WGU University WGU-KEO1 Online Practice Questions and Exam Preparation

WGU University WGU-KEO1 Online Questions & Answers

• Question 111:

  Features have been developed and fully tested, the production environment has been created, and leadership has approved the release of the new product. Technicians have scheduled a time and date to make the product available to customers. Which phase of the software development lifecycle (SDLC) is being described?

  A. Maintenance
  B. Deployment
  C. End of life
  D. Testing
  B. Deployment

  ---

  The phase being described is the.Deployment.phase of the SDLC. This phase involves making the software available for use by customers after it has been developed, tested, and approved for release. It includes the installation of the software in the production environment, ensuring that all features are operational as intended, and obtaining formal approval from leadership to proceed with making the product available to end-users. The deployment phase is critical as it transitions the software from a

  development setting to a real-world operational environment.

  References:

  SDLC Deployment Phase ?A Step by Step Guide1 Understanding the SDLC: Software Development Lifecycle Explained

• Question 112:

  A security architect is creating a data flow diagram and draws an arrow between two circles. What does the arrow represent?

  A. Data Store
  B. External Entity
  C. Process
  D. Data Flow
  D. Data Flow

• Question 113:

  Which security assessment deliverable identities possible security vulnerabilities in the product?

  A. SDL project outline
  B. Metrics template
  C. Threat profile
  D. List of third-party software
  C. Threat profile

  ---

  A threat profile is a security assessment deliverable that identifies possible security vulnerabilities in a product. It involves a systematic examination of the product to uncover any weaknesses that could potentially be exploited by threats. The process typically includes identifying the assets that need protection, assessing the threats to those assets, and evaluating the vulnerabilities that could be exploited by those threats. This deliverable is crucial for understanding the security posture of a product and for

  prioritizing remediation efforts.

  References: The importance of a threat profile in identifying security vulnerabilities is supported by various security resources.For instance, Future Processing's blog on vulnerability assessments outlines the steps involved in identifying security vulnerabilities, which align with the creation of a threat profile. Additionally, UpGuard's article on conducting vulnerability assessments further emphasizes the role of identifying vulnerabilities as part of the security assessment process.

• Question 114:

  A vulnerability assessment identifies several issues that are documented along with recommended fixes and assigned owners. Which deliverable is MOST likely being produced?

  A. Security test execution report
  B. Remediation report
  C. Privacy compliance report
  D. Metrics template
  B. Remediation report

  ---

  A remediation report documents identified vulnerabilities, recommended corrective actions, and responsibility for resolving issues. Its purpose is to guide developers and stakeholders in fixing security weaknesses discovered during assessments.

• Question 115:

  Which type of security analysis is performed by reviewing source code line-by-line after other security analysis techniques have been executed?

  A. Dynamic Analysis
  B. Static Analysis
  C. Manual Code Review
  D. Fuzz Testing
  C. Manual Code Review

• Question 116:

  A web application displays detailed stack traces and database error messages to users when an exception occurs. Which secure coding control should be improved to reduce this risk?

  A. Authentication
  B. Access control
  C. Error handling and logging
  D. Session management
  C. Error handling and logging

  ---

  Error handling and logging controls ensure that sensitive system information is not exposed through error messages. Applications should return generic error messages to users while logging detailed diagnostic information securely for administrators. Exposing stack traces or database details can aid attackers in understanding system internals.

• Question 117:

  Which secure coding best practice says to use a single application-level authorization component that will lock down the application if it cannot access its configuration information?

  A. Access control
  B. Data protection
  C. Session management
  D. Communication security
  A. Access control

  ---

  The secure coding best practice that recommends using a single application-level authorization component to lock down the application if it cannot access its configuration information is known as.Access Control. This practice is part of a broader set of security measures aimed at ensuring that only authorized users have access to certain functionalities or data within an application. By centralizing the authorization logic, it becomes easier to manage and enforce security policies consistently across the application.If the authorization component cannot retrieve its configuration, it defaults to a secure state, thus preventing unauthorized access.

  References: OWASP Secure Coding Practices - Quick Reference Guide

• Question 118:

  Which category classifies identified threats that have some defenses in place and expose the application to limited exploits?

  A. Fully Mitigated Threat
  B. Unmitigated Threats
  C. Threat Profile
  D. Partially Mitigated Threat
  D. Partially Mitigated Threat

• Question 119:

  Company leadership has discovered an untapped revenue stream within its customer base and wants to meet with IT to share its vision for the future and determine whether to move forward. Which phase of the software development lifecycle (SDLC) is being described?

  A. Implementation
  B. Design
  C. Planning
  D. Requirements
  C. Planning

  ---

  The phase being described is the.Planning.phase of the SDLC. This initial stage involves gathering business requirements and evaluating the feasibility of the project. It's when the company leadership would typically meet with IT and other stakeholders to share visions for the future, discuss potential revenue streams, and determine the project's direction before moving forward with development. This phase is crucial for setting the groundwork for all subsequent phases of the SDLC.

  References:

  The Software Development Life Cycle (SDLC): 7 Phases and 5 Models. What Is the Software Development Life Cycle?.SDLC Explained. Software Development Life Cycle (SDLC) Phases and Models.

• Question 120:

  Which threat modeling approach concentrates on things the organization wants to protect?

  A. Asset-centric
  B. Server-centric
  C. Attacker-centric
  D. Application-centric
  A. Asset-centric

  ---

  The.Asset-centric.approach to threat modeling focuses on identifying and protecting the assets that are most valuable to an organization. This method prioritizes the assets themselves, assessing their sensitivity, value, and the impact on the business should they be compromised. It is a strategic approach that aims to safeguard the confidentiality, integrity, and availability of the organization's key assets.

  References:

  A Review of Asset-Centric Threat Modelling Approaches1.

  Approaches to Threat Modeling - are you getting what you need?2. What Is Threat Modeling?.- CrowdStrike3.