Get ready to ace your exams with this all-in-one collection of realistic practice questions covering nursing fundamentals, anatomy & physiology, biology, chemistry, psychology, statistics, and secure software development. Whether you’re preparing for NCLEX-style exams, tackling genetics problems, understanding the functions of organelles like mitochondria, or reviewing the OWASP SAMM model for secure coding, these questions help build confidence and boost accuracy. You’ll answer high-quality items about hormonal regulation (like parathyroid and prolactin), ATP production, blood flow pathways, RNA structure, macromolecules, and enzyme activity. Also included are key concepts in social sciences, such as Freudian therapy, Quora and Instagram marketing, and chatbot automation. This set is perfect for nursing students, pre-med majors, and software security learners looking for exam help, local SEO strategies, and digital marketing practice. For 24/7 academic support, proctored exam assistance, and more, visit ExamSharks.com today!
10.
11.
12.
Mobile
Optimization
Content Localization
Local Citations
Geotagging
Content Localization
Google Analytics
5
Define the Following
Terms
Long–tay Keywords
Evaluation 12-Blogging for Local SEO
Explanation
2.
Title Tag
3
On-Page SED
Internal Linking
Mela Description
Schema
Markup
CONTEXT EXE
Evaluation 11–Instagram and Quora n
12.
Quora SEO
13
Quora Ads
14.
Quora Partner Program
15.
Quora Credentials
Insights
Evaluation 11-Instagram and Quora marketing
Quora
Quora Profile
Quora Spaces
10.
Quora Digest
11.
Upvotes
3
Define the Following Terms
Hashtags
Explanation
Define the Following Terms
Hashtags
Engagement Rate
Engagement
Rate
Influencer Marketing
Influencer Marketing
Stories
5
Instagram Ads
Stories
Ads
12.
14-
15.
30.
Chatbot
Scripting
Multi Language Support
Customer
Segmentation
“Tead
Nurturing
Chathol Widget
Automated
Drip Campaigns
Chatbot Retention
Chatbot Funnel
Chatbot Landing Page
5.
3.
cine The
Terms
Coperational Marketing
Evaluation 10-Chatbot Marketing
Explanation
Natural
anguage Processing (NLP)
Call-to-Action (CTA)
Analytics and Reporting
Omnichannel Marketing
6.
A/B Testing
Willing
Weine the
Terms
Compersational Marketing
Evaluation 10-Chatbot Marketing
Explanation
Natural
Language Processing (NLP)
Call-to-Action (CTA)
Analytics and Reporting
Omnichannel Marketing
A/B Testing
Task 15: Build a Basic Blog Website
Objective:
Create a blog website using WordPress or a simple HTML/CSS template. Expected Outcome:
A website with blog posts, a homepage, and an about section.
Planning Tip:
Install WordPress locally or use a free hosting service to get started quickly.
Task 14: Create a Basic Mobile App
Objective:
Develop a simple mobile app (e.g., a to-do list) using a no-code platform like Thunkable
or MIT App Inventor.
Expected Outcome:
A functional mobile app with basic features.
Planning Tip:
Use drag-and-drop components to design the app before adding logic.
Task 13: Set Up a Basic Firewall
Objective:
Configure a firewall on a Windows or Linux system to block specific traffic. Expected Outcome:
A working firewall that restricts access to certain ports or IP addresses.
Planning Tip:
Use default firewall tools (e.g., Windows Firewall, UFW on Linux) and test with ping or port scanning.
Secure Software Design-D487 | WGU St. X
Secure Software Design – D487 | WGU Stu X +
my.wgu.edu/courses/course/28980013
WGU Home Courses Degree Plan Success Centers Student Support
Search
Take Now
Objective Assessment:Secure Software Design
STATUS: Ready to Schedule
# OF ITEMS: 60
Attempt 1-3/30/2025
Attempt 2-4/3/2025
TIME ALLOTTED: 120 minutes
CODE: KE01
Coaching Report
Not Passed
Pass
A score of Competent or Exemplary is required to pass all assessments. Passing a preassessment does not guarantee you will pass the high stakes assessment.
On third-party assessments, you will be charged a retake fee for a third attempt and every attempt thereafter. For more information, review the Student Handbook.
