Free WGU Secure-Software-Design Exam Dumps Questions & Answers

Which type of manual code review technique is being used when the reviewer starts at an input control and traces its value through the application to each of the value's outputs?

• A.  Risk analysis
• B.  Control flow analysis
• C.  Threat analysis
• D.  Data flow analysis

Which secure software design principle states that it is always safer to require agreement of more than one entity to make a decision?

• A.  Separation of Privileges
• B.  Psychological Acceptability
• C.  Total Mediation
• D.  Least Privilege

During fuzz testing of the new product, an exception was thrown on the order entry view, which caused a full stack dump to be displayed in the browser window that included function names from the source code.
How should existing security controls be adjusted to prevent this in the future?

• A.  Ensure privileges are restored after application exceptions
• B.  Ensure private information is not logged
• C.  Ensure sensitive information is scrubbed from all error messages
• D.  Ensure all exceptions are handled in a standardized way

What is the privacy impact rating of an application that stores personally identifiable information, monitors users with ongoing transfers of anonymous data, and changes settings without notifying the user?

• A.  P4 no privacy risk
• B.  P3 low privacy risk
• C.  P2 moderate privacy risk
• D.  P1 high privacy risk

The security team is reviewing all noncommercial software libraries used in the new product to ensure they are being used according to the legal specifications defined by the authors.
What activity of the Ship SDL phase is being performed?

• A.  Penetration testing
• B.  Final security review
• C.  Policy compliance analysis
• D.  Open-source licensing review