WGU D487 SECURE SW DESIGN EXAM
ACTUAL EXAM (VERSION A AND B)
COMPLETE SOUTIONS 2026 100% ACCURATE
EXAM
Which design and development deliverable details the progress of personal information
requirements created in earlier phases of the security development lifecycle?
-Privacy compliance report
-Security testing reports
-Remediation report
-Security test execution report - ANSWER--Privacy compliance report
Which design and development deliverable contains technical and executive level reports detailing
any newly identified vulnerabilities?
-Updated threat modeling artifacts
-Privacy implementation assessment results
-Security test plans
-Design security review - ANSWER--Updated threat modeling artifacts
,Which programming language is highly susceptible to buffer overflow vulnerabilities?
-C++
-Javascript
-C#
-Java - ANSWER--C++
What is the first step of the SDLC/SDL code review process?
-Identify security code review objectives
-Perform preliminary scan
-Review code for security issues
-Review for security issues unique to the architecture - ANSWER--Identify security code review
objectives
Which type of software testing is being performed when an analyst executes a series of test cases
based on application requirements?
-Unit testing
-Regression testing
-Integration testing
-Functional testing - ANSWER--Functional testing
A security tester changed the application URL from www.app.com/account?id='3' to
www.app.com/account?id='3 or 1=1', which returned a collection of account information. Database
logs showed that the query that was executed was SELECT * FROM ACCOUNTS WHERE accountId=3
or 1=1. How should existing security controls be adjusted to prevent this in the future?
-Ensure server-side queries are parameterized
-Ensure all requests and responses are encrypted
-Ensure sensitive transactions can be traced through a audit log
-Ensure database service accounts do not have administrative access - ANSWER--Ensure
serverside queries are parameterized
, The enterprise security team discovered a vulnerability in a third-party logging tool that could allow
unauthorized access to application logs. The vulnerability is fixed in a new release of the third-party
product. How should existing security controls be adjusted to prevent this in the future?
-Ensure third party libraries are kept up to date and reviewed consistently
-Ensure passwords and private information are not logged
-Ensure log files provide audit trails for sensitive transactions
-Ensure auditing and logging are enabled on all servers - ANSWER--Ensure third party libraries are
kept up to date and reviewed consistently
A potential threat was discovered during functional testing of a file upload component when a QA
analyst was allowed to upload a shell script. Users should only be allowed to upload image files. How
should existing security controls be adjusted to prevent this in the future?
-Validate all user input
-Enforce role-based authorization
-Ensure all data is encrypted in transit
-Force users to re-authenticate when accessing critical functionality - ANSWER--Validate all user
input
An organizational security review discovered multiple database instances that were installed using
publicly available default settings, including security and access. How should the organization
remediate this vulnerability?
-Ensure default accounts and passwords are disabled or removed
-Ensure auditing and logging is enabled on all servers
-Ensure access to configuration files is limited to administrators
-Ensure servers are configured to return as little information as possible to network requests -
ANSWER--Ensure default accounts and passwords are disabled or removed
During penetration testing, an analyst discovered a DOM-based (document object model) cross-site
scripting vulnerability within the applications search bar that could allow an attacker to insert
malicious code. How should the organization remediate this vulnerability?
-Enforce encoding of special characters
-Ensure all data is encrypted in transit
ACTUAL EXAM (VERSION A AND B)
COMPLETE SOUTIONS 2026 100% ACCURATE
EXAM
Which design and development deliverable details the progress of personal information
requirements created in earlier phases of the security development lifecycle?
-Privacy compliance report
-Security testing reports
-Remediation report
-Security test execution report - ANSWER--Privacy compliance report
Which design and development deliverable contains technical and executive level reports detailing
any newly identified vulnerabilities?
-Updated threat modeling artifacts
-Privacy implementation assessment results
-Security test plans
-Design security review - ANSWER--Updated threat modeling artifacts
,Which programming language is highly susceptible to buffer overflow vulnerabilities?
-C++
-Javascript
-C#
-Java - ANSWER--C++
What is the first step of the SDLC/SDL code review process?
-Identify security code review objectives
-Perform preliminary scan
-Review code for security issues
-Review for security issues unique to the architecture - ANSWER--Identify security code review
objectives
Which type of software testing is being performed when an analyst executes a series of test cases
based on application requirements?
-Unit testing
-Regression testing
-Integration testing
-Functional testing - ANSWER--Functional testing
A security tester changed the application URL from www.app.com/account?id='3' to
www.app.com/account?id='3 or 1=1', which returned a collection of account information. Database
logs showed that the query that was executed was SELECT * FROM ACCOUNTS WHERE accountId=3
or 1=1. How should existing security controls be adjusted to prevent this in the future?
-Ensure server-side queries are parameterized
-Ensure all requests and responses are encrypted
-Ensure sensitive transactions can be traced through a audit log
-Ensure database service accounts do not have administrative access - ANSWER--Ensure
serverside queries are parameterized
, The enterprise security team discovered a vulnerability in a third-party logging tool that could allow
unauthorized access to application logs. The vulnerability is fixed in a new release of the third-party
product. How should existing security controls be adjusted to prevent this in the future?
-Ensure third party libraries are kept up to date and reviewed consistently
-Ensure passwords and private information are not logged
-Ensure log files provide audit trails for sensitive transactions
-Ensure auditing and logging are enabled on all servers - ANSWER--Ensure third party libraries are
kept up to date and reviewed consistently
A potential threat was discovered during functional testing of a file upload component when a QA
analyst was allowed to upload a shell script. Users should only be allowed to upload image files. How
should existing security controls be adjusted to prevent this in the future?
-Validate all user input
-Enforce role-based authorization
-Ensure all data is encrypted in transit
-Force users to re-authenticate when accessing critical functionality - ANSWER--Validate all user
input
An organizational security review discovered multiple database instances that were installed using
publicly available default settings, including security and access. How should the organization
remediate this vulnerability?
-Ensure default accounts and passwords are disabled or removed
-Ensure auditing and logging is enabled on all servers
-Ensure access to configuration files is limited to administrators
-Ensure servers are configured to return as little information as possible to network requests -
ANSWER--Ensure default accounts and passwords are disabled or removed
During penetration testing, an analyst discovered a DOM-based (document object model) cross-site
scripting vulnerability within the applications search bar that could allow an attacker to insert
malicious code. How should the organization remediate this vulnerability?
-Enforce encoding of special characters
-Ensure all data is encrypted in transit