42
63
Tokunbo Adegun
Accessibility Policy
Accessibility Settings
ab
12:41 AM
4/4/2025
66
65
Take Now
Objective Assessment:Secure Software Design
STATUS: Ready to Schedule
# OF ITEMS: 60
Attempt 1-3/30/2025
Attempt 2-4/3/2025
TIME ALLOTTED: 120 minutes
Coaching Report
CODE: KE01
A Not Passed
Pass
A score of Competent or Exemplary is required to pass all assessments. Passing a preassessment does not guarantee you will pass the high stakes assessment.
On third-party assessments, you will be charged a retake fee for a third attempt and every attempt thereafter. For more information, review the Student Handbook.
The software security group is conducting a maturity assessment using the Open Web Application Security Project Software Assurance Maturity Model (OWASP OpenSAMM). They are currently focused on reviewing design artifacts to ensure they comply with organizational security standards.
Which OpenSAMM business function is being assessed?
O Construction
Governance
Deployment
O Verification
The software security group is conducting a maturity assessment using the Open Web Application Security Project Software Assurance Maturity Model (OWASP OpenSAMM). They are currently focused on reviewing tools and methodologies used to identify and model threats to the environment.
Which OpenSAMM business function is being assessed?
Deployment
Construction
Governance
O Verification
61
62
63
64
The software security group is conducting a maturity assessment using the Open Web Application Security Project Software Assurance Maturity Model (OWASP OpenSAMM). The group is currently focused on how the organization has handled security training for both technical and nontechnical associates.
Which OpenSAMM business function is being assessed?
O Deployment
Governance
Construction
O Verification
Due to positive publicity from the release of the new software product, leadership has decided that it is in the best interests of the company to become ISO 27001 compliant. ISO 27001 is the leading international standard focused on information security.
Which security development life cycle deliverable is being described?
Third-party security review
Post-release certifications
Security strategy for M&A products
External vulnerability disclosure response process
The chief information security officer (CISO) has recommended contracting with external experts to perform annual reviews of the enterprise’s software products, including penetration testing.
Which post-release deliverable is being described?
Third-party security review
Security strategy for legacy code
Post-release certifications
External vulnerability disclosure response process
After being notified of a vulnerability in the company’s online payment system, the product security incident response team (PSIRT) was unable to recreate the vulnerability in a testing lab.
What is the response team’s next step?
Determine the severity of the vulnerability
Identify resources and schedule the fix
Notify the reporter that the case is going to be closed
Determine how the reporter was able to create the vulnerability
Exam aids
60
Using a web-based common vulnerability scoring system (CVSS) calculator, a security response team member performed an assessment on a reported vulnerability in the user authentication component of the company’s new product. The base score of the vulnerability was 8.3 and changed to 9.4 after adjusting temporal and environmental metrics.
Which rating would CVSS assign this vulnerability?
59
58
57
Low severity
High severity
Critical severity
Medium severity
During penetration testing, an analyst was able to create hundreds of user accounts by executing a script that sent individual requests to the register endpoint.
How should the organization remediate this vulnerability?
Use a tool like captcha to prevent batched registrations and bots
Ensure all data is encrypted in transit
Enforce idle time-outs on session IDs
Enforce strong password complexity standards
The product development team is preparing for the production deployment of recent feature enhancements. One morning, they noticed the amount of test data grew exponentially overnight. Most fields were filled with random characters, but some structured query language was discovered.
Which type of security development lifecycle (SDL) tool was likely being used?
Dynamic analysis
Threat model
Static analysis
O Fuzzing
The security team has received notice of an insecure direct object reference vulnerability in a third-party component library that could result in remote code execution. The component library was replaced and is no longer being used within the application.
How should the organization remediate this vulnerability?
Access to configuration files is limited to administrators
Ensure sensitive information is not logged
Ensure auditing and logging is enabled on all servers
Enforce the removal of unused dependencies
56
Security testers have completed testing and are documenting the results of vulnerability scans and penetration analysis. They are also creating documentation to share with the organization’s largest customers.
Which deliverable is being prepared?
Open-source licensing review report
Remediation report
Security testing reports
Customer engagement framework
55
55
A recent security review has identified an aging credential recovery/forgotten password component that emails temporary passwords to users who claim to have forgotten their application password.
4
How should the organization remediate this vulnerability?
Implement role-based authorization
Implement multifactor authentication
Ensure all authorization requests are logged
O Lock a user account after multiple failed authentication attempts
54
The final security review determined that two low-risk security issues identified in testing are still outstanding. Developers have assured the security team that both issues can be resolved quickly once they have time to fix them. The security team is confident that developers can fix the flaws in the first post-release patch.
