The product security incident response team (PSIRT) has decided to make a formal public disclosure, including base and temporal common vulnerability scoring system (CVSS) scores and a common vulnerabilities and exposures (CVE) ID report, of an externally discovered vulnerability. What is the most likely reason for making a public disclosure?
A. The potential for increased public awareness of a vulnerability is probable, which could lead to higher risk for customers.The organization has contracted with an outside firm to simulate an attack on the new software product and report findings and remediation recommendations. Which activity of the Ship SDL phase is being performed?
A. Penetration testingA security tool scans source code to identify insecure function calls without executing the application. Which type of analysis is this?
A. Dynamic analysisWhat is the privacy impact rating of an application that stores personally identifiable information, monitors users with ongoing transfers of anonymous data, and changes settings without notifying the user?
A. P1 high privacy riskWhich mitigation technique is used to fight against an identity spoofing threat?
A. Require user authorizationAn application enforces that users can only access resources explicitly assigned to their role. Which security principle is being implemented?
A. Defense in depthA software security team recently completed an internal assessment of the company's security assurance program. The team delivered a set of scorecards to leadership along with proposed changes designed to improve low-scoring governance, development, and deployment functions. Which software security maturity model did the team use?
A. Building Security In Maturity Model (BSIMM)Which secure software design principle assumes attackers have the source code and specifications of the product?
A. Open DesignThe software security team has been tasked with assessing a document management application that has been in use for many years and developing a plan to ensure it complies with organizational policies. Which post-release deliverable is being described?
A. Security strategy tor MandA productsWhat is a countermeasure to the web application security frame (ASF) authentication threat category?
A. Role-based access controls restrict accessNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only WGU University exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your WGU-KEO1 exam preparations and WGU University certification application, do not hesitate to visit our Vcedump.com to find your solutions here.