WGU D487 Secure Software Design questions and
answers 2026\2027 A+ Grade
BSIMM
- correct answer Building Security In Maturity Model
Studies real-world software security initiatives for benchmarking
SAMM
- correct answer Software Assurance Maturity Model
BSIMM Four Domains
- correct answer 🏛️ Governance: Strategy, compliance, training programs
Intelligence: Attack models, security features, standards research
🔨 SSDL Touchpoints: Hands-on security activities (code review, testing)
🚀 Deployment: Configuration management, vulnerability management
STRIDE Threat Modeling
- correct answer Spoofing: Identity impersonation attacks
Tampering: Unauthorized data modification
Repudiation: Denial of performed actions
Information Disclosure: Unauthorized data access
Denial of Service: Service availability attacks
Elevation of Privilege: Unauthorized access escalation
Purpose - Threat Categorization
, STRIDE-per-element
- correct answer Analyze each individual component/object
STRIDE-per-process:
- correct answer Focus only on processes
STRIDE-per-trust-boundary
- correct answer Analyze security boundary crossings
STRIDE-per-interaction
- correct answer Focus on data flows between components
DREAD Stages
- correct answer Damage: Potential impact severity
Reproducibility: How easily attack can be repeated
Exploitability: Difficulty of executing the attack
Affected users: Scope and number of impacted users
Discoverability: How easy vulnerability is to find
DREAD Scoring System
- correct answer Each Stage gets 1-3 Points
13-15 points = High Risk
8-12 points = Medium Risk
5-7 points = Low Risk
PASTA
- correct answer Process for Attack Simulation and Threat Analysis
PASTA Seven Stages
- correct answer Define Objectives - Business and security requirements
Define Technical Scope - Application boundaries and components
Application Decomposition - Break down architecture and data flows
answers 2026\2027 A+ Grade
BSIMM
- correct answer Building Security In Maturity Model
Studies real-world software security initiatives for benchmarking
SAMM
- correct answer Software Assurance Maturity Model
BSIMM Four Domains
- correct answer 🏛️ Governance: Strategy, compliance, training programs
Intelligence: Attack models, security features, standards research
🔨 SSDL Touchpoints: Hands-on security activities (code review, testing)
🚀 Deployment: Configuration management, vulnerability management
STRIDE Threat Modeling
- correct answer Spoofing: Identity impersonation attacks
Tampering: Unauthorized data modification
Repudiation: Denial of performed actions
Information Disclosure: Unauthorized data access
Denial of Service: Service availability attacks
Elevation of Privilege: Unauthorized access escalation
Purpose - Threat Categorization
, STRIDE-per-element
- correct answer Analyze each individual component/object
STRIDE-per-process:
- correct answer Focus only on processes
STRIDE-per-trust-boundary
- correct answer Analyze security boundary crossings
STRIDE-per-interaction
- correct answer Focus on data flows between components
DREAD Stages
- correct answer Damage: Potential impact severity
Reproducibility: How easily attack can be repeated
Exploitability: Difficulty of executing the attack
Affected users: Scope and number of impacted users
Discoverability: How easy vulnerability is to find
DREAD Scoring System
- correct answer Each Stage gets 1-3 Points
13-15 points = High Risk
8-12 points = Medium Risk
5-7 points = Low Risk
PASTA
- correct answer Process for Attack Simulation and Threat Analysis
PASTA Seven Stages
- correct answer Define Objectives - Business and security requirements
Define Technical Scope - Application boundaries and components
Application Decomposition - Break down architecture and data flows
