Free WGU Secure-Software-Design Exam Questions

Which software-testing technique can be automated or semi-automated and provides invalid, unexpected, or random data to the inputs of a computer software program?

Using a web-based common vulnerability scoring system (CVSS) calculator, a security response teammember performed an assessment on a reported vulnerability in the company's claims intake component. Thebase score of the vulnerability was 3.5 and changed to 5.9 after adjusting temporal and environmental metrics.Which rating would CVSS assign this vulnerability?

Which step in the change management process includes modifying the source code? 

Which secure coding best practice says to assume all incoming data should be considered untrusted and should be validated to ensure the system only accepts valid data?

The security team has received notice of an insecure direct object reference vulnerability in a third-party component library that could result in remote code execution. The component library was replaced and is no longer being used within the application. How should the organization remediate this vulnerability?