D487 STUDY GUIDE 2026 PRACTICE
QUESTIONS AND ANSWERS FULL
SOLUTION VERIFIED STUDY PACK
GRADED A+
⩥ Secure Design Principles.
Answer: Common principles like least privilege, fail-safe defaults, and
defense in depth.
⩥ Saltzer and Schroeder Principles.
Answer: Security design principles used to build secure systems.
⩥ Fail-Safe Defaults.
Answer: Deny by default unless explicitly allowed.
⩥ Economy of Mechanism.
Answer: Keep designs simple to reduce mistakes and hidden paths.
⩥ Complete Mediation.
Answer: Check every access request, every time.
⩥ Separation of Duties.
,Answer: Require multiple conditions/roles for sensitive actions.
⩥ Least Common Mechanism.
Answer: Avoid shared mechanisms that create hidden channels.
⩥ Psychological Acceptability.
Answer: Security controls must be usable or people will bypass them.
⩥ Open Design.
Answer: Security should not rely on secret designs; rely on strong
controls.
⩥ Weakest Link.
Answer: A system's security is only as strong as its weakest component.
⩥ Privacy Impact Assessment (PIA).
Answer: Review of how software handles personal data and privacy risk.
⩥ PII (Personally Identifiable Information).
Answer: Data that can identify a person (name, email, ID number).
⩥ PHI (Protected Health Information).
, Answer: Health-related information that must be protected under
healthcare rules.
⩥ Privacy by Design.
Answer: Building privacy controls into every SDLC stage.
⩥ Data Minimization.
Answer: Collect only the data that is necessary for business purpose.
⩥ Notice and Consent.
Answer: Telling users what data is collected and getting permission
when required.
⩥ Privacy Impact Rating.
Answer: P1 high risk, P2 moderate risk, P3 low risk.
⩥ P1 Privacy Risk.
Answer: Stores/transmits PII, installs software, or changes user settings.
⩥ P2 Privacy Risk.
Answer: One-time anonymous data transfer initiated by user.
QUESTIONS AND ANSWERS FULL
SOLUTION VERIFIED STUDY PACK
GRADED A+
⩥ Secure Design Principles.
Answer: Common principles like least privilege, fail-safe defaults, and
defense in depth.
⩥ Saltzer and Schroeder Principles.
Answer: Security design principles used to build secure systems.
⩥ Fail-Safe Defaults.
Answer: Deny by default unless explicitly allowed.
⩥ Economy of Mechanism.
Answer: Keep designs simple to reduce mistakes and hidden paths.
⩥ Complete Mediation.
Answer: Check every access request, every time.
⩥ Separation of Duties.
,Answer: Require multiple conditions/roles for sensitive actions.
⩥ Least Common Mechanism.
Answer: Avoid shared mechanisms that create hidden channels.
⩥ Psychological Acceptability.
Answer: Security controls must be usable or people will bypass them.
⩥ Open Design.
Answer: Security should not rely on secret designs; rely on strong
controls.
⩥ Weakest Link.
Answer: A system's security is only as strong as its weakest component.
⩥ Privacy Impact Assessment (PIA).
Answer: Review of how software handles personal data and privacy risk.
⩥ PII (Personally Identifiable Information).
Answer: Data that can identify a person (name, email, ID number).
⩥ PHI (Protected Health Information).
, Answer: Health-related information that must be protected under
healthcare rules.
⩥ Privacy by Design.
Answer: Building privacy controls into every SDLC stage.
⩥ Data Minimization.
Answer: Collect only the data that is necessary for business purpose.
⩥ Notice and Consent.
Answer: Telling users what data is collected and getting permission
when required.
⩥ Privacy Impact Rating.
Answer: P1 high risk, P2 moderate risk, P3 low risk.
⩥ P1 Privacy Risk.
Answer: Stores/transmits PII, installs software, or changes user settings.
⩥ P2 Privacy Risk.
Answer: One-time anonymous data transfer initiated by user.
