Security testers have completed testing and are documenting the results of vulnerability scans and penetration analysis. They are also creating documentation to share with the organization's largest customers. Which deliverable is being prepared?
A. Open-source licensing review report
B. Customer engagement framework
C. Remediation report
D. Security testing reports
The organization has contracted with an outside firm to simulate an attack on the new software product and report findings and remediation recommendations. Which activity of the Ship SDL phase is being performed?
A. Penetration testing
B. Policy compliance analysis
C. Open-source licensing review
D. Final security review
During fuzz testing of the new product, random values were entered into input elements. Search requests were sent to the correct API endpoint but many of them failed on execution due to type mismatches. How should existing security controls be adjusted to prevent this in the future?
A. Ensure all user input data is validated prior to transmitting requests
B. Ensure all requests and responses are encrypted
C. Ensure sensitive transactions can be traced through an audit log
D. Ensure the contents of authentication cookies are encrypted
What is the last step of the SDLC/SDL code review process?
A. Review for security issues unique to the architecture
B. Identify security code review objectives
C. Perform preliminary scan
D. Review code for security issues
Which type of security analysis is performed using automated software tools while an application is running and is most commonly executed during the testing phase of the SDLC?
A. Dynamic analysis
B. Manual code review
C. Static analysis
D. Fuzz testing
Which threat modeling approach concentrates on things the organization wants to protect?
A. Asset-centric
B. Server-centric
C. Attacker-centric
D. Application-centric
The software security team is performing security testing for a new software product that is close to production release. They are concentrating on integrations between the new product and database servers, web servers, and web services. Which security testing technique is being used?
A. Fuzz testing
B. Dynamic code analysis
C. Binary fault injection
D. Binary code analysis
Which privacy impact statement requirement type defines how personal information will be protected when authorized or independent external entities are involved?
A. Personal information retention requirements
B. User controls requirements
C. Third party requirements
D. Data integrity requirements
In which step of the PASTA threat modeling methodology will the team capture infrastructure, application, and software dependencies?
A. Attack modeling
B. Define technical scope
C. Define objectives
D. Risk and impact analysis
Which mitigation technique is used to fight against an identity spoofing threat?
A. Require user authorization
B. Filtering
C. Audit trails
D. Encryption
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only WGU exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SECURE-SOFTWARE-DESIGN exam preparations and WGU certification application, do not hesitate to visit our Vcedump.com to find your solutions here.