WGU D487 Secure Software Design Newest Questions and Answers (2026/2027) | Comprehensive Review | A+ Verified

WGU D487 Secure Software Design Newest
Questions and Answers (2026/2027) |
Comprehensive Review | A+ Verified
• Which post-release support activity defines the process to communicate, identify,
and alleviate security threats? CORRECT ANSWER: PRSA1: External
vulnerability disclosure response


• What are two core practice areas of the OWASP Security Assurance Maturity
Model (OpenSAMM)? CORRECT ANSWER: Governance, Construction


• Which practice in the Ship (A5) phase of the security development cycle uses
tools to identify weaknesses in the product? CORRECT ANSWER: Vulnerability
scan


• Which post-release support activity should be completed when companies are
joining together? CORRECT ANSWER: Security architectural reviews


• Which of the Ship (A5) deliverables of the security development cycle are
performed during the A5 policy compliance analysis? CORRECT ANSWER:
Analyze activities and standards


• Which of the Ship (A5) deliverables of the security development cycle are
performed during the code-assisted penetration testing? CORRECT ANSWER:
white-box security test


• Which of the Ship (A5) deliverables of the security development cycle are
performed during the open-source licensing review? CORRECT ANSWER:
license compliance

,• Which of the Ship (A5) deliverables of the security development cycle are
performed during the final security review? CORRECT ANSWER: Release and
ship


• How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on agile? CORRECT ANSWER: iterative
development


• How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on devops? CORRECT ANSWER: continuous
integration and continuous deployments


• How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on cloud? CORRECT ANSWER: API
invocation processes


• How can you establish your own SDL to build security into a process appropriate
for your organization's needs based on digital enterprise? CORRECT ANSWER:
enables and improves business activities


• Which phase of penetration testing allows for remediation to be performed?
CORRECT ANSWER: Deploy


• Which key deliverable occurs during post-release support? CORRECT
ANSWER: third-party reviews


• Which business function of OpenSAMM is associated with governance?
CORRECT ANSWER: Policy and compliance

, • Which business function of OpenSAMM is associated with construction?
CORRECT ANSWER: Threat assessment


• Which business function of OpenSAMM is associated with verification?
CORRECT ANSWER: Code review


• Which business function of OpenSAMM is associated with deployment?
CORRECT ANSWER: Vulnerability management


• What is the product risk profile? CORRECT ANSWER: A security assessment
deliverable that estimates the actual cost of the product.


• A software security team member has been tasked with creating a deliverable that
provides details on where and to what degree sensitive customer information is
collected, stored, or created within a new product offering. What does the team
member need to deliver in order to meet the objective? CORRECT ANSWER:
Privacy impact assessment


• What is the first phase in the security development life cycle? CORRECT
ANSWER: A1 Security Assessment


• What are the three areas of compliance requirements? CORRECT ANSWER:
Legal, financial, and industry standards


• What term refers to how the system should function based on the environment in
which the system will operate? CORRECT ANSWER: operational requirements


• During what phase of SDL do all key stakeholders discuss, identify, and have
common understandings of the security and privacy implications, considerations,
and requirements? CORRECT ANSWER: A1 Security Assessment