CORRECT ANSWERS-Cryptographic practices
Which secure coding best practice ensures servers, frameworks, and system components are all running
the latest approved versions? - CORRECT ANSWERS-System configuration
Which secure coding best practice says to use parameterized queries, encrypted connection strings
stored in separate configuration files, and strong passwords or multi-factor authentication? -
CORRECT ANSWERS-Database security
, Which secure coding best practice says that all information passed to other systems should be
encrypted? - CORRECT ANSWERS-Communication security
eam members are being introduced during sprint zero in the project kickoff meeting. The person being
introduced is a member of the scrum team, responsible for writing feature logic and attending sprint
ceremonies. Which role is the team member playing? - CORRECT ANSWERS-Software
developer
A software security team member has created data flow diagrams, chosen the STRIDE methodology to
perform threat reviews, and created the security assessment for the new product. Which category of
secure software best practices did the team member perform? - CORRECT ANSWERS-
Architecture analysis
Team members are being introduced during sprint zero in the project kickoff meeting. The person being
introduced will be a facilitator, will try to remove roadblocks and ensure the team is communicating
freely, and will be responsible for facilitating all scrum ceremonies. Which role is the team member
playing? - CORRECT ANSWERS-Scrum master
The new product standards state that all traffic must be secure and encrypted. What is the name for this
secure coding practice? - CORRECT ANSWERS-Communication security
Which DREAD category is based on how easily a threat exploit can be repeated? - CORRECT
ANSWERS-Reproducibility
Which mitigation technique can be used to fight against a data tampering threat? - CORRECT
ANSWERS-Digital signatures
What is a countermeasure to the web application security frame (ASF) configuration management threat
category? - CORRECT ANSWERS-Compliance requirement
Which type of requirement specifies that file formats the application sends to financial institutions must
be certified every four years? - CORRECT ANSWERS-Compliance requirement
(KEO1) (PKEO) QUESTIONS & ANSWERS NEWEST ACTUAL
EXAM STUDY THIS ONE
A company is preparing to add a new feature to its flagship software product. The new feature is similar
to features that have been added in previous years, and the requirements are well-documented. The
project is expected to last three to four months, at which time the new feature will be released to
customers. Project team members will focus solely on the new feature until the project ends. Which
software development methodology is being used? - CORRECT ANSWERS-Waterfall
A new product will require an administration section for a small number of users. Normal users will be
able to view limited customer information and should not see admin functionality within the application.
Which concept is being used? - CORRECT ANSWERS-Principle of least privilege
The scrum team is attending their morning meeting, which is scheduled at the beginning of the work
day. Each team member reports what they accomplished yesterday, what they plan to accomplish today,
and if they have any impediments that may cause them to miss their delivery deadline. Which scrum
ceremony is the team participating in? - CORRECT ANSWERS-Daily Scrum
What is a list of information security vulnerabilities that aims to provide names for publicly known
problems? - CORRECT ANSWERS-Common computer vulnerabilities and exposures (CVE)
Which secure coding best practice uses well-tested, publicly available algorithms to hide product data
from unauthorized access? - CORRECT ANSWERS-Cryptographic practices
Which secure coding best practice uses well-tested, publicly available algorithms to hide product data
from unauthorized access? - CORRECT ANSWERS-Cryptographic practices
Which secure coding best practice ensures servers, frameworks, and system components are all running
the latest approved versions? - CORRECT ANSWERS-System configuration
Which secure coding best practice says to use parameterized queries, encrypted connection strings
stored in separate configuration files, and strong passwords or multi-factor authentication? -
CORRECT ANSWERS-Database security
, Which secure coding best practice says that all information passed to other systems should be
encrypted? - CORRECT ANSWERS-Communication security
eam members are being introduced during sprint zero in the project kickoff meeting. The person being
introduced is a member of the scrum team, responsible for writing feature logic and attending sprint
ceremonies. Which role is the team member playing? - CORRECT ANSWERS-Software
developer
A software security team member has created data flow diagrams, chosen the STRIDE methodology to
perform threat reviews, and created the security assessment for the new product. Which category of
secure software best practices did the team member perform? - CORRECT ANSWERS-
Architecture analysis
Team members are being introduced during sprint zero in the project kickoff meeting. The person being
introduced will be a facilitator, will try to remove roadblocks and ensure the team is communicating
freely, and will be responsible for facilitating all scrum ceremonies. Which role is the team member
playing? - CORRECT ANSWERS-Scrum master
The new product standards state that all traffic must be secure and encrypted. What is the name for this
secure coding practice? - CORRECT ANSWERS-Communication security
Which DREAD category is based on how easily a threat exploit can be repeated? - CORRECT
ANSWERS-Reproducibility
Which mitigation technique can be used to fight against a data tampering threat? - CORRECT
ANSWERS-Digital signatures
What is a countermeasure to the web application security frame (ASF) configuration management threat
category? - CORRECT ANSWERS-Compliance requirement
Which type of requirement specifies that file formats the application sends to financial institutions must
be certified every four years? - CORRECT ANSWERS-Compliance requirement
