Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. WGU
  3. Secure-Software-Design

WGU Secure-Software-Design Exam (page: 2)
WGU Secure Software Design (D487, KEO1)
Updated on: 24-Mar-2026

Viewing Page 2 of 16
Secure-Software-Design PDF 118 Questions

Which software control test examines the internal logical structures of a program and steps through the code line by line to analyze the program for potential errors?

  1. White box testing
  2. Reasonableness testing
  3. Black box testing
  4. Dynamic testing

Answer(s): A

Explanation:

White box testing, also known as clear box testing, glass box testing, transparent box testing, and structural testing, is a method of software testing where the internal structure, design, and coding of the software are tested to verify the flow of input-output and to improve the design, usability, and security. It involves looking at the structures that are internal to the system, with the tester having knowledge of the internal workings of the product. This type of testing is concerned with examining the internal logical structures of the program and is typically performed by stepping through the code line by line to analyze the program for potential errors, which aligns with the description of the control test in question.


Reference:

Control Structure Testing - GeeksforGeeks1
What is White Box Testing? - BrowserStack2
Software Testing Strategies Chapter 18 - IIT3



Which secure coding best practice says to assume all incoming data should be considered untrusted and should be validated to ensure the system only accepts valid data?

  1. General coding practices
  2. Input validation
  3. Session management
  4. System configuration

Answer(s): B

Explanation:

The secure coding best practice that emphasizes treating all incoming data as untrusted and subjecting it to validation is known as input validation. This practice is crucial for ensuring that a system only processes valid, clean data, thereby preventing many types of vulnerabilities, such as SQL injection, cross-site scripting (XSS), and buffer overflows, which can arise from maliciously crafted inputs.
Input validation involves verifying that the data meets certain criteria before it is processed by the system. This includes checking for the correct data type, length, format, and range. It also involves sanitizing the data to ensure that it does not contain any potentially harmful elements that could lead to security breaches.
A centralized input validation routine is recommended for the entire application, which helps in maintaining consistency and effectiveness in the validation process. This routine should be implemented on a trusted system, typically server-side, to prevent tampering or bypassing of the validation logic.
It's important to classify all data sources into trusted and untrusted categories and to apply rigorous validation to all data from untrusted sources, such as user input, databases, file streams, and network interfaces.
By adhering to the input validation best practice, developers can significantly reduce the attack surface of their applications and protect against a wide array of common security threats.


Reference:

The verified answer is supported by the Secure Coding Practices outlined by the OWASP Foundation1 and other reputable sources such as Coding Dojo2 and CERT Secure Coding3.



Which secure coding best practice says to require authentication before allowing any files to be uploaded and to limit the types of files to only those needed for the business purpose?

  1. File management
  2. Communication security
  3. Data protection
  4. Memory management

Answer(s): A

Explanation:

The secure coding best practice that requires authentication before allowing any files to be uploaded, and limits the types of files to only those needed for the business purpose, falls under the category of File Management. This practice is crucial for preventing unauthorized file uploads, which can be a common vector for attacks such as uploading malicious files or scripts. By enforcing authentication, the application ensures that only legitimate users can upload files. Additionally, restricting the file types to those necessary for business operations minimizes the risk of uploading potentially harmful files that could compromise the system.


Reference:

OWASP Secure Coding Practices1
File Upload Security Best Practices | CodeHandbook2
File Upload Protection ­ 10 Best Practices for Preventing ... - OPSWAT3



Which secure coding best practice says to use a single application-level authorization component that will lock down the application if it cannot access its configuration information?

  1. Access control
  2. Data protection
  3. Session management
  4. Communication security

Answer(s): A

Explanation:

The secure coding best practice that recommends using a single application-level authorization component to lock down the application if it cannot access its configuration information is known as Access Control. This practice is part of a broader set of security measures aimed at ensuring that only authorized users have access to certain functionalities or data within an application. By centralizing the authorization logic, it becomes easier to manage and enforce security policies consistently across the application. If the authorization component cannot retrieve its configuration, it defaults to a secure state, thus preventing unauthorized access1.


