6/5/26, 8:26 AM WGU - D487 OA EXAM | Questions & Answers | 100% Verified solutions (2026) UPDATE |2026!! STUDY GUIDE EXAM Flashcards |…
WGU - D487 OA EXAM | Questions & Answers |
100% Verified solutions (2026) UPDATE |2026!!
STUDY GUIDE EXAM
Save Groups
Terms in this set (173)
Privacy Compliance Report The _________ report should provide progress against
privacy requirements provided in earlier phases.
Any outstanding requirement should be
implemented as soon as possible. It is also prudent
to assess any changes in laws/regulations to
identify (and put on a roadmap) any new
requirements. A4 D&D
Security Testing Reports A findings summary should be prepared for each
type of security testing: manual code review, static
analysis, dynamic analysis, penetration testing, and
fuzzing. The reports should provide the type and
number of issues identified and any consistent
theme that can be derived from the findings. A4
D&D
Remediation Report A ____ report/dashboard should be prepared and
updated regularly from this stage. The purpose of
this report is to showcase the security posture and
risk of the product at a technical level. A4 D&D
https://quizlet.com/1186990530/wgu-d487-oa-exam-questions-answers-100-verified-solutions-2026-update-2026-study-guide-exam-flash-cards/?new 1/37
,6/5/26, 8:26 AM WGU - D487 OA EXAM | Questions & Answers | 100% Verified solutions (2026) UPDATE |2026!! STUDY GUIDE EXAM Flashcards |…
Security Assessment SDL Phase 1 (A1) = SDLC 1 Concept
What are the key activities in the
Security Assessment phase of SDL? Software security team is looped in early
Security team hosts a discovery meeting
Software security team discusses project plan
States what further work will be done
Privacy Impact Assessment (PIA) plan is created
Architecture SDL Phase 2 (A2) = SDLC 2 Planning
What are the key activities in the
Architecture phase of SDL? A2 Policy compliance analysis
SDL policy assessment and scoping
Threat modeling & architecture security analysis
Open-source selection
Privacy information gathering and analysis
Design & Development SDL Phase 3 (A3) = SDLC 3 Design & Development
What are the key activities in the
Design & Development phase of A3 Policy compliance analysis
SDL? Security test plan composition
Static analysis updating
Threat modeling analysis & review
Privacy implementation assessment
https://quizlet.com/1186990530/wgu-d487-oa-exam-questions-answers-100-verified-solutions-2026-update-2026-study-guide-exam-flash-cards/?new 2/37
,6/5/26, 8:26 AM WGU - D487 OA EXAM | Questions & Answers | 100% Verified solutions (2026) UPDATE |2026!! STUDY GUIDE EXAM Flashcards |…
Design & Development Cont. SDL Phase 4 (A4) = SDLC 4 Readiness
What are the key activities in the
Design & Development Cont. phase A4 Policy compliance analysis
of SDL? Security test case execution
Static analysis
Fuzz testing
Privacy code review
Privacy validation and remediation
Ship SDL Phase 5 (A5) = SDLC 5 Release & Launch
What are the key activities in the Ship
phase of SDL? A5 Policy compliance analysis
Vulnerability scan
Penetration testing
Open-source licensing review
Final privacy review
What is the purpose of the Product To estimate the actual cost of the product.
risk profile deliverable in Security
Assessment (A1)?
What is the goal of the SDL project To map SDL activities to the development
outline in Security Assessment (A1)? schedule.
Why are Applicable laws and To obtain formal sign-off from stakeholders on
regulations important in Security applicable laws.
Assessment (A1)?
What is the purpose of the Threat To guide SDL activities to mitigate threats.
profile in Security Assessment (A1)?
https://quizlet.com/1186990530/wgu-d487-oa-exam-questions-answers-100-verified-solutions-2026-update-2026-study-guide-exam-flash-cards/?new 3/37
, 6/5/26, 8:26 AM WGU - D487 OA EXAM | Questions & Answers | 100% Verified solutions (2026) UPDATE |2026!! STUDY GUIDE EXAM Flashcards |…
What is the goal of the Certification To list requirements for product and operations
requirements deliverable in Security certifications.
Assessment (A1)?
Why is maintaining a List of third- To identify dependence on third-party software.
party software important in Security
Assessment (A1)?
What is the purpose of the Metrics To establish a cadence for regular reporting to
template in Security Assessment executives.
(A1)?
What is the purpose of defining To establish software requirements, including
Business requirements in A2 Confidentiality, Integrity, and Availability (CIA).
Architecture?
What are Threat modeling artifacts They include data flow diagrams, elements, and
used for in A2 Architecture? threat listings to assess security risks.
What is the goal of Architecture To prioritize threats and risks based on a detailed
threat analysis in A2 Architecture? threat analysis.
What is a Risk mitigation plan in A2 A plan to mitigate, accept, or tolerate risk within
Architecture? the system.
