WGU D487 SECURE SW SOFTWARE
DESIGN EXAMINATION ACTUAL EXAM
COMPLETE QUESTIONS AND VERIFIED
SOLUTIONS LATEST UPDATE THIS
YEAR
✅ FULL EXAM COVERAGE — WGU D487 Secure
Software Design
The exam typically evaluates your ability to design,
analyze, and evaluate secure software systems using
modern security principles and frameworks.
🔹 EXAM COVERAGE
SSDLC integration
CIA triad + principles
AuthN/AuthZ (RBAC, OAuth, MFA)
Cryptography basics + hashing
OWASP Top 10 vulnerabilities
Threat modeling (STRIDE, DFDs)
, Secure architecture patterns
Risk management strategies
Security testing methods (SAST, DAST)
DevSecOps practices
Compliance basics
Q1
A development team decides to validate user inputs only
after database submission to improve performance. What
security risk does this introduce?
A. Improved integrity
B. Increased injection vulnerability
C. Better authentication
D. Reduced attack surface
Answer: B
Rationale: Delayed validation allows malicious input to
reach the database, increasing risk of SQL injection and
other attacks.
Q2
,A system enforces multi-factor authentication but allows
weak passwords. What principle is being partially
violated?
A. Defense in depth
B. Least privilege
C. Fail-safe defaults
D. Complete mediation
Answer: A
Rationale: MFA adds layers, but weak passwords weaken
overall layered defense.
Q3
A developer uses bcrypt instead of SHA-256 for password
storage. What is the main advantage?
A. Faster hashing
B. Built-in salting and resistance to brute force
C. Easier implementation
D. Reduced storage size
Answer: B
Rationale: bcrypt is adaptive and includes salting, making
brute-force attacks harder.
Q4
, An attacker intercepts data between client and server.
Which control best prevents this?
A. Input validation
B. TLS encryption
C. Logging
D. RBAC
Answer: B
Rationale: TLS encrypts data in transit, preventing
interception attacks.
Q5
A system grants users access strictly based on roles like
“admin” or “user.” What model is used?
A. ABAC
B. RBAC
C. MAC
D. DAC
Answer: B
Rationale: Role-Based Access Control assigns permissions
based on roles.
Q6
DESIGN EXAMINATION ACTUAL EXAM
COMPLETE QUESTIONS AND VERIFIED
SOLUTIONS LATEST UPDATE THIS
YEAR
✅ FULL EXAM COVERAGE — WGU D487 Secure
Software Design
The exam typically evaluates your ability to design,
analyze, and evaluate secure software systems using
modern security principles and frameworks.
🔹 EXAM COVERAGE
SSDLC integration
CIA triad + principles
AuthN/AuthZ (RBAC, OAuth, MFA)
Cryptography basics + hashing
OWASP Top 10 vulnerabilities
Threat modeling (STRIDE, DFDs)
, Secure architecture patterns
Risk management strategies
Security testing methods (SAST, DAST)
DevSecOps practices
Compliance basics
Q1
A development team decides to validate user inputs only
after database submission to improve performance. What
security risk does this introduce?
A. Improved integrity
B. Increased injection vulnerability
C. Better authentication
D. Reduced attack surface
Answer: B
Rationale: Delayed validation allows malicious input to
reach the database, increasing risk of SQL injection and
other attacks.
Q2
,A system enforces multi-factor authentication but allows
weak passwords. What principle is being partially
violated?
A. Defense in depth
B. Least privilege
C. Fail-safe defaults
D. Complete mediation
Answer: A
Rationale: MFA adds layers, but weak passwords weaken
overall layered defense.
Q3
A developer uses bcrypt instead of SHA-256 for password
storage. What is the main advantage?
A. Faster hashing
B. Built-in salting and resistance to brute force
C. Easier implementation
D. Reduced storage size
Answer: B
Rationale: bcrypt is adaptive and includes salting, making
brute-force attacks harder.
Q4
, An attacker intercepts data between client and server.
Which control best prevents this?
A. Input validation
B. TLS encryption
C. Logging
D. RBAC
Answer: B
Rationale: TLS encrypts data in transit, preventing
interception attacks.
Q5
A system grants users access strictly based on roles like
“admin” or “user.” What model is used?
A. ABAC
B. RBAC
C. MAC
D. DAC
Answer: B
Rationale: Role-Based Access Control assigns permissions
based on roles.
Q6
