WGU Secure-Software-Design WGU Secure Software Design (D487, KEO1) Exam Exam Practice Test

The practice described is Code review, which is a part of secure software development best practices. Code reviews are conducted to ensure that the code adheres to accepted coding patterns and meets the team’s quality standards. This process involves the examination of source code by a person or a group other than the author to identify bugs, security vulnerabilities, and ensure compliance with coding standards.

Comprehensive and Detailed Explanation From Exact Extract:

CVSS scores are classified into severity levels based on numeric ranges. A base score of 9.9 falls within the Critical range (9.0–10.0), but after adjustment for temporal and environmental metrics, the score is 8.0, which falls into the High severity category (7.0–8.9). Therefore, the final rating assigned is High severity. Medium severity corresponds to scores between 4.0 and 6.9, and low severity is below 4.0. This scoring methodology is defined by the FIRST Common Vulnerability Scoring System v3.1 Specification which guides how scores are adjusted to reflect real-world risk contexts.

Penetration testing is an activity where a simulated attack is performed on a software product to identify vulnerabilities that could be exploited by attackers. It is a proactive and authorized attempt to evaluate the security of an IT infrastructure by safely trying to exploit system vulnerabilities, including OS, service and application flaws, improper configurations, and risky end-user behavior. In the context of the Ship phase of the Security Development Lifecycle (SDL), penetration testing is conducted as a final check to uncover any potential security issues that might have been missed during previous phases. This ensures that the software product is robust and secure before it is released.

Comprehensive and Detailed In-Depth Explanation:

ISO/IEC 27001 is an international standard that outlines the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). Achieving ISO 27001 certification demonstrates an organization's commitment to information security and provides assurance to customers and stakeholders that security best practices are in place.

In the context of the software development life cycle (SDLC), post-release certifications refer to obtaining formal certifications, such as ISO 27001, after a product has been developed and released. This process involves a comprehensive assessment of the organization's information security practices to ensure they align with the standards set forth by ISO 27001. The certification process typically includes:

Gap Analysis: Evaluating existing information security measures against ISO 27001 requirements to identify areas needing improvement.

Implementation: Addressing identified gaps by implementing necessary policies, procedures, and controls.

Internal Audit: Conducting internal audits to verify the effectiveness of the ISMS and readiness for external assessment.

External Audit: Engaging an accredited certification body to perform a thorough evaluation, leading to certification if compliance is demonstrated.

By pursuing ISO 27001 certification post-release, the company aims to enhance its security posture, comply with international standards, and build trust with its customer base.

The security testing technique that involves using a testing tool to scan a running application for known exploit signatures is known as Automated Vulnerability Scanning. This method is part of dynamic analysis, which assesses the software in its running state to identify vulnerabilities that could be exploited by attackers. Automated vulnerability scanning tools are designed to detect and report known vulnerabilities by comparing the behavior and outputs of the application against a database of known exploit signatures1.

The issue described involves a PATCH request causing an unhandled server exception because the API does not support this method. The most direct and effective way to prevent such exceptions is to ensure that the API is configured to accept only the supported request methods: GET, POST, PUT, and DELETE. This can be achieved by implementing strict input validation to reject any requests that do not conform to the defined API specifications, including the request method. By doing so, any requests using unsupported methods like PATCH will be immediately rejected, thus preventing the server from reaching an exception state.

ASF Authentication Threats: The Web Application Security Frame (ASF) authentication category encompasses threats related to how users and systems prove their identity to the application. This includes issues like weak passwords, compromised credentials, and inadequate access controls.

Role-Based Access Control (RBAC): RBAC is a well-established security principle that aligns closely with addressing authentication threats. It involves assigning users to roles and granting those roles specific permissions based on the principle of least privilege. This limits the attack surface and reduces the impact of a compromised user account.

Let's analyze the other options:

B. Credentials and tokens are encrypted: While vital for security, encryption primarily protects data at rest or in transit. It doesn't directly address authentication risks like brute-force attacks or weak password management.

C. Cookies have expiration timestamps: Expiring cookies are a good practice, but their primary benefit is session management rather than directly mitigating authentication-specific threats.