What is the result of the final security review?
53
Passed with exceptions
Passed
Not passed and requires escalation
Not passed but does not require escalation
The security team is identifying technical resources that will be needed to perform the final product security review.
Which step of the final product security review process are they in?
O Assess resource availability
Identify feature eligibility
O Evaluate and plan for remediation
Release and ship
52
The security team is reviewing whether changes or open issues exist that would affect requirements for handling personal information documented in earlier phases of the development life cycle.
Which activity of the Ship SDL phase is being performed?
Final security review
Final privacy review
Vulnerability scan
Open-source licensing review
51
Which secure coding best practice says to only use tested and approved components and use task-specific, built-in APIs to conduct operating system functions?
Data protection
General coding practices
Authentication and password management
Session management
50
A potential threat was discovered during vulnerability testing when an environment configuration file was found that contained the database username and password stored in plain text.
How should existing security controls be adjusted to prevent this in the future?
Validate all user input
Enforce role-based authorization
Encrypt secrets in storage and transit
Ensure strong password policies are in effect
49
While performing functional testing of the ordering feature in the new product, a tester noticed that the order object was transmitted to the POST endpoint of the API as a human-readable JSON object.
How should existing security controls be adjusted to prevent this in the future?
Ensure sensitive transactions can be traced through an audit log Ensure the contents of authentication cookies are encrypted
Ensure all requests and responses are encrypted
Ensure passwords are private information is not logged
46
48
45
Automated security testing was performed by attempting to login to the new product with a known username using a collection of passwords. Access was granted after a few hundred attempts.
How should existing security controls be adjusted to prevent this in the future?
O Ensure credentials and authentication tokens are encrypted during transit Ensure passwords are encrypted when stored in persistent data stores
O Ensure authentication controls are resistant to brute force attacks
Ensure strong password policies are enforced
Question navigation
Which type of security analysis is performed using automated software tools while an application is running and is most commonly executed during the testing phase of the SDLC?
O Dynamic analysis
Static analysis
Fuzz testing
Manual code review
Which type of manual code review technique is being used when the reviewer starts at a function and traces each of its conditional branches to completion?
45
Data flow analysis
O Control flow analysis
O Threat analysis
O Risk analysis
Which type of manual code review
Data flow analysis
Control flow analysis
Threat analysis
44
44
Which design and development deliverable contains the results of each type of evaluation that was performed and the type and number of vulnerabilities discovered?
Security testing reports
Security test execution report
Remediation report
Privacy compliance report
4
Which design and development deliverable contains the results of each type of evaluation that was performed and the type and discovered?
O Security testing reports
O Security test execution report
O Remediation report
Privacy compliance report
43
Which type of security analysis is limited by the fact that a significant time investment of a highly skilled team member is required?
43
Fuzz testing
O Static code analysis
Manual code review
Dynamic code analysis
Which type of security analysis is limited by the fact that a signi
Fuzz testing
Static code analysis
Manual code review
Dynamic code analysis
42
Which design and development deliverable contains the types of evaluations that were performed, how many times they were performed, and how many times they were re-evaluated?
Privacy compliance report
Remediation report
Security testing reports
Security test execution report
41
Which type of security analysis is performed by reviewing source code line-by-line after all other security analysis techniques have been executed?
40
39
Manual code review
Static analysis
Dynamic analysis
Fuzz testing
The software security team is using an automation tool that generates random data to input into every field in the new product and track results.
Which security testing technique is being used?
O Byte code analysis
Fuzz testing
Binary code analysis
O Black-box debugging
The software security team is performing security testing on a new software product using a testing tool that scans the running application for known exploit signatures.
Which security testing technique is being used?
Property-based testing
Source-code analysis
Penetration testing
Automated vulnerability scanning
38
The software security team prepared a report of necessary coding and architecture changes identified during the security assessment.
Which design and development deliverable did the team prepare?
37
Updated threat modeling artifacts
Privacy implementation assessment results
Security test plans
O Design security review
The security software team has cloned the source code repository of the new software product so they can perform vulnerability testing by modifying or adding small snippets of code to see if they can cause unexpected behavior and application failure.
Which security testing technique is being used?
Fuzz testing
Binary fault injection
Dynamic code analysis
Source-code fault injection
