WGU D487 SECURE SOFTWARE DESIGN
EXAM QUESTIONS WITH 100% CORRECT
AND VERIFIED ANSWERS
100%
Correct 58
Incorrect 00
Your answers
1 of 58
Term
Which post-release support activity defines the process to
communicate, identify, and alleviate security threats?
PRSA3: Post-release certifications
PRSA1: External vulnerability disclosure response
PRSA4: Internal review for new product combinations or
cloud deployments
PRSA2: Third-party reviews
Give this one a try later!
Effective threat modeling
Effective threat modeling allows the developer the ability to identify
,threats such as spoofing, tampering, repudiation, information
disclosure, denial of service,
and elevation of privilege as part of the threat model.
, SDL cycle for any architectural changes or code reuses
Any architectural change, code change, or code/component
reuse should trigger SDL activities.
External vulnerability disclosure response
The external vulnerability disclosure response (PRSA1) defines
processes to evaluate and mitigate security vulnerabilities
discovered after release. It also details how the organization will
communicate to customers.
PRSA1: External vulnerability disclosure response
The external vulnerability disclosure response (PRSA1) defines
processes to evaluate and mitigate security vulnerabilities
discovered post-release. It
also details how the organization will communicate to customers.
Don't know?
2 of 58
Term
How can you establish your own SDL to build security into a
process appropriate for your organization's needs based on
the given
environments?
-Continuous integration and continuous deployment
-API invocation processes
-Iterative development
-Enables and improves business activities
Question 7a:
Agile
, Question 7b:
DevOps
Question 7c:
Cloud
Question 7d:
Digital enterprise
Give this one a try later!
Survey the application
Decompose the
application
"Survey the application" is correct. Surveying the application is a way to
gain knowledge of how the product works by reading product
documentation and interviewing the development team.
"Decompose the application" is correct. Decomposing the
application can be done by doing a deep dive into the code and
understanding how it works
behind the scenes.
SonarQube
This tool systematically helps to deliver clean code by analyzing 30+
programming languages and integrates with the continuous
integration pipeline and DevOps platform.
Jenkins
This tool enables developers around the world to reliably build, test,
and deploy their software.
JIRA
This tool is developed by Atlassian and allows bug tracking and agile
project management.
Dynatrace
EXAM QUESTIONS WITH 100% CORRECT
AND VERIFIED ANSWERS
100%
Correct 58
Incorrect 00
Your answers
1 of 58
Term
Which post-release support activity defines the process to
communicate, identify, and alleviate security threats?
PRSA3: Post-release certifications
PRSA1: External vulnerability disclosure response
PRSA4: Internal review for new product combinations or
cloud deployments
PRSA2: Third-party reviews
Give this one a try later!
Effective threat modeling
Effective threat modeling allows the developer the ability to identify
,threats such as spoofing, tampering, repudiation, information
disclosure, denial of service,
and elevation of privilege as part of the threat model.
, SDL cycle for any architectural changes or code reuses
Any architectural change, code change, or code/component
reuse should trigger SDL activities.
External vulnerability disclosure response
The external vulnerability disclosure response (PRSA1) defines
processes to evaluate and mitigate security vulnerabilities
discovered after release. It also details how the organization will
communicate to customers.
PRSA1: External vulnerability disclosure response
The external vulnerability disclosure response (PRSA1) defines
processes to evaluate and mitigate security vulnerabilities
discovered post-release. It
also details how the organization will communicate to customers.
Don't know?
2 of 58
Term
How can you establish your own SDL to build security into a
process appropriate for your organization's needs based on
the given
environments?
-Continuous integration and continuous deployment
-API invocation processes
-Iterative development
-Enables and improves business activities
Question 7a:
Agile
, Question 7b:
DevOps
Question 7c:
Cloud
Question 7d:
Digital enterprise
Give this one a try later!
Survey the application
Decompose the
application
"Survey the application" is correct. Surveying the application is a way to
gain knowledge of how the product works by reading product
documentation and interviewing the development team.
"Decompose the application" is correct. Decomposing the
application can be done by doing a deep dive into the code and
understanding how it works
behind the scenes.
SonarQube
This tool systematically helps to deliver clean code by analyzing 30+
programming languages and integrates with the continuous
integration pipeline and DevOps platform.
Jenkins
This tool enables developers around the world to reliably build, test,
and deploy their software.
JIRA
This tool is developed by Atlassian and allows bug tracking and agile
project management.
Dynatrace