D. Sensitive information is scrubbed from error messages: While essential for preventing information leakage, this practice doesn't address the core threats within the ASF authentication category.

The phase being described is the Planning phase of the SDLC. This initial stage involves gathering business requirements and evaluating the feasibility of the project. It’s when the company leadership would typically meet with IT and other stakeholders to share visions for the future, discuss potential revenue streams, and determine the project’s direction before moving forward with development. This phase is crucial for setting the groundwork for all subsequent phases of the SDLC.

After completing vulnerability scans and penetration analysis, security testers document the results to share with stakeholders, such as the organization’s largest customers. The deliverable being prepared in this context is the Security testing reports. These reports typically include detailed findings from the security assessments, explanations of the vulnerabilities discovered, the potential risks they pose, and recommendations for remediation. The purpose of these reports is to provide transparency about the security posture of the software or system and to guide the organization in addressing the identified security issues12. References: 1, 2

https://blog.halosecurity.com/what-really-matters-when-it-comes-to-pentesting-deliverables/

 The principle of running with the least privilege is a fundamental security concept that involves granting users only the permissions they need to perform their tasks and no more. This minimizes the risk of a user gaining access to administrator-level functionality that they are not authorized to use. By limiting the privileges of user accounts to the bare minimum necessary, the potential damage from various attacks, such as privilege escalation, is significantly reduced.

Security change management within the change management process involves ensuring that any changes, including updates or modifications to software, do not introduce new vulnerabilities and are in line with security policies. The question about securing remote administration directly reflects this component because it addresses the security considerations that must be managed when changes are made to how software is accessed and controlled remotely. This includes implementing secure protocols, authentication methods, and monitoring to prevent unauthorized access or breaches, which are crucial when managing changes in a secure manner.

An intercept proxy, also known as a proxy server, sits between a web client (such as a browser) and an external server to filter, monitor, or manipulate the requests and responses passing through it. This can be used for legitimate purposes, such as security testing and user privacy, but it can also be exploited by attackers to alter web traffic in a way that the developer did not intend, potentially leading to security vulnerabilities.

Option D best addresses security change management, here's why:

Focus on Change: The question directly asks about a modification to how remote administration is secured. This aligns with the core goal of security change management, which is to evaluate and control the security implications of changes to systems.

Security-Specific: The question is explicitly concerned with security, not general functionality or requirements.

Practical Aspect: Remote administration access is a frequent target for attackers, making it a common area for security change management scrutiny.

The DKEAD category that has a risk rating based on the threat exploit’s potential level of harm is Damage potential. This category assesses the total damage or impact that a threat could cause if it is exploited by an attacker. The risk rating in this category is determined by evaluating the severity of the potential damage, which could range from information disclosure to complete system destruction or loss of system availability.

The activity described pertains to the review of noncommercial software libraries to ensure compliance with the legal specifications set by the authors. This is part of the open-source licensing review, which is a critical activity in the Ship phase of the Security Development Lifecycle (SDL). This review ensures that all open-source components are used in accordance with their licenses, which is essential for legal and security compliance.

To remediate the vulnerability of servers responding to ping requests with sensitive information, the organization should configure the servers to return as little information as possible to network requests. This practice is known as reducing the attack surface. By limiting the amount of information disclosed, potential attackers have less data to use when attempting to exploit vulnerabilities. Regular updates and patching (Option B) are also important, but they do not address the specific issue of information disclosure. Uninstalling or disabling unnecessary features (Option C) and restricting access to configuration files (Option D) are good security practices, but they do not directly prevent the leakage of server information through ping responses.

Security testing reports are the most likely deliverables to contain detailed records of evaluations, their frequency, and re-evaluations. Here's why:

Purpose of Security Testing Reports: These reports document the results of security testing, including:

Types of tests: Vulnerability scans, penetration tests, code reviews, etc.

Frequency: How often tests were conducted (e.g., per build, per release cycle).

Re-evaluations: If vulnerabilities were discovered, these reports will track whether and how often those were retested after remediation.

