Top 2025 Practice Questions for Nursing, Science, Psychology & Secure Software Design

Top 2025 Practice Questions for Nursing, Science, Psychology & Secure Software Design

Get ready to ace your exams with this all-in-one collection of realistic practice questions covering nursing fundamentals, anatomy & physiology, biology, chemistry, psychology, statistics, and secure software development. Whether you’re preparing for NCLEX-style exams, tackling genetics problems, understanding the functions of organelles like mitochondria, or reviewing the OWASP SAMM model for secure coding, these questions help build confidence and boost accuracy. You’ll answer high-quality items about hormonal regulation (like parathyroid and prolactin), ATP production, blood flow pathways, RNA structure, macromolecules, and enzyme activity. Also included are key concepts in social sciences, such as Freudian therapy, Quora and Instagram marketing, and chatbot automation. This set is perfect for nursing students, pre-med majors, and software security learners looking for exam help, local SEO strategies, and digital marketing practice. For 24/7 academic support, proctored exam assistance, and more, visit ExamSharks.com today!

10. 

11. 

12. 

Mobile 

Optimization 

Content Localization 

Local Citations 

Geotagging 

Content Localization 

Google Analytics 

Define the Following 

Terms 

Longtay Keywords 

Evaluation 12-Blogging for Local SEO 

Explanation 

2. 

Title Tag 

On-Page SED 

Internal Linking 

Mela Description 

Schema 

Markup 

CONTEXT EXE 

Evaluation 11Instagram and Quora n 

12. 

Quora SEO 

13 

Quora Ads 

14. 

Quora Partner Program 

15. 

Quora Credentials 

Instagram 

Insights 

Evaluation 11-Instagram and Quora marketing 

Quora 

Quora Profile 

Quora Spaces 

10. 

Quora Digest 

11. 

Upvotes 

Define the Following Terms 

Hashtags 

Explanation 

Define the Following Terms 

Hashtags 

Engagement Rate 

Engagement 

Rate 

Influencer Marketing 

Influencer Marketing 

Instagram 

Stories 

Instagram Ads 

Instagram 

Stories 

Instagram 

Ads 

12. 

14- 

15. 

30. 

Chatbot 

Scripting 

Multi Language Support 

Customer 

Segmentation 

“Tead 

Nurturing 

Chathol Widget 

Automated 

Drip Campaigns 

Chatbot Retention 

Chatbot Funnel 

Chatbot Landing Page 

5. 

3. 

cine The 

Terms 

Coperational Marketing 

Evaluation 10-Chatbot Marketing 

Explanation 

Natural 

anguage Processing (NLP) 

Call-to-Action (CTA) 

Analytics and Reporting 

Omnichannel Marketing 

6. 

A/B Testing 

Willing 

Weine the 

Terms 

Compersational Marketing 

Evaluation 10-Chatbot Marketing 

Explanation 

Natural 

Language Processing (NLP) 

Call-to-Action (CTA) 

Analytics and Reporting 

Omnichannel Marketing 

A/B Testing 

Task 15: Build a Basic Blog Website 

Objective

Create a blog website using WordPress or a simple HTML/CSS template. Expected Outcome

A website with blog posts, a homepage, and an about section. 

Planning Tip

Install WordPress locally or use a free hosting service to get started quickly. 

Task 14: Create a Basic Mobile App 

Objective

Develop a simple mobile app (e.g., a to-do list) using a no-code platform like Thunkable 

or MIT App Inventor. 

Expected Outcome

A functional mobile app with basic features. 

Planning Tip

Use drag-and-drop components to design the app before adding logic. 

Task 13: Set Up a Basic Firewall 

Objective

Configure a firewall on a Windows or Linux system to block specific traffic. Expected Outcome

A working firewall that restricts access to certain ports or IP addresses. 

Planning Tip

Use default firewall tools (e.g., Windows Firewall, UFW on Linux) and test with ping or port scanning. 

Secure Software Design-D487 | WGU St.

Secure Software Design – D487 | WGU Stu X

my.wgu.edu/courses/course/28980013 

WGU Home Courses Degree Plan Success Centers Student Support 

Search 

Take Now 

Objective Assessment:Secure Software Design 

STATUS: Ready to Schedule 

# OF ITEMS: 60 

Attempt 1-3/30/2025 

Attempt 2-4/3/2025 

TIME ALLOTTED: 120 minutes 

CODE: KE01 

Coaching Report 

Not Passed 

Pass 

A score of Competent or Exemplary is required to pass all assessments. Passing a preassessment does not guarantee you will pass the high stakes assessment. 

On third-party assessments, you will be charged a retake fee for a third attempt and every attempt thereafter. For more information, review the Student Handbook. 

