WGU D487 SECURE SOFTWARE DESIGN
EXAM 2026 COMPLETE STUDY GUIDE FULL
SOLUTIONS VERIFIED A+
◉ Which post-release support activity defines the process to
communicate, identify, and alleviate security threats? Answer: PRSA1:
External vulnerability disclosure response
◉ What are two core practice areas of the OWASP Security Assurance
Maturity Model (OpenSAMM)? Answer: Governance, Construction
◉ Which practice in the Ship (A5) phase of the security development
cycle uses tools to identify weaknesses in the product? Answer:
Vulnerability scan
◉ Which post-release support activity should be completed when
companies are joining together? Answer: Security architectural reviews
◉ Which of the Ship (A5) deliverables of the security development
cycle are performed during the A5 policy compliance analysis? Answer:
Analyze activities and standards
◉ Which of the Ship (A5) deliverables of the security development
cycle are performed during the code-assisted penetration testing?
Answer: white-box security test
,◉ Which of the Ship (A5) deliverables of the security development
cycle are performed during the open-source licensing review? Answer:
license compliance
◉ Which of the Ship (A5) deliverables of the security development
cycle are performed during the final security review? Answer: Release
and ship
◉ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on agile? Answer:
iterative development
◉ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on devops? Answer:
continuous integration and continuous deployments
◉ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on cloud? Answer: API
invocation processes
◉ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on digital enterprise?
Answer: enables and improves business activities
, ◉ Which phase of penetration testing allows for remediation to be
performed? Answer: Deploy
◉ Which key deliverable occurs during post-release support? Answer:
third-party reviews
◉ Which business function of OpenSAMM is associated with
governance? Answer: Policy and compliance
◉ Which business function of OpenSAMM is associated with
construction? Answer: Threat assessment
◉ Which business function of OpenSAMM is associated with
verification? Answer: Code review
◉ Which business function of OpenSAMM is associated with
deployment? Answer: Vulnerability management
◉ What is the product risk profile? Answer: A security assessment
deliverable that estimates the actual cost of the product.
◉ A software security team member has been tasked with creating a
deliverable that provides details on where and to what degree sensitive
customer information is collected, stored, or created within a new
EXAM 2026 COMPLETE STUDY GUIDE FULL
SOLUTIONS VERIFIED A+
◉ Which post-release support activity defines the process to
communicate, identify, and alleviate security threats? Answer: PRSA1:
External vulnerability disclosure response
◉ What are two core practice areas of the OWASP Security Assurance
Maturity Model (OpenSAMM)? Answer: Governance, Construction
◉ Which practice in the Ship (A5) phase of the security development
cycle uses tools to identify weaknesses in the product? Answer:
Vulnerability scan
◉ Which post-release support activity should be completed when
companies are joining together? Answer: Security architectural reviews
◉ Which of the Ship (A5) deliverables of the security development
cycle are performed during the A5 policy compliance analysis? Answer:
Analyze activities and standards
◉ Which of the Ship (A5) deliverables of the security development
cycle are performed during the code-assisted penetration testing?
Answer: white-box security test
,◉ Which of the Ship (A5) deliverables of the security development
cycle are performed during the open-source licensing review? Answer:
license compliance
◉ Which of the Ship (A5) deliverables of the security development
cycle are performed during the final security review? Answer: Release
and ship
◉ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on agile? Answer:
iterative development
◉ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on devops? Answer:
continuous integration and continuous deployments
◉ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on cloud? Answer: API
invocation processes
◉ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on digital enterprise?
Answer: enables and improves business activities
, ◉ Which phase of penetration testing allows for remediation to be
performed? Answer: Deploy
◉ Which key deliverable occurs during post-release support? Answer:
third-party reviews
◉ Which business function of OpenSAMM is associated with
governance? Answer: Policy and compliance
◉ Which business function of OpenSAMM is associated with
construction? Answer: Threat assessment
◉ Which business function of OpenSAMM is associated with
verification? Answer: Code review
◉ Which business function of OpenSAMM is associated with
deployment? Answer: Vulnerability management
◉ What is the product risk profile? Answer: A security assessment
deliverable that estimates the actual cost of the product.
◉ A software security team member has been tasked with creating a
deliverable that provides details on where and to what degree sensitive
customer information is collected, stored, or created within a new
