D487 SECURE SOFTWARE DESIGN
CERTIFICATION EVALUATION TEST 2026
QUESTIONS AND ANSWERS GUARANTEED TO
PASS
◉ Which person is responsible for designing, planning, and
implementing secure coding practices and security testing
methodologies? Answer: Software security architect
◉ A company is preparing to add a new feature to its flagship
software product. The new feature is similar to features that have
been added in previous years, and the requirements are well-
documented. The project is expected to last three to four months, at
which time the new feature will be released to customers. Project
team members will focus solely on the new feature until the project
ends. Which software development methodology is being used?
Answer: Waterfall
◉ A new product will require an administration section for a small
number of users. Normal users will be able to view limited customer
information and should not see admin functionality within the
application. Which concept is being used? Answer: Principle of least
privilege
, ◉ The scrum team is attending their morning meeting, which is
scheduled at the beginning of the work day. Each team member
reports what they accomplished yesterday, what they plan to
accomplish today, and if they have any impediments that may cause
them to miss their delivery deadline. Which scrum ceremony is the
team participating in? Answer: Daily Scrum
◉ What is a list of information security vulnerabilities that aims to
provide names for publicly known problems? Answer: Common
computer vulnerabilities and exposures (CVE)
◉ Which secure coding best practice uses well-tested, publicly
available algorithms to hide product data from unauthorized access?
Answer: Cryptographic practices
◉ Which secure coding best practice uses well-tested, publicly
available algorithms to hide product data from unauthorized access?
Answer: Cryptographic practices
◉ Which secure coding best practice ensures servers, frameworks,
and system components are all running the latest approved
versions? Answer: System configuration
◉ Which secure coding best practice says to use parameterized
queries, encrypted connection strings stored in separate
CERTIFICATION EVALUATION TEST 2026
QUESTIONS AND ANSWERS GUARANTEED TO
PASS
◉ Which person is responsible for designing, planning, and
implementing secure coding practices and security testing
methodologies? Answer: Software security architect
◉ A company is preparing to add a new feature to its flagship
software product. The new feature is similar to features that have
been added in previous years, and the requirements are well-
documented. The project is expected to last three to four months, at
which time the new feature will be released to customers. Project
team members will focus solely on the new feature until the project
ends. Which software development methodology is being used?
Answer: Waterfall
◉ A new product will require an administration section for a small
number of users. Normal users will be able to view limited customer
information and should not see admin functionality within the
application. Which concept is being used? Answer: Principle of least
privilege
, ◉ The scrum team is attending their morning meeting, which is
scheduled at the beginning of the work day. Each team member
reports what they accomplished yesterday, what they plan to
accomplish today, and if they have any impediments that may cause
them to miss their delivery deadline. Which scrum ceremony is the
team participating in? Answer: Daily Scrum
◉ What is a list of information security vulnerabilities that aims to
provide names for publicly known problems? Answer: Common
computer vulnerabilities and exposures (CVE)
◉ Which secure coding best practice uses well-tested, publicly
available algorithms to hide product data from unauthorized access?
Answer: Cryptographic practices
◉ Which secure coding best practice uses well-tested, publicly
available algorithms to hide product data from unauthorized access?
Answer: Cryptographic practices
◉ Which secure coding best practice ensures servers, frameworks,
and system components are all running the latest approved
versions? Answer: System configuration
◉ Which secure coding best practice says to use parameterized
queries, encrypted connection strings stored in separate
