Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. WGU
  3. Secure-Software-Design

WGU Secure-Software-Design Exam (page: 2)
WGU Secure Software Design (D487, KEO1)
Updated on: 07-Feb-2026

Viewing Page 2 of 16
Secure-Software-Design PDF 118 Questions

Which software control test examines the internal logical structures of a program and steps through the code line by line to analyze the program for potential errors?

  1. White box testing
  2. Reasonableness testing
  3. Black box testing
  4. Dynamic testing

Answer(s): A

Explanation:

White box testing, also known as clear box testing, glass box testing, transparent box testing, and structural testing, is a method of software testing where the internal structure, design, and coding of the software are tested to verify the flow of input-output and to improve the design, usability, and security. It involves looking at the structures that are internal to the system, with the tester having knowledge of the internal workings of the product. This type of testing is concerned with examining the internal logical structures of the program and is typically performed by stepping through the code line by line to analyze the program for potential errors, which aligns with the description of the control test in question.


Reference:

Control Structure Testing - GeeksforGeeks1
What is White Box Testing? - BrowserStack2
Software Testing Strategies Chapter 18 - IIT3



Which secure coding best practice says to assume all incoming data should be considered untrusted and should be validated to ensure the system only accepts valid data?

  1. General coding practices
  2. Input validation
  3. Session management
  4. System configuration

Answer(s): B

Explanation:

The secure coding best practice that emphasizes treating all incoming data as untrusted and subjecting it to validation is known as input validation. This practice is crucial for ensuring that a system only processes valid, clean data, thereby preventing many types of vulnerabilities, such as SQL injection, cross-site scripting (XSS), and buffer overflows, which can arise from maliciously crafted inputs.
Input validation involves verifying that the data meets certain criteria before it is processed by the system. This includes checking for the correct data type, length, format, and range. It also involves sanitizing the data to ensure that it does not contain any potentially harmful elements that could lead to security breaches.
A centralized input validation routine is recommended for the entire application, which helps in maintaining consistency and effectiveness in the validation process. This routine should be implemented on a trusted system, typically server-side, to prevent tampering or bypassing of the validation logic.
It's important to classify all data sources into trusted and untrusted categories and to apply rigorous validation to all data from untrusted sources, such as user input, databases, file streams, and network interfaces.
By adhering to the input validation best practice, developers can significantly reduce the attack surface of their applications and protect against a wide array of common security threats.


Reference:

The verified answer is supported by the Secure Coding Practices outlined by the OWASP Foundation1 and other reputable sources such as Coding Dojo2 and CERT Secure Coding3.



Which secure coding best practice says to require authentication before allowing any files to be uploaded and to limit the types of files to only those needed for the business purpose?

  1. File management
  2. Communication security
  3. Data protection
  4. Memory management

Answer(s): A

Explanation:

The secure coding best practice that requires authentication before allowing any files to be uploaded, and limits the types of files to only those needed for the business purpose, falls under the category of File Management. This practice is crucial for preventing unauthorized file uploads, which can be a common vector for attacks such as uploading malicious files or scripts. By enforcing authentication, the application ensures that only legitimate users can upload files. Additionally, restricting the file types to those necessary for business operations minimizes the risk of uploading potentially harmful files that could compromise the system.


Reference:

OWASP Secure Coding Practices1
File Upload Security Best Practices | CodeHandbook2
File Upload Protection ­ 10 Best Practices for Preventing ... - OPSWAT3



Which secure coding best practice says to use a single application-level authorization component that will lock down the application if it cannot access its configuration information?

  1. Access control
  2. Data protection
  3. Session management
  4. Communication security

Answer(s): A

Explanation:

The secure coding best practice that recommends using a single application-level authorization component to lock down the application if it cannot access its configuration information is known as Access Control. This practice is part of a broader set of security measures aimed at ensuring that only authorized users have access to certain functionalities or data within an application. By centralizing the authorization logic, it becomes easier to manage and enforce security policies consistently across the application. If the authorization component cannot retrieve its configuration, it defaults to a secure state, thus preventing unauthorized access1.


Reference:

1: OWASP Secure Coding Practices - Quick Reference Guide



Which SDL security goal is defined as ensuring timely and reliable access to and use of information?

  1. Information security
  2. Confidentiality
  3. Availability
  4. Integrity

Answer(s): C

Explanation:

The term `availability' in the context of Secure Software Development Lifecycle (SDL) refers to ensuring that systems, applications, and data are accessible to authorized users when needed. This means that the information must be timely and reliable, without undue delays or interruptions. Availability is a critical aspect of security, as it ensures that the software functions correctly and efficiently, providing users with the information they need to perform their tasks.


Reference:

The definition of availability as per the National Institute of Standards and Technology (NIST) Glossary1.
The Microsoft Security Development Lifecycle (SDL) which emphasizes the importance of availability in secure software design2.
General principles of Secure Software Development Life Cycle (SSDLC) that include availability as a key security goal3.



What is one of the tour core values of the agile manifesto?

  1. Communication between team members
  2. Individuals and interactions over processes and tools
  3. Business people and developers must work together daily throughout the project.
  4. Teams should have a dedicated and open workspace.

Answer(s): B

Explanation:

One of the four core values of the Agile Manifesto is prioritizing "individuals and interactions over processes and tools." This value emphasizes the importance of the human element in software development, advocating for direct communication, collaboration, and the flexibility to adapt to change over strict adherence to rigid processes or reliance on specific tools. It recognizes that while processes and tools are important, they should serve the team and the individuals within it, rather than the other way around.


