Leads4pass > CyberArk > CyberArk Certifications > SECURE-SOFTWARE-DESIGN > SECURE-SOFTWARE-DESIGN Online Practice Questions and Answers

SECURE-SOFTWARE-DESIGN Online Practice Questions and Answers

Questions 4

The software security group is conducting a maturity assessment using the Building Security in Maturity Model (BSIMM). They are currently focused on reviewing attack models created during recently completed initiatives. Which BSIMM domain is being assessed?

A. Governance

B. Software security development life cycle (SSDL) touchpoints

C. Intelligence

D. Deployment

Buy Now
Questions 5

Company leadership has contracted with a security firm to evaluate the vulnerability of all externally facing enterprise applications via automated and manual system interactions. Which security testing technique is being used?

A. Property-based-testing

B. Source-code analysis

C. Penetration testing

D. Source-code fault injection

Buy Now
Questions 6

The software security team has been tasked with assessing a document management application that has been in use for many years and developing a plan to ensure it complies with organizational policies. Which post-release deliverable is being described?

A. Security strategy tor MandA products

B. Security strategy tor legacy code

C. Post-release certifications

D. External vulnerability disclosure response process

Buy Now
Questions 7

The security team has a library of recorded presentations that are required viewing for all new developers in the organization. The video series details organizational security policies and demonstrates how to define, test for, and code for possible throats.

Which category of secure software best practices does this represent?

A. Attack models

B. Training

C. Architecture analysis

D. Code review

Buy Now
Questions 8

Which mitigation technique can be used to tight against a threat where a user may gain access to administrator level functionality?

A. Encryption

B. Quality of service

C. Hashes

D. Run with least privilege

Buy Now
Questions 9

Using a web-based common vulnerability scoring system (CVSS) calculator, a security response team member performed an assessment on a reported vulnerability in the company's claims intake component. The base score of the vulnerability was 3.5 and changed to 5.9 after adjusting temporal and environmental metrics.

Which rating would CVSS assign this vulnerability?

A. Critical severity

B. High severity

C. Low severity

D. Medium severity

Buy Now
Questions 10

Which software-testing technique can be automated or semi-automated and provides invalid, unexpected, or random data to the inputs of a computer software program?

A. Fuzzing

B. Static analysis

C. Dynamic analysis

D. Bugtraq

Buy Now
Questions 11

A recent vulnerability scan uncovered an XML external entity (XXE) flaw that could allow attackers to return the contents of a system file by including a specific payload in an XML request. How should the organization remediate this vulnerability?

A. Ensure audit trails exist for all sensitive transactions

B. Disable resolution of external entities in the parsing library

C. Enforce role-based authorization in all application layers

D. Ensure authentication cookies are encrypted

Buy Now
Questions 12

Features have been developed and fully tested, the production environment has been created, and leadership has approved the release of the new product. Technicians have scheduled a time and date to make the product available to customers.

Which phase of the software development lifecycle (SDLC) is being described?

A. Maintenance

B. Deployment

C. End of life

D. Testing

Buy Now
Questions 13

The software security team is performing security testing for a new software product that is close to production release. They are concentrating on integrations between the new product and database servers, web servers, and web services. Which security testing technique is being used?

A. Fuzz testing

B. Dynamic code analysis

C. Binary fault injection

D. Binary code analysis

Buy Now
Exam Name: WGUSecure Software Design (KEO1) Exam
Last Update: Jul 07, 2026
Questions: 66
10%OFF Coupon Code: SAVE10

PDF (Q&A)

$49.99

VCE

$55.99

PDF + VCE

$65.99