100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
WGU D487: SECURE SOFTWARE DESIGN QUESTIONS AND ANSWERS 2024 $17.99   Add to cart
Quickly navigate to
Preview
  2.  
  3. WGU D487: SECURE SOFTWARE DESIGN
  4.  
  5. WGU D487: SECURE SOFTWARE DESIGN

Exam (elaborations)

WGU D487: SECURE SOFTWARE DESIGN QUESTIONS AND ANSWERS 2024
 23 views  0 purchase
  • Course
  • WGU D487: SECURE SOFTWARE DESIGN
  • Institution
  • WGU D487: SECURE SOFTWARE DESIGN

WGU D487: SECURE SOFTWARE DESIGN QUESTIONS AND ANSWERS 2024

Preview 4 out of 41  pages

Document information

  • September 22, 2024
  • 41
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

Written for

  • WGU D487: SECURE SOFTWARE DESIGN
  • WGU D487: SECURE SOFTWARE DESIGN

Seller

avatar-seller
Teacher101

Reviews received

Content preview

WGU D487: SECURE SOFTWARE DESIGN

The company's website uses querystring parameters to filter products by
category. The URL, when filtering on a product category, looks like this:
company.com/products?category=2.If the security team saw a URL of
company.com/products?category=2 OR 1=1 in the logs, what assumption should
they make?



An attacker is attempting to enter invalid characters in a textbox on the products
page.



An attacker is attempting to use SQL injection to gain access to information.



An attacker is attempting to force the application to throw an exception so they
may view exploitable information.



An attacker is attempting to access the system using credentials that do not
belong to them.



An attacker is attempting to use SQL injection to gain access to information.



An SQL injection attack attempts to gain access to information with malformed
query parameters.

,Which post-release support activity (PRSA) details the process for investigating,
mitigating, and communicating findings when security vulnerabilities are
discovered in a software product?

Internal review for new product combinations or cloud deployment

Third-party reviews

Post-release certifications

External vulnerability disclosure response

External vulnerability disclosure response



The external vulnerability disclosure response (PRSA1) defines processes to
evaluate and mitigate security vulnerabilities discovered after release. It also
details how the organization will communicate to customers.



Which post-release support key success factor says that any change or
component reuse should trigger security development life cycle activities?

Post-release certifications

SDL cycle for any architectural changes or code reuses

External vulnerability disclosure response process

Third-party reviews

SDL cycle for any architectural changes or code reuses



Any architectural change, code change, or code/component reuse should trigger
SDL activities.

,Which step will you find in the SANS Institute Cyber Defense seven-step recipe for
conducting threat modeling and application risk analysis?

Threat assessment

Conduct a BSIMM assessment

Demonstrate improvement

Brainstorm threats from adversaries

Brainstorm threats from adversaries



Brainstorm threats from adversaries is step 4 in the SANS Institute recipe.



In which OpenSAMM core practice area would one find environment hardening?

Governance

Deployment

Verification

Construction

Deployment



The deployment core practice area contains environment hardening, vulnerability
management, and operational enablement.



What are the two common best principles of software applications in the
development process? Choose 2 answers.

Quality code

, Secure code

Information security

Integrity

Availability

Quality code

Secure code



"Quality code" is correct. Quality code is efficient code that is easy to maintain
and reusable.

"Secure code" is correct. Secure code authorizes and authenticates every user
transaction, logs the transaction, and denies all unauthorized requisitions.



What ensures that the user has the appropriate role and privilege to view data?

Authentication

Multi-factor authentication

Encryption

Information security

Authorization

Authorization



Authorization ensures a user's information and credentials are approved by the
system.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Teacher101. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $17.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

81113 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$17.99
  • (0)
  Add to cart