Focus on Testing: The question specifically emphasizes evaluations, which aligns with the core content of security testing reports.

A threat profile is a security assessment deliverable that identifies possible security vulnerabilities in a product. It involves a systematic examination of the product to uncover any weaknesses that could potentially be exploited by threats. The process typically includes identifying the assets that need protection, assessing the threats to those assets, and evaluating the vulnerabilities that could be exploited by those threats. This deliverable is crucial for understanding the security posture of a product and for prioritizing remediation efforts.

Fuzz testing is the ideal technique in this scenario. Here's why:

Focus on Integrations: The scenario emphasizes testing links between the software, databases, web servers, and web services. Fuzz testing is specifically designed to find vulnerabilities in how software handles data and communication between components.

Pre-release Testing: The product being close to release indicates a critical need to identify security flaws before public deployment. Fuzz testing is effective in uncovering unexpected behavior and potential vulnerabilities.

Fuzz Testing Targets: Fuzz testing works by injecting invalid or unexpected data into interfaces (like those between databases, web components, etc.) to observe how the software reacts. This helps expose potential security gaps and weaknesses.

The Intelligence domain in the Building Security in Maturity Model (BSIMM) focuses on gathering and using information about software security. This includes understanding the types of attacks that are possible against the software being developed, which is why reviewing attack models falls under this domain. The BSIMM domain of Intelligence involves creating models of potential attacks on software (attack models), analyzing actual attacks that have occurred (attack intelligence), and sharing this information to improve security measures. By reviewing attack models, the software security group is essentially assessing the organization’s ability to anticipate and understand potential security threats, which is a key aspect of the Intelligence domain.

The phase being described is the Deployment phase of the SDLC. This phase involves making the software available for use by customers after it has been developed, tested, and approved for release. It includes the installation of the software in the production environment, ensuring that all features are operational as intended, and obtaining formal approval from leadership to proceed with making the product available to end-users. The deployment phase is critical as it transitions the software from a development setting to a real-world operational environment.

Comprehensive and Detailed In-Depth Explanation:

The scenario described indicates that the system was subjected to inputs containing random data and some structured query language (SQL) statements, leading to an exponential increase in test data. This behavior is characteristic of fuzzing, a testing technique used to identify vulnerabilities by inputting a wide range of random or unexpected data into the system.

Fuzzing aims to discover coding errors and security loopholes by bombarding the application with malformed or unexpected inputs, observing how the system responds. The presence of random characters and SQL statements suggests that the fuzzing tool was testing for vulnerabilities such as SQL injection by injecting various payloads into the system.

This approach is part of the Verification business function in the OWASP SAMM, specifically within the Security Testing practice. Security testing involves evaluating the software to identify vulnerabilities that could be exploited, and fuzzing is a common technique employed in this practice to ensure the robustness and security of the application.

The privacy impact rating for an application that stores personally identifiable information (PII), monitors users with ongoing transfers of anonymous data, and changes settings without notifying the user would be P1 high privacy risk. Storing PII already poses a significant risk due to the potential for data breaches and misuse. Monitoring users and transferring data, even if anonymous, increases the risk as it involves ongoing data collection. Changing settings without user notification is a serious privacy concern because it can lead to unauthorized data processing or sharing, further elevating the risk level.

Bucket requirements are ongoing requirements that do not need to be addressed every sprint but must be completed before project completion. Identifying primary security and privacy contacts is a bucket requirement because it is a one-time, essential task that supports security governance throughout the project lifecycle. Every-sprint requirements (D) are repeated tasks for each sprint, one-time requirements (C) are tasks performed once usually early in the project, and final security review (B) occurs at project end. Agile SDL adaptation recommendations by Microsoft SDL and OWASP emphasize categorizing security tasks to fit iterative delivery, with bucket requirements ensuring important but non-iterative activities are not overlooked.

The phase being described is the Implementation phase of the SDLC. During this phase, the actual development starts, and the product begins to be built. The teams are actively writing code, which is a key activity of the Implementation phase. This phase involves translating the design and specifications into executable code, developing the software’s features, and then integrating the various components into a full-fledged system.