WGU D487 SECURE SOFTWARE DESIGN
EXAM 2026 COMPREHENSIVE REVIEW PACK
VERIFIED QUESTIONS AND ANSWERS A+
◉ What ensures that the user has the appropriate role and privilege to
view data? Answer: Authorization
◉ Which security goal is defined by "guarding against improper
information modification or destruction and ensuring information non-
repudiation and authenticity"? Answer: Integrity
◉ Which phase in an SDLC helps to define the problem and scope of
any existing systems and determine the objectives of new systems?
Answer: Planning
◉ What happens during a dynamic code review? Answer: Programmers
monitor system memory, functional behavior, response times, and
overall performance.
◉ How should you store your application user credentials in your
application database? Answer: Store credentials using salted hashes
◉ Which software methodology resembles an assembly-line approach?
Answer: Waterfall model
,◉ Which software methodology approach provides faster time to market
and higher business value? Answer: Agile model
◉ In Scrum methodology, who is responsible for making decisions on
the requirements? Answer: Product Owner
◉ What is the product risk profile? Answer: A security assessment
deliverable that estimates the actual cost of the product
◉ A software security team member has been tasked with creating a
deliverable that provides details on where and to what degree sensitive
customer information is collected, stored, or created within a new
product offering.
What does the team member need to deliver in order to meet the
objective? Answer: Privacy impact assessment
◉ A software security team member has been tasked with creating a
threat model for the login process of a new product.What is the first step
the team member should take? Answer: Identify security objectives
◉ What are three parts of the STRIDE methodology? Answer: Spoofing,
Elevation, Tampering
, ◉ What is the reason software security teams host discovery meetings
with stakeholders early in the development life cycle? Answer: To
ensure that security is built into the product from the start
◉ Why should a security team provide documented certification
requirements during the software assessment phase? Answer: Depending
on the environment in which the product resides, certifications may be
required by corporate or government entities before the software can be
released to customers.
◉ What are two items that should be included in the privacy impact
assessment plan regardless of which methodology is used? Answer:
Required process steps & Technologies and techniques
◉ What are the goals of each SDL deliverable? - Product Risk Profile
Answer: Estimate the actual cost of the product
◉ What are the goals of each SDL deliverable? -SDL project outline
Answer: Map security activities to the development schedule
◉ What are the goals of each SDL deliverable? - Threat profile Answer:
Guide security activities to protect the product from vulnerabilities
◉ What are the goals of each SDL deliverable? -List of third-party
software Answer: Identify the dependence on unmanaged software
EXAM 2026 COMPREHENSIVE REVIEW PACK
VERIFIED QUESTIONS AND ANSWERS A+
◉ What ensures that the user has the appropriate role and privilege to
view data? Answer: Authorization
◉ Which security goal is defined by "guarding against improper
information modification or destruction and ensuring information non-
repudiation and authenticity"? Answer: Integrity
◉ Which phase in an SDLC helps to define the problem and scope of
any existing systems and determine the objectives of new systems?
Answer: Planning
◉ What happens during a dynamic code review? Answer: Programmers
monitor system memory, functional behavior, response times, and
overall performance.
◉ How should you store your application user credentials in your
application database? Answer: Store credentials using salted hashes
◉ Which software methodology resembles an assembly-line approach?
Answer: Waterfall model
,◉ Which software methodology approach provides faster time to market
and higher business value? Answer: Agile model
◉ In Scrum methodology, who is responsible for making decisions on
the requirements? Answer: Product Owner
◉ What is the product risk profile? Answer: A security assessment
deliverable that estimates the actual cost of the product
◉ A software security team member has been tasked with creating a
deliverable that provides details on where and to what degree sensitive
customer information is collected, stored, or created within a new
product offering.
What does the team member need to deliver in order to meet the
objective? Answer: Privacy impact assessment
◉ A software security team member has been tasked with creating a
threat model for the login process of a new product.What is the first step
the team member should take? Answer: Identify security objectives
◉ What are three parts of the STRIDE methodology? Answer: Spoofing,
Elevation, Tampering
, ◉ What is the reason software security teams host discovery meetings
with stakeholders early in the development life cycle? Answer: To
ensure that security is built into the product from the start
◉ Why should a security team provide documented certification
requirements during the software assessment phase? Answer: Depending
on the environment in which the product resides, certifications may be
required by corporate or government entities before the software can be
released to customers.
◉ What are two items that should be included in the privacy impact
assessment plan regardless of which methodology is used? Answer:
Required process steps & Technologies and techniques
◉ What are the goals of each SDL deliverable? - Product Risk Profile
Answer: Estimate the actual cost of the product
◉ What are the goals of each SDL deliverable? -SDL project outline
Answer: Map security activities to the development schedule
◉ What are the goals of each SDL deliverable? - Threat profile Answer:
Guide security activities to protect the product from vulnerabilities
◉ What are the goals of each SDL deliverable? -List of third-party
software Answer: Identify the dependence on unmanaged software