Reference:

1: OWASP Secure Coding Practices - Quick Reference Guide



Which SDL security goal is defined as ensuring timely and reliable access to and use of information?

  1. Information security
  2. Confidentiality
  3. Availability
  4. Integrity

Answer(s): C

Explanation:

The term `availability' in the context of Secure Software Development Lifecycle (SDL) refers to ensuring that systems, applications, and data are accessible to authorized users when needed. This means that the information must be timely and reliable, without undue delays or interruptions. Availability is a critical aspect of security, as it ensures that the software functions correctly and efficiently, providing users with the information they need to perform their tasks.


Reference:

The definition of availability as per the National Institute of Standards and Technology (NIST) Glossary1.
The Microsoft Security Development Lifecycle (SDL) which emphasizes the importance of availability in secure software design2.
General principles of Secure Software Development Life Cycle (SSDLC) that include availability as a key security goal3.



What is one of the tour core values of the agile manifesto?

  1. Communication between team members
  2. Individuals and interactions over processes and tools
  3. Business people and developers must work together daily throughout the project.
  4. Teams should have a dedicated and open workspace.

Answer(s): B

Explanation:

One of the four core values of the Agile Manifesto is prioritizing "individuals and interactions over processes and tools." This value emphasizes the importance of the human element in software development, advocating for direct communication, collaboration, and the flexibility to adapt to change over strict adherence to rigid processes or reliance on specific tools. It recognizes that while processes and tools are important, they should serve the team and the individuals within it, rather than the other way around.


Reference:

The Agile Manifesto itself, along with various interpretations and guides such as those provided by Smartsheet1 and LogRocket2, support this value as one of the central tenets of Agile methodologies. These resources offer insights into how this value, along with the other three, guide the Agile approach to efficient and effective software development.



The scrum team decided that before any change can be merged and tested, it must be looked at by the learns lead developer, who will ensure accepted coding patterns are being followed and that the code meets the team's quality standards.
Which category of secure software best practices is the team performing?

  1. Architecture analysis
  2. Penetration testing
  3. Code review
  4. Training

Answer(s): B

Explanation:

The practice described is Code review, which is a part of secure software development best practices. Code reviews are conducted to ensure that the code adheres to accepted coding patterns and meets the team's quality standards. This process involves the examination of source code by a person or a group other than the author to identify bugs, security vulnerabilities, and ensure compliance with coding standards.


Reference:

Fundamental Practices for Secure Software Development - SAFECode1.
Secure Software Development Framework | CSRC2.
Secure Software Development Best Practices - Hyperproof3.



The security team has a library of recorded presentations that are required viewing tor all new developers in the organization. The video series details organizational security policies and demonstrates how to define, test for. and code tor possible threats.
Which category of secure software best practices does this represent?

  1. Attack models
  2. Training
  3. Architecture analysis
  4. Code review

Answer(s): B

Explanation:

The category of secure software best practices being described is Training. This is because the focus is on educating new developers about organizational security policies and coding practices to mitigate potential threats. Training is a proactive approach to ensure that developers are aware of security concerns and are equipped with the knowledge to address them in their coding practices.


Reference:

The importance of training in secure software best practices is supported by industry resources such as the SAFECode's "Fundamental Practices for Secure Software Development" which emphasizes the need for application security control definition and management1, and the NIST's Secure Software Development Framework (SSDF) which recommends integrating secure development practices throughout the software development lifecycle2. Additional support for this category can be found in resources detailing effective secure development practices345.



