WGU D487 SECURE SW SOFTWARE DESIGN
EXAMINATION ACTUAL EXAM 2026/2027 COMPLETE
QUESTIONS AND VERIFIED SOLUTIONS |BRAND
NEW!!
Which practice in the Ship (A5) phase of the security
development cycle verifies whether the product meets
security mandates? - ANSWER-A5 policy compliance
analysis
What is an open-source platform that can perform
automatic reviews with static analysis of code to detect
bugs, code smells, and security vulnerabilities in over 25
programming languages. - ANSWER-SonarQube
,What is analysis of computer software that is performed
without actually executing programs? - ANSWER-static
anaylysis
What identifies inputs and supplies those to the scanning
components of the security tool? - ANSWER-Spider
Type of request to merge your code into another branch...
- ANSWER-pull request
What silently analyzes all the hypertext transfer protocol
(HTTP) requests and responses passing through the web
application security tool? - ANSWER-passive scanner
,Type of test done by the development tester to continually
assess the quality of his or her work... - ANSWER-
exploratory test
Type of application security testing to identify
vulnerabilities within a product application - ANSWER-
dynamic analysis
After the developer is done coding a functionality, when
should code review be completed? - ANSWER-Within
hours/same day
What is the order that code reviews should follow in order
to be effective? - ANSWER-Identify security code review
, objectives, perform preliminary scan, review code for
security issues, review the code for security issues unique
to the architecture
When a software application handles personally
identifiable information (PII) data, what will be the Privacy
Impact Rating? - ANSWER-P1 High Privacy Risk
Which key success factor identifies threats to the
software? - ANSWER-Effective threat modeling
What is the goal of design security review deliverables? -
ANSWER-To make modifications to the design of software
components based on security assessments
EXAMINATION ACTUAL EXAM 2026/2027 COMPLETE
QUESTIONS AND VERIFIED SOLUTIONS |BRAND
NEW!!
Which practice in the Ship (A5) phase of the security
development cycle verifies whether the product meets
security mandates? - ANSWER-A5 policy compliance
analysis
What is an open-source platform that can perform
automatic reviews with static analysis of code to detect
bugs, code smells, and security vulnerabilities in over 25
programming languages. - ANSWER-SonarQube
,What is analysis of computer software that is performed
without actually executing programs? - ANSWER-static
anaylysis
What identifies inputs and supplies those to the scanning
components of the security tool? - ANSWER-Spider
Type of request to merge your code into another branch...
- ANSWER-pull request
What silently analyzes all the hypertext transfer protocol
(HTTP) requests and responses passing through the web
application security tool? - ANSWER-passive scanner
,Type of test done by the development tester to continually
assess the quality of his or her work... - ANSWER-
exploratory test
Type of application security testing to identify
vulnerabilities within a product application - ANSWER-
dynamic analysis
After the developer is done coding a functionality, when
should code review be completed? - ANSWER-Within
hours/same day
What is the order that code reviews should follow in order
to be effective? - ANSWER-Identify security code review
, objectives, perform preliminary scan, review code for
security issues, review the code for security issues unique
to the architecture
When a software application handles personally
identifiable information (PII) data, what will be the Privacy
Impact Rating? - ANSWER-P1 High Privacy Risk
Which key success factor identifies threats to the
software? - ANSWER-Effective threat modeling
What is the goal of design security review deliverables? -
ANSWER-To make modifications to the design of software
components based on security assessments