42 

63 

Tokunbo Adegun 

Accessibility Policy 

Accessibility Settings 

ab 

12:41 AM 

4/4/2025 

66 

65 

Take Now 

Objective Assessment:Secure Software Design 

STATUS: Ready to Schedule 

# OF ITEMS: 60 

Attempt 1-3/30/2025 

Attempt 2-4/3/2025 

TIME ALLOTTED: 120 minutes 

Coaching Report 

CODE: KE01 

A Not Passed 

Pass 

A score of Competent or Exemplary is required to pass all assessments. Passing a preassessment does not guarantee you will pass the high stakes assessment. 

On third-party assessments, you will be charged a retake fee for a third attempt and every attempt thereafter. For more information, review the Student Handbook. 

The software security group is conducting a maturity assessment using the Open Web Application Security Project Software Assurance Maturity Model (OWASP OpenSAMM). They are currently focused on reviewing design artifacts to ensure they comply with organizational security standards. 

Which OpenSAMM business function is being assessed? 

O Construction 

Governance 

Deployment 

O Verification 

The software security group is conducting a maturity assessment using the Open Web Application Security Project Software Assurance Maturity Model (OWASP OpenSAMM). They are currently focused on reviewing tools and methodologies used to identify and model threats to the environment. 

Which OpenSAMM business function is being assessed? 

Deployment 

Construction 

Governance 

O Verification 

61 

62 

63 

64 

The software security group is conducting a maturity assessment using the Open Web Application Security Project Software Assurance Maturity Model (OWASP OpenSAMM). The group is currently focused on how the organization has handled security training for both technical and nontechnical associates. 

Which OpenSAMM business function is being assessed? 

O Deployment 

Governance 

Construction 

O Verification 

Due to positive publicity from the release of the new software product, leadership has decided that it is in the best interests of the company to become ISO 27001 compliant. ISO 27001 is the leading international standard focused on information security. 

Which security development life cycle deliverable is being described? 

Third-party security review 

Post-release certifications 

Security strategy for M&A products 

External vulnerability disclosure response process 

The chief information security officer (CISO) has recommended contracting with external experts to perform annual reviews of the enterprise’s software products, including penetration testing. 

Which post-release deliverable is being described? 

Third-party security review 

Security strategy for legacy code 

Post-release certifications 

External vulnerability disclosure response process 

After being notified of a vulnerability in the company’s online payment system, the product security incident response team (PSIRT) was unable to recreate the vulnerability in a testing lab. 

What is the response team’s next step? 

Determine the severity of the vulnerability 

Identify resources and schedule the fix 

Notify the reporter that the case is going to be closed 

Determine how the reporter was able to create the vulnerability 

Exam aids 

60 

Using a web-based common vulnerability scoring system (CVSS) calculator, a security response team member performed an assessment on a reported vulnerability in the user authentication component of the company’s new product. The base score of the vulnerability was 8.3 and changed to 9.4 after adjusting temporal and environmental metrics. 

Which rating would CVSS assign this vulnerability? 

59 

58 

57 

Low severity 

High severity 

Critical severity 

Medium severity 

During penetration testing, an analyst was able to create hundreds of user accounts by executing a script that sent individual requests to the register endpoint. 

How should the organization remediate this vulnerability? 

Use a tool like captcha to prevent batched registrations and bots 

Ensure all data is encrypted in transit 

Enforce idle time-outs on session IDs 

Enforce strong password complexity standards 

The product development team is preparing for the production deployment of recent feature enhancements. One morning, they noticed the amount of test data grew exponentially overnight. Most fields were filled with random characters, but some structured query language was discovered. 

Which type of security development lifecycle (SDL) tool was likely being used? 

Dynamic analysis 

Threat model 

Static analysis 

O Fuzzing 

The security team has received notice of an insecure direct object reference vulnerability in a third-party component library that could result in remote code execution. The component library was replaced and is no longer being used within the application. 

How should the organization remediate this vulnerability? 

Access to configuration files is limited to administrators 

Ensure sensitive information is not logged 

Ensure auditing and logging is enabled on all servers 

Enforce the removal of unused dependencies 

56 

Security testers have completed testing and are documenting the results of vulnerability scans and penetration analysis. They are also creating documentation to share with the organization’s largest customers. 

Which deliverable is being prepared? 

Open-source licensing review report 

Remediation report 

Security testing reports 

Customer engagement framework 

55 

55 

A recent security review has identified an aging credential recovery/forgotten password component that emails temporary passwords to users who claim to have forgotten their application password. 

How should the organization remediate this vulnerability? 

Implement role-based authorization 

Implement multifactor authentication 

Ensure all authorization requests are logged 

O Lock a user account after multiple failed authentication attempts 

54 

The final security review determined that two low-risk security issues identified in testing are still outstanding. Developers have assured the security team that both issues can be resolved quickly once they have time to fix them. The security team is confident that developers can fix the flaws in the first post-release patch. 

