WGU PRE-ASSESSMENT:
SECURE SOFTWARE DESIGN
(KEO1) (PKEO)
QUESTIONS AND VERIFIED
CORRECT ANSWERS
GRADED A+ LATEST 100%
GUARANTEED PASS
Which type of requirement specifies that user passwords will require a minimum of 8 characters
and must include at least one uppercase character, one number, and one special character? -
CORRECT ANSWER-Security requirement
Which type of requirement specifies that credit card numbers are designated as highly sensitive
confidential personal information? - CORRECT ANSWER-Data classification requirement
Which privacy impact statement requirement type defines how personal information is
protected on devices used by more than a single associate? - CORRECT ANSWER-Privacy control
requirements
In which step of the PASTA threat modeling methodology does design flaw analysis take place? -
CORRECT ANSWER-Vulnerability and weakness analysis
Which privacy impact statement requirement type defines who has access to personal
information within the product? - CORRECT ANSWER-Access requirements
, Which security assessment deliverable defines milestones that will be met during each phase of
the project, merged into the product development schedule? - CORRECT ANSWER-SDL project
outline
Which architecture deliverable identifies whether the product adheres to organization security
rules? - CORRECT ANSWER-Policy compliance analysis
Which threat modeling process identifies threats to each individual object in a data flow
diagram? - CORRECT ANSWER-STRIDE-per-element
The DREAD methodology has been used to classify an identified exploit where:
the attacker could log in as an administrator (damage potential)
the attacker could log in at any time (reproducibility)
almost anybody could perform the attack (exploitability)
all system users could be affected (affected users)
any person who knows how to open dev tools in a browser could find the vulnerability
(discoverability)
Which rating should be assigned to the exploit after performing an analysis using a ternary
ranking scale where high risk = 3 points, medium risk = 2 points, and low risk = 1 point? -
CORRECT ANSWER-High risk
What is the recommended way to mitigate a threat identified during threat modeling? -
CORRECT ANSWER-Apply a standard accepted countermeasure
The organization's testing team has created a catalog of test cases using the source code and
design documentation of the new product. Each test case will be executed for each user role in
the new product. Which type of security testing technique is being performed? - CORRECT
ANSWER-White-box
SECURE SOFTWARE DESIGN
(KEO1) (PKEO)
QUESTIONS AND VERIFIED
CORRECT ANSWERS
GRADED A+ LATEST 100%
GUARANTEED PASS
Which type of requirement specifies that user passwords will require a minimum of 8 characters
and must include at least one uppercase character, one number, and one special character? -
CORRECT ANSWER-Security requirement
Which type of requirement specifies that credit card numbers are designated as highly sensitive
confidential personal information? - CORRECT ANSWER-Data classification requirement
Which privacy impact statement requirement type defines how personal information is
protected on devices used by more than a single associate? - CORRECT ANSWER-Privacy control
requirements
In which step of the PASTA threat modeling methodology does design flaw analysis take place? -
CORRECT ANSWER-Vulnerability and weakness analysis
Which privacy impact statement requirement type defines who has access to personal
information within the product? - CORRECT ANSWER-Access requirements
, Which security assessment deliverable defines milestones that will be met during each phase of
the project, merged into the product development schedule? - CORRECT ANSWER-SDL project
outline
Which architecture deliverable identifies whether the product adheres to organization security
rules? - CORRECT ANSWER-Policy compliance analysis
Which threat modeling process identifies threats to each individual object in a data flow
diagram? - CORRECT ANSWER-STRIDE-per-element
The DREAD methodology has been used to classify an identified exploit where:
the attacker could log in as an administrator (damage potential)
the attacker could log in at any time (reproducibility)
almost anybody could perform the attack (exploitability)
all system users could be affected (affected users)
any person who knows how to open dev tools in a browser could find the vulnerability
(discoverability)
Which rating should be assigned to the exploit after performing an analysis using a ternary
ranking scale where high risk = 3 points, medium risk = 2 points, and low risk = 1 point? -
CORRECT ANSWER-High risk
What is the recommended way to mitigate a threat identified during threat modeling? -
CORRECT ANSWER-Apply a standard accepted countermeasure
The organization's testing team has created a catalog of test cases using the source code and
design documentation of the new product. Each test case will be executed for each user role in
the new product. Which type of security testing technique is being performed? - CORRECT
ANSWER-White-box
