Exam Secure-Software-Design Topic 1 Question 82 Discussion

Actual exam question for WGU's Secure-Software-Design exam
Question #: 82
Topic #: 1

While performing functional testing of the new product from a shared machine, a QA analyst closed their browser window but did not logout of the application. A different QA analyst accessed the application an hour later and was not prompted to login. They then noticed the previous analyst was still logged into the application.
How should existing security controls be adjusted to prevent this in the future?

A. Ensure no sensitive information is stored in plain text in cookies B. Ensure user sessions timeout after short intervals C. Ensure role-based access control is enforced for access to all resources D. Ensure strong password policies are enforced

Suggested Answer: B Vote an answer

The issue described involves a session management vulnerability where the user's session remains active even after the browser window is closed, allowing another user on the same machine to access the application without logging in. To prevent this security risk, it's essential to adjust the session management controls to include an automatic timeout feature. This means that after a period of inactivity, or when the browser window is closed, the session should automatically expire, requiring a new login to access the application.
This adjustment ensures that even if a user forgets to log out, their session won't remain active indefinitely, reducing the risk of unauthorized access.
:
Secure SDLC practices emphasize the importance of security at every stage of the software development life cycle, including the implementation of proper session management controls12.
Best practices for access control in security highlight the significance of managing session timeouts to prevent unauthorized access3.
Industry standards and guidelines often recommend session timeouts as a critical security control to protect against unauthorized access4.

by Oliver at Oct 14, 2025, 11:23 AM

Limited Time Offer

15%

Off

Get Premium Secure-Software-Design Questions as Interactive Self Test Engine or PDF

Comments

Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.

RECENT DISCUSSIONS

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Disclaimer:
Actual4test doesn't offer Real SANS and GIAC Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
Actual4test material do not contain actual actual Oracle Exam Questions or material.
Actual4test doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
Actual4test Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Actual4test does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4test does not own or claim any ownership on any of the brands.