D385 - Software Security and Testing
WGU D385 FINAL EXAM QUETSIONS
AND ANSWERS 2025-2026 GRADED A+
What is Defensive Programming? -Correct Answers ✔-- assume mistakes will
happen and guard against them
- assertions are the most common way of doing this
- code checks itself as it runs
- always check, validate, and sanitize data
Which attribute provides a dictionary of breakpoint instances? -Correct Answers
✔-- bplist
- maintains a (file, line) tuple of breakpoints
Which function can be used to return all set breakpoints? -Correct Answers ✔--
get_all_breaks( )
- returns a string with all set breakpoints
Which 3 data types are considered user-provided? -Correct Answers ✔-- cookies
- POST data payloads
- URL parameters
D385 - Software Security and Testing
, D385 - Software Security and Testing
What are limitations of Static Code Analysis -Correct Answers ✔-- does not
account for runtime vulnerabilities
- requires the tester to posses both testing and software development skills
- tools would have to be language specific
Advantage of Static Code Analysis? -Correct Answers ✔-- fast turnaround time
- especially when tools are used
Advantage of Dynamic Code Analysis? -Correct Answers ✔-- no need to
understand how to write software
- finds runtime vulnerabilities
- requires only a running system; conducted on any application
Limitations of Dynamic Code Analysis? -Correct Answers ✔-- false positives and
false negatives
- dependent on the correctness of the rules
- false sense of security
- difficult to trace back to exact location
What kind of attacks does Client-side Testing look to prevent? -Correct Answers
✔-- XSS
D385 - Software Security and Testing
WGU D385 FINAL EXAM QUETSIONS
AND ANSWERS 2025-2026 GRADED A+
What is Defensive Programming? -Correct Answers ✔-- assume mistakes will
happen and guard against them
- assertions are the most common way of doing this
- code checks itself as it runs
- always check, validate, and sanitize data
Which attribute provides a dictionary of breakpoint instances? -Correct Answers
✔-- bplist
- maintains a (file, line) tuple of breakpoints
Which function can be used to return all set breakpoints? -Correct Answers ✔--
get_all_breaks( )
- returns a string with all set breakpoints
Which 3 data types are considered user-provided? -Correct Answers ✔-- cookies
- POST data payloads
- URL parameters
D385 - Software Security and Testing
, D385 - Software Security and Testing
What are limitations of Static Code Analysis -Correct Answers ✔-- does not
account for runtime vulnerabilities
- requires the tester to posses both testing and software development skills
- tools would have to be language specific
Advantage of Static Code Analysis? -Correct Answers ✔-- fast turnaround time
- especially when tools are used
Advantage of Dynamic Code Analysis? -Correct Answers ✔-- no need to
understand how to write software
- finds runtime vulnerabilities
- requires only a running system; conducted on any application
Limitations of Dynamic Code Analysis? -Correct Answers ✔-- false positives and
false negatives
- dependent on the correctness of the rules
- false sense of security
- difficult to trace back to exact location
What kind of attacks does Client-side Testing look to prevent? -Correct Answers
✔-- XSS
D385 - Software Security and Testing
