D487 Secure Software
Design Exam
Questions And Correct
Answers (Verified
Answers) Plus
Rationales 2025/2026
Q&A | Instant
Download Pdf
1. What is the primary goal of secure software design?
A. To make software run faster
B. To eliminate all bugs
C. To reduce vulnerabilities and prevent exploitation
D. To reduce development cost
Answer: C
,Secure design focuses on minimizing security weaknesses
that attackers could exploit.
2. Which principle ensures users only access what they
need?
A. Least privilege
B. Fail-safe defaults
C. Defense in depth
D. Encapsulation
Answer: A
Least privilege limits access rights to only what is necessary.
3. What does “defense in depth” mean?
A. One strong security layer
B. Multiple layers of security controls
C. No external access allowed
D. Encrypting all data only
Answer: B
Security is implemented in multiple overlapping layers.
4. Which is a secure coding practice?
A. Hardcoding passwords
B. Input validation
C. Disabling logging
D. Using global variables
,Answer: B
Input validation prevents malicious or malformed data.
5. What is a buffer overflow?
A. Too much memory allocation
B. Writing beyond memory bounds
C. Encrypting data incorrectly
D. A database error
Answer: B
It occurs when data exceeds allocated buffer space.
6. SQL injection attacks target what?
A. Operating system
B. Database queries
C. Network protocols
D. Hardware memory
Answer: B
Attackers manipulate SQL statements to access data.
7. What helps prevent SQL injection?
A. Dynamic queries
B. Stored procedures and parameterized queries
C. Hardcoded SQL strings
D. Disabling databases
Answer: B
Parameterized queries separate code from input.
, 8. What is authentication?
A. Granting permissions
B. Verifying identity
C. Encrypting data
D. Logging user actions
Answer: B
Authentication confirms who the user is.
9. What is authorization?
A. Verifying identity
B. Assigning permissions after authentication
C. Encrypting passwords
D. Creating user accounts
Answer: B
Authorization determines what an authenticated user can
do.
10. What is secure hashing used for?
A. Encrypting network traffic
B. Storing passwords securely
C. Compressing files
D. Logging events
Answer: B
Hashes store passwords without revealing original values.
Design Exam
Questions And Correct
Answers (Verified
Answers) Plus
Rationales 2025/2026
Q&A | Instant
Download Pdf
1. What is the primary goal of secure software design?
A. To make software run faster
B. To eliminate all bugs
C. To reduce vulnerabilities and prevent exploitation
D. To reduce development cost
Answer: C
,Secure design focuses on minimizing security weaknesses
that attackers could exploit.
2. Which principle ensures users only access what they
need?
A. Least privilege
B. Fail-safe defaults
C. Defense in depth
D. Encapsulation
Answer: A
Least privilege limits access rights to only what is necessary.
3. What does “defense in depth” mean?
A. One strong security layer
B. Multiple layers of security controls
C. No external access allowed
D. Encrypting all data only
Answer: B
Security is implemented in multiple overlapping layers.
4. Which is a secure coding practice?
A. Hardcoding passwords
B. Input validation
C. Disabling logging
D. Using global variables
,Answer: B
Input validation prevents malicious or malformed data.
5. What is a buffer overflow?
A. Too much memory allocation
B. Writing beyond memory bounds
C. Encrypting data incorrectly
D. A database error
Answer: B
It occurs when data exceeds allocated buffer space.
6. SQL injection attacks target what?
A. Operating system
B. Database queries
C. Network protocols
D. Hardware memory
Answer: B
Attackers manipulate SQL statements to access data.
7. What helps prevent SQL injection?
A. Dynamic queries
B. Stored procedures and parameterized queries
C. Hardcoded SQL strings
D. Disabling databases
Answer: B
Parameterized queries separate code from input.
, 8. What is authentication?
A. Granting permissions
B. Verifying identity
C. Encrypting data
D. Logging user actions
Answer: B
Authentication confirms who the user is.
9. What is authorization?
A. Verifying identity
B. Assigning permissions after authentication
C. Encrypting passwords
D. Creating user accounts
Answer: B
Authorization determines what an authenticated user can
do.
10. What is secure hashing used for?
A. Encrypting network traffic
B. Storing passwords securely
C. Compressing files
D. Logging events
Answer: B
Hashes store passwords without revealing original values.