Reference:

The Agile Manifesto itself, along with various interpretations and guides such as those provided by Smartsheet1 and LogRocket2, support this value as one of the central tenets of Agile methodologies. These resources offer insights into how this value, along with the other three, guide the Agile approach to efficient and effective software development.



The scrum team decided that before any change can be merged and tested, it must be looked at by the learns lead developer, who will ensure accepted coding patterns are being followed and that the code meets the team's quality standards.
Which category of secure software best practices is the team performing?

  1. Architecture analysis
  2. Penetration testing
  3. Code review
  4. Training

Answer(s): B

Explanation:

The practice described is Code review, which is a part of secure software development best practices. Code reviews are conducted to ensure that the code adheres to accepted coding patterns and meets the team's quality standards. This process involves the examination of source code by a person or a group other than the author to identify bugs, security vulnerabilities, and ensure compliance with coding standards.


Reference:

Fundamental Practices for Secure Software Development - SAFECode1.
Secure Software Development Framework | CSRC2.
Secure Software Development Best Practices - Hyperproof3.



The security team has a library of recorded presentations that are required viewing tor all new developers in the organization. The video series details organizational security policies and demonstrates how to define, test for. and code tor possible threats.
Which category of secure software best practices does this represent?

  1. Attack models
  2. Training
  3. Architecture analysis
  4. Code review

Answer(s): B

Explanation:

The category of secure software best practices being described is Training. This is because the focus is on educating new developers about organizational security policies and coding practices to mitigate potential threats. Training is a proactive approach to ensure that developers are aware of security concerns and are equipped with the knowledge to address them in their coding practices.


Reference:

The importance of training in secure software best practices is supported by industry resources such as the SAFECode's "Fundamental Practices for Secure Software Development" which emphasizes the need for application security control definition and management1, and the NIST's Secure Software Development Framework (SSDF) which recommends integrating secure development practices throughout the software development lifecycle2. Additional support for this category can be found in resources detailing effective secure development practices345.



Viewing Page 2 of 16



Share your comments for WGU Secure-Software-Design exam with other users:

hp 6/16/2023 12:44:00 AM

wonderful questions
Anonymous


Priyo 11/14/2023 2:23:00 AM

i used this site since 2000, still great to support my career
INDONESIA


Jude 8/29/2023 1:56:00 PM

why is the answer to "which of the following is required by scrum?" all of the following stated below since most of them are not mandatory? sprint retrospective. members must be stand up at the daily scrum. sprint burndown chart. release planning.
UNITED STATES


Marc blue 9/15/2023 4:11:00 AM

great job. hope this helps out.
UNITED STATES


Anne 9/13/2023 2:33:00 AM

upload please. many thanks!
Anonymous


pepe el toro 9/12/2023 7:55:00 PM

this is so interesting
Anonymous


Antony 11/28/2023 12:13:00 AM

great material thanks
AUSTRALIA


Thembelani 5/30/2023 2:22:00 AM

anyone who wrote this exam recently
Anonymous


P 9/16/2023 1:27:00 AM

ok they re good
Anonymous


Jorn 7/13/2023 5:05:00 AM

relevant questions
UNITED KINGDOM


AM 6/20/2023 7:54:00 PM

please post
UNITED STATES


Nagendra Pedipina 7/13/2023 2:22:00 AM

q:42 there has to be a image in the question to choose what does it mean from the options
INDIA


BrainDumpee 11/18/2023 1:36:00 PM

looking for cphq dumps, where can i find these for free? please and thank you.
UNITED STATES


sheik 10/14/2023 11:37:00 AM

@aarun , thanks for the information. it would be great help if you share your email
Anonymous


Random user 12/11/2023 1:34:00 AM

1z0-1078-23 need this dumps
Anonymous


labuschanka 11/16/2023 6:06:00 PM

i gave the microsoft azure az-500 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
Anonymous


Marianne 10/22/2023 11:57:00 PM

i cannot see the button to go to the questions
Anonymous


sushant 6/28/2023 4:52:00 AM

good questions
EUROPEAN UNION


A\MAM 6/27/2023 5:17:00 PM

q-6 ans-b correct. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-cli-quick-start/use-the-cli/commit-configuration-changes
UNITED STATES


unanimous 12/15/2023 6:38:00 AM

very nice very nice
Anonymous


akminocha 9/28/2023 10:36:00 AM

please help us with 1z0-1107-2 dumps
INDIA


Jefi 9/4/2023 8:15:00 AM

please upload the practice questions
Anonymous


Thembelani 5/30/2023 2:45:00 AM

need this dumps
Anonymous


Abduraimov 4/19/2023 12:43:00 AM

preparing for this exam is overwhelming. you cannot pass without the help of these exam dumps.
UNITED KINGDOM


Puneeth 10/5/2023 2:06:00 AM

new to this site but i feel it is good
EUROPEAN UNION


Ashok Kumar 1/2/2024 6:53:00 AM

the correct answer to q8 is b. explanation since the mule app has a dependency, it is necessary to include project modules and dependencies to make sure the app will run successfully on the runtime on any other machine. source code of the component that the mule app is dependent of does not need to be included in the exported jar file, because the source code is not being used while executing an app. compiled code is being used instead.
Anonymous


Merry 7/30/2023 6:57:00 AM

good questions
Anonymous


VoiceofMidnight 12/17/2023 4:07:00 PM

Delayed the exam until December 29th.
UNITED STATES


Umar Ali 8/29/2023 2:59:00 PM

A and D are True
Anonymous


vel 8/28/2023 9:17:09 AM

good one with explanation
Anonymous


Gurdeep 1/18/2024 4:00:15 PM

This is one of the most useful study guides I have ever used.
CANADA