Viewing Page 2 of 16



Share your comments for WGU Secure-Software-Design exam with other users:

beast 7/30/2023 2:22:00 PM

hi i want it please please upload it
Anonymous


Mirex 5/26/2023 3:45:00 AM

am preparing for exam ,just nice questions
Anonymous


exampei 8/7/2023 8:05:00 AM

please upload c_tadm_23 exam
TURKEY


Anonymous 9/12/2023 12:50:00 PM

can we get tdvan4 vantage data engineering pdf?
UNITED STATES


Aish 10/11/2023 5:51:00 AM

want to clear the exam.
INDIA


Smaranika 6/22/2023 8:42:00 AM

could you please upload the dumps of sap c_sac_2302
INDIA


Blessious Phiri 8/15/2023 1:56:00 PM

asm management configuration is about storage
Anonymous


Lewis 7/6/2023 8:49:00 PM

kool thumb up
UNITED STATES


Moreece 5/15/2023 8:44:00 AM

just passed the az-500 exam this last friday. most of the questions in this exam dumps are in the exam. i bought the full version and noticed some of the questions which were answered wrong in the free version are all corrected in the full version. this site is good but i wish the had it in an interactive version like a test engine simulator.
Anonymous


Terry 5/24/2023 4:41:00 PM

i can practice for exam
Anonymous


Emerys 7/29/2023 6:55:00 AM

please i need this exam.
Anonymous


Goni Mala 9/2/2023 12:27:00 PM

i need the dump
Anonymous


Lenny 9/29/2023 11:30:00 AM

i want it bad, even if cs6 maybe retired, i want to learn cs6
HONG KONG


MilfSlayer 12/28/2023 8:32:00 PM

i hate comptia with all my heart with their "choose the best" answer format as an argument could be made on every question. they say "the "comptia way", lmao no this right here boys is the comptia way 100%. take it from someone whos failed this exam twice but can configure an entire complex network that these are the questions that are on the test 100% no questions asked. the pbqs are dead on! nice work
Anonymous


Swati Raj 11/14/2023 6:28:00 AM

very good materials
UNITED STATES


Ko Htet 10/17/2023 1:28:00 AM

thanks for your support.
Anonymous


Philippe 1/22/2023 10:24:00 AM

iam impressed with the quality of these dumps. they questions and answers were easy to understand and the xengine app was very helpful to use.
CANADA


Sam 8/31/2023 10:32:00 AM

not bad but you question database from isaca
MALAYSIA


Brijesh kr 6/29/2023 4:07:00 AM

awesome contents
INDIA


JM 12/19/2023 1:22:00 PM

answer to 134 is casb. while data loss prevention is the goal, in order to implement dlp in cloud applications you need to deploy a casb.
UNITED STATES


Neo 7/26/2023 9:36:00 AM

are these brain dumps sufficient enough to go write exam after practicing them? or does one need more material this wont be enough?
SOUTH AFRICA


Bilal 8/22/2023 6:33:00 AM

i did attend the required cources and i need to be sure that i am ready to take the exam, i would ask you please to share the questions, to be sure that i am fit to proceed with taking the exam.
Anonymous


John 11/12/2023 8:48:00 PM

why only give explanations on some, and not all questions and their respective answers?
UNITED STATES


Biswa 11/20/2023 8:50:00 AM

refresh db knowledge
Anonymous


Shalini Sharma 10/17/2023 8:29:00 AM

interested for sap certification
JAPAN


ethan 9/24/2023 12:38:00 PM

could you please upload practice questions for scr exam ?
HONG KONG


vijay joshi 8/19/2023 3:15:00 AM

please upload free oracle cloud infrastructure 2023 foundations associate exam braindumps
Anonymous


Ayodele Talabi 8/25/2023 9:25:00 PM

sweating! they are tricky
CANADA


Romero 3/23/2022 4:20:00 PM

i never use these dumps sites but i had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES


John Kennedy 9/20/2023 3:33:00 AM

good practice and well sites.
Anonymous


Nenad 7/12/2022 11:05:00 PM

passed my first exam last week and pass the second exam this morning. thank you sir for all the help and these brian dumps.
INDIA


Lucky 10/31/2023 2:01:00 PM

does anyone who attended exam csa 8.8, can confirm these questions are really coming ? or these are just for practicing?
HONG KONG


Prateek 9/18/2023 11:13:00 AM

kindly share the dumps
UNITED STATES


Irfan 11/25/2023 1:26:00 AM

very nice content
Anonymous