What does Policy compliance It ensures adherence to company policies and
analysis ensure in A2 Architecture? security regulations.
https://quizlet.com/1186990530/wgu-d487-oa-exam-questions-answers-100-verified-solutions-2026-update-2026-study-guide-exam-flash-cards/?new 4/37
WGU - D487 OA EXAM | Questions & Answers |
100% Verified solutions (2026) UPDATE |2026!!
STUDY GUIDE EXAM
Save Groups
Terms in this set (173)
Privacy Compliance Report The _________ report should provide progress against
privacy requirements provided in earlier phases.
Any outstanding requirement should be
implemented as soon as possible. It is also prudent
to assess any changes in laws/regulations to
identify (and put on a roadmap) any new
requirements. A4 D&D
Security Testing Reports A findings summary should be prepared for each
type of security testing: manual code review, static
analysis, dynamic analysis, penetration testing, and
fuzzing. The reports should provide the type and
number of issues identified and any consistent
theme that can be derived from the findings. A4
D&D
Remediation Report A ____ report/dashboard should be prepared and
updated regularly from this stage. The purpose of
this report is to showcase the security posture and
risk of the product at a technical level. A4 D&D
https://quizlet.com/1186990530/wgu-d487-oa-exam-questions-answers-100-verified-solutions-2026-update-2026-study-guide-exam-flash-cards/?new 1/37
,6/5/26, 8:26 AM WGU - D487 OA EXAM | Questions & Answers | 100% Verified solutions (2026) UPDATE |2026!! STUDY GUIDE EXAM Flashcards |…
Security Assessment SDL Phase 1 (A1) = SDLC 1 Concept
What are the key activities in the
Security Assessment phase of SDL? Software security team is looped in early
Security team hosts a discovery meeting
Software security team discusses project plan
States what further work will be done
Privacy Impact Assessment (PIA) plan is created
Architecture SDL Phase 2 (A2) = SDLC 2 Planning
What are the key activities in the
Architecture phase of SDL? A2 Policy compliance analysis
SDL policy assessment and scoping
Threat modeling & architecture security analysis
Open-source selection
Privacy information gathering and analysis
Design & Development SDL Phase 3 (A3) = SDLC 3 Design & Development
What are the key activities in the
Design & Development phase of A3 Policy compliance analysis
SDL? Security test plan composition
Static analysis updating
Threat modeling analysis & review
Privacy implementation assessment
https://quizlet.com/1186990530/wgu-d487-oa-exam-questions-answers-100-verified-solutions-2026-update-2026-study-guide-exam-flash-cards/?new 2/37
,6/5/26, 8:26 AM WGU - D487 OA EXAM | Questions & Answers | 100% Verified solutions (2026) UPDATE |2026!! STUDY GUIDE EXAM Flashcards |…
Design & Development Cont. SDL Phase 4 (A4) = SDLC 4 Readiness
What are the key activities in the
Design & Development Cont. phase A4 Policy compliance analysis
of SDL? Security test case execution
Static analysis
Fuzz testing
Privacy code review
Privacy validation and remediation
Ship SDL Phase 5 (A5) = SDLC 5 Release & Launch
What are the key activities in the Ship
phase of SDL? A5 Policy compliance analysis
Vulnerability scan
Penetration testing
Open-source licensing review
Final privacy review
What is the purpose of the Product To estimate the actual cost of the product.
risk profile deliverable in Security
Assessment (A1)?
What is the goal of the SDL project To map SDL activities to the development
outline in Security Assessment (A1)? schedule.
Why are Applicable laws and To obtain formal sign-off from stakeholders on
regulations important in Security applicable laws.
Assessment (A1)?
What is the purpose of the Threat To guide SDL activities to mitigate threats.
profile in Security Assessment (A1)?
https://quizlet.com/1186990530/wgu-d487-oa-exam-questions-answers-100-verified-solutions-2026-update-2026-study-guide-exam-flash-cards/?new 3/37
, 6/5/26, 8:26 AM WGU - D487 OA EXAM | Questions & Answers | 100% Verified solutions (2026) UPDATE |2026!! STUDY GUIDE EXAM Flashcards |…
What is the goal of the Certification To list requirements for product and operations
requirements deliverable in Security certifications.
Assessment (A1)?
Why is maintaining a List of third- To identify dependence on third-party software.
party software important in Security
Assessment (A1)?
What is the purpose of the Metrics To establish a cadence for regular reporting to
template in Security Assessment executives.
(A1)?
What is the purpose of defining To establish software requirements, including
Business requirements in A2 Confidentiality, Integrity, and Availability (CIA).
Architecture?
What are Threat modeling artifacts They include data flow diagrams, elements, and
used for in A2 Architecture? threat listings to assess security risks.
What is the goal of Architecture To prioritize threats and risks based on a detailed
threat analysis in A2 Architecture? threat analysis.
What is a Risk mitigation plan in A2 A plan to mitigate, accept, or tolerate risk within
Architecture? the system.
What does Policy compliance It ensures adherence to company policies and
analysis ensure in A2 Architecture? security regulations.
https://quizlet.com/1186990530/wgu-d487-oa-exam-questions-answers-100-verified-solutions-2026-update-2026-study-guide-exam-flash-cards/?new 4/37
