Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

WGU (D487, KEO1) Secure Software Design Exam - Topic 4 Question 9 Discussion

Actual exam question for WGU's WGU (D487, KEO1) Secure Software Design exam
Question #: 9
Topic #: 4
[All WGU (D487, KEO1) Secure Software Design Questions]

The product development team is preparing for the production deployment of recent feature enhancements. One morning, they noticed the amount of test data grew exponentially overnight. Most fields were filled with random characters, but some structured query language was discovered.

Which type of security development lifecycle (SDL) tool was likely being used?

Show Suggested Answer Hide Answer
Suggested Answer: B

Comprehensive and Detailed In-Depth Explanation:

The scenario described indicates that the system was subjected to inputs containing random data and some structured query language (SQL) statements, leading to an exponential increase in test data. This behavior is characteristic of fuzzing, a testing technique used to identify vulnerabilities by inputting a wide range of random or unexpected data into the system.

Fuzzing aims to discover coding errors and security loopholes by bombarding the application with malformed or unexpected inputs, observing how the system responds. The presence of random characters and SQL statements suggests that the fuzzing tool was testing for vulnerabilities such as SQL injection by injecting various payloads into the system.

This approach is part of the Verification business function in the OWASP SAMM, specifically within the Security Testing practice. Security testing involves evaluating the software to identify vulnerabilities that could be exploited, and fuzzing is a common technique employed in this practice to ensure the robustness and security of the application.


OWASP SAMM: Verification - Security Testing

by Tayna at Apr 11, 2026, 02:29 AM

Limited Time Offer

25%

Off

Get Premium WGU (D487, KEO1) Secure Software Design Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Emily
18 days ago
Definitely B) Fuzzing! Makes sense with the random data.
upvoted 0 times
...
Shelton
23 days ago
Sounds like they were using fuzzing to test inputs.
upvoted 0 times
...
Roselle
1 month ago
Static analysis sounds familiar, but I don't think it would generate random data like that. Fuzzing seems more likely based on what we practiced.
upvoted 0 times
...
Helaine
1 month ago
I feel like threat modeling is more about identifying risks beforehand, so it probably isn't the right answer here.
upvoted 0 times
...
Cheryll
2 months ago
I'm not entirely sure, but I think dynamic analysis could also be a possibility since it deals with how the application behaves with inputs.
upvoted 0 times
...
Scot
2 months ago
I remember we discussed fuzzing in class, and it seems like it fits since the data was random and might have been used to test for vulnerabilities.
upvoted 0 times
...

Save Cancel