What is a list of information security vulnerabilities that aims to provide names for
WGU D487 PRE-ASSESSMENT: SECURE publicly known problems? - ANSWER- Common computer vulnerabilities and
exposures (CVE)
SOFTWARE DESIGN (KEO1) (PKEO)
Which secure coding best practice uses well-tested, publicly available algorithms to hide
QUESTIONS WITH ANSWERS CLEAR product data from unauthorized access? - ANSWER- Cryptographic practices
VERSION 2025 Which secure coding best practice uses well-tested, publicly available algorithms to hide
product data from unauthorized access? - ANSWER- Cryptographic practices
What is a study of real-world software security initiatives organized so companies can Which secure coding best practice ensures servers, frameworks, and system
measure their initiatives and understand how to evolve them over time?, - ANSWER- components are all running the latest approved versions? - ANSWER- System
Building Security In Maturity Model (BSIMM) configuration
What is the analysis of computer software that is performed without executing Which secure coding best practice says to use parameterized queries, encrypted
programs? - ANSWER- Static analysis connection strings stored in separate configuration files, and strong passwords or multi-
factor authentication? - ANSWER- Database security
Which International Organization for Standardization (ISO) standard is the benchmark
for information security today? - ANSWER- ISO/IEC 27001. Which secure coding best practice says that all information passed to other systems
should be encrypted? - ANSWER- Communication security
What is the analysis of computer software that is performed by executing programs on a
real or virtual processor in real time?, - ANSWER- Dynamic analysis eam members are being introduced during sprint zero in the project kickoff meeting.
The person being introduced is a member of the scrum team, responsible for writing
Which person is responsible for designing, planning, and implementing secure coding feature logic and attending sprint ceremonies. Which role is the team member playing? -
practices and security testing methodologies? - ANSWER- Software security architect ANSWER- Software developer
A company is preparing to add a new feature to its flagship software product. The new A software security team member has created data flow diagrams, chosen the STRIDE
feature is similar to features that have been added in previous years, and the methodology to perform threat reviews, and created the security assessment for the
requirements are well-documented. The project is expected to last three to four months, new product. Which category of secure software best practices did the team member
at which time the new feature will be released to customers. Project team members will perform? - ANSWER- Architecture analysis
focus solely on the new feature until the project ends. Which software development
methodology is being used? - ANSWER- Waterfall Team members are being introduced during sprint zero in the project kickoff meeting.
The person being introduced will be a facilitator, will try to remove roadblocks and
A new product will require an administration section for a small number of users. Normal ensure the team is communicating freely, and will be responsible for facilitating all
users will be able to view limited customer information and should not see admin scrum ceremonies. Which role is the team member playing? - ANSWER- Scrum master
functionality within the application. Which concept is being used? - ANSWER- Principle
of least privilege The new product standards state that all traffic must be secure and encrypted. What is
the name for this secure coding practice? - ANSWER- Communication security
The scrum team is attending their morning meeting, which is scheduled at the beginning
of the work day. Each team member reports what they accomplished yesterday, what Which DREAD category is based on how easily a threat exploit can be repeated? -
they plan to accomplish today, and if they have any impediments that may cause them ANSWER- Reproducibility
to miss their delivery deadline. Which scrum ceremony is the team participating in? -
ANSWER- Daily Scrum Which mitigation technique can be used to fight against a data tampering threat? -
ANSWER- Digital signatures
WGU D487 PRE-ASSESSMENT: SECURE publicly known problems? - ANSWER- Common computer vulnerabilities and
exposures (CVE)
SOFTWARE DESIGN (KEO1) (PKEO)
Which secure coding best practice uses well-tested, publicly available algorithms to hide
QUESTIONS WITH ANSWERS CLEAR product data from unauthorized access? - ANSWER- Cryptographic practices
VERSION 2025 Which secure coding best practice uses well-tested, publicly available algorithms to hide
product data from unauthorized access? - ANSWER- Cryptographic practices
What is a study of real-world software security initiatives organized so companies can Which secure coding best practice ensures servers, frameworks, and system
measure their initiatives and understand how to evolve them over time?, - ANSWER- components are all running the latest approved versions? - ANSWER- System
Building Security In Maturity Model (BSIMM) configuration
What is the analysis of computer software that is performed without executing Which secure coding best practice says to use parameterized queries, encrypted
programs? - ANSWER- Static analysis connection strings stored in separate configuration files, and strong passwords or multi-
factor authentication? - ANSWER- Database security
Which International Organization for Standardization (ISO) standard is the benchmark
for information security today? - ANSWER- ISO/IEC 27001. Which secure coding best practice says that all information passed to other systems
should be encrypted? - ANSWER- Communication security
What is the analysis of computer software that is performed by executing programs on a
real or virtual processor in real time?, - ANSWER- Dynamic analysis eam members are being introduced during sprint zero in the project kickoff meeting.
The person being introduced is a member of the scrum team, responsible for writing
Which person is responsible for designing, planning, and implementing secure coding feature logic and attending sprint ceremonies. Which role is the team member playing? -
practices and security testing methodologies? - ANSWER- Software security architect ANSWER- Software developer
A company is preparing to add a new feature to its flagship software product. The new A software security team member has created data flow diagrams, chosen the STRIDE
feature is similar to features that have been added in previous years, and the methodology to perform threat reviews, and created the security assessment for the
requirements are well-documented. The project is expected to last three to four months, new product. Which category of secure software best practices did the team member
at which time the new feature will be released to customers. Project team members will perform? - ANSWER- Architecture analysis
focus solely on the new feature until the project ends. Which software development
methodology is being used? - ANSWER- Waterfall Team members are being introduced during sprint zero in the project kickoff meeting.
The person being introduced will be a facilitator, will try to remove roadblocks and
A new product will require an administration section for a small number of users. Normal ensure the team is communicating freely, and will be responsible for facilitating all
users will be able to view limited customer information and should not see admin scrum ceremonies. Which role is the team member playing? - ANSWER- Scrum master
functionality within the application. Which concept is being used? - ANSWER- Principle
of least privilege The new product standards state that all traffic must be secure and encrypted. What is
the name for this secure coding practice? - ANSWER- Communication security
The scrum team is attending their morning meeting, which is scheduled at the beginning
of the work day. Each team member reports what they accomplished yesterday, what Which DREAD category is based on how easily a threat exploit can be repeated? -
they plan to accomplish today, and if they have any impediments that may cause them ANSWER- Reproducibility
to miss their delivery deadline. Which scrum ceremony is the team participating in? -
ANSWER- Daily Scrum Which mitigation technique can be used to fight against a data tampering threat? -
ANSWER- Digital signatures