What is the result of the final security review? 

53 

Passed with exceptions 

Passed 

Not passed and requires escalation 

Not passed but does not require escalation 

The security team is identifying technical resources that will be needed to perform the final product security review. 

Which step of the final product security review process are they in? 

O Assess resource availability 

Identify feature eligibility 

O Evaluate and plan for remediation 

Release and ship 

52 

The security team is reviewing whether changes or open issues exist that would affect requirements for handling personal information documented in earlier phases of the development life cycle. 

Which activity of the Ship SDL phase is being performed? 

Final security review 

Final privacy review 

Vulnerability scan 

Open-source licensing review 

51 

Which secure coding best practice says to only use tested and approved components and use task-specific, built-in APIs to conduct operating system functions? 

Data protection 

General coding practices 

Authentication and password management 

Session management 

50 

A potential threat was discovered during vulnerability testing when an environment configuration file was found that contained the database username and password stored in plain text. 

How should existing security controls be adjusted to prevent this in the future? 

Validate all user input 

Enforce role-based authorization 

Encrypt secrets in storage and transit 

Ensure strong password policies are in effect 

49 

While performing functional testing of the ordering feature in the new product, a tester noticed that the order object was transmitted to the POST endpoint of the API as a human-readable JSON object. 

How should existing security controls be adjusted to prevent this in the future? 

Ensure sensitive transactions can be traced through an audit log Ensure the contents of authentication cookies are encrypted 

Ensure all requests and responses are encrypted 

Ensure passwords are private information is not logged 

46 

48 

45 

Automated security testing was performed by attempting to login to the new product with a known username using a collection of passwords. Access was granted after a few hundred attempts. 

How should existing security controls be adjusted to prevent this in the future? 

O Ensure credentials and authentication tokens are encrypted during transit Ensure passwords are encrypted when stored in persistent data stores 

O Ensure authentication controls are resistant to brute force attacks 

Ensure strong password policies are enforced 

Question navigation 

Which type of security analysis is performed using automated software tools while an application is running and is most commonly executed during the testing phase of the SDLC? 

O Dynamic analysis 

Static analysis 

Fuzz testing 

Manual code review 

Which type of manual code review technique is being used when the reviewer starts at a function and traces each of its conditional branches to completion? 

45 

Data flow analysis 

O Control flow analysis 

O Threat analysis 

O Risk analysis 

Which type of manual code review 

Data flow analysis 

Control flow analysis 

Threat analysis 

44 

44 

Which design and development deliverable contains the results of each type of evaluation that was performed and the type and number of vulnerabilities discovered? 

Security testing reports 

Security test execution report 

Remediation report 

Privacy compliance report 

Which design and development deliverable contains the results of each type of evaluation that was performed and the type and discovered? 

O Security testing reports 

O Security test execution report 

O Remediation report 

Privacy compliance report 

43 

Which type of security analysis is limited by the fact that a significant time investment of a highly skilled team member is required? 

43 

Fuzz testing 

O Static code analysis 

Manual code review 

Dynamic code analysis 

Which type of security analysis is limited by the fact that a signi 

Fuzz testing 

Static code analysis 

Manual code review 

Dynamic code analysis 

42 

Which design and development deliverable contains the types of evaluations that were performed, how many times they were performed, and how many times they were re-evaluated? 

Privacy compliance report 

Remediation report 

Security testing reports 

Security test execution report 

41 

Which type of security analysis is performed by reviewing source code line-by-line after all other security analysis techniques have been executed? 

40 

39 

Manual code review 

Static analysis 

Dynamic analysis 

Fuzz testing 

The software security team is using an automation tool that generates random data to input into every field in the new product and track results. 

Which security testing technique is being used? 

O Byte code analysis 

Fuzz testing 

Binary code analysis 

O Black-box debugging 

The software security team is performing security testing on a new software product using a testing tool that scans the running application for known exploit signatures. 

Which security testing technique is being used? 

Property-based testing 

Source-code analysis 

Penetration testing 

Automated vulnerability scanning 

38 

The software security team prepared a report of necessary coding and architecture changes identified during the security assessment. 

Which design and development deliverable did the team prepare? 

37 

Updated threat modeling artifacts 

Privacy implementation assessment results 

Security test plans 

O Design security review 

The security software team has cloned the source code repository of the new software product so they can perform vulnerability testing by modifying or adding small snippets of code to see if they can cause unexpected behavior and application failure. 

Which security testing technique is being used? 

Fuzz testing 

Binary fault injection 

Dynamic code analysis 

Source-code fault injection 

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *