WGU D487 secure software design 2025 questions and
answers
2 of 59
3 of 59
What is the analysis of computer software that is performed by executing programs on
a real or virtual processor in real time?
Coverage analysis
Static analysis
Dynamic analysis
Memory analysis
Answer: Dynamic analysis
4
After determining a reported vulnerability was a credible claim, the product security
incident response team (PSIRT) worked with development teams to create and test a
patch. The patch is scheduled to be released at the end of the month. What is the
response team's next step?
Notify customers that the fix is available
Notify the reporter that the case is going to be closed
Identify resources and schedule the fix
, of 59
Identify the team that owns the product
Answer: notify customers that the fix is available
The security team is reviewing whether new security requirements, based on identified
threats or changes to organizational guidelines, can be implemented prior to releasing
the new product. Which activity of the Ship SDL phase is being performed?
Policy compliance analysis
Policy compliance review
Every-sprint requirement
Final security review
Answer: Policy compliance review
5 of 59
What is a countermeasure to the web application security frame (ASF) configuration
management threat category?
Static analysis
Security requirement
Privacy requirement
Compliance requirement
, of 59
Answer: Security requirement
6 of 59
eam members are being introduced during sprint zero in the project kickoff meeting.
The person being introduced is a member of the scrum team, responsible for writing
feature logic and attending sprint ceremonies. Which role is the team member playing?
Web developer
Software engineer
Software developer
Systems analyst
Answer: Software developer
7
Which secure coding best practice uses well-tested, publicly available algorithms to hide
product data from unauthorized access?
System configuration
Digital signatures
Cryptographic practices
answers
2 of 59
3 of 59
What is the analysis of computer software that is performed by executing programs on
a real or virtual processor in real time?
Coverage analysis
Static analysis
Dynamic analysis
Memory analysis
Answer: Dynamic analysis
4
After determining a reported vulnerability was a credible claim, the product security
incident response team (PSIRT) worked with development teams to create and test a
patch. The patch is scheduled to be released at the end of the month. What is the
response team's next step?
Notify customers that the fix is available
Notify the reporter that the case is going to be closed
Identify resources and schedule the fix
, of 59
Identify the team that owns the product
Answer: notify customers that the fix is available
The security team is reviewing whether new security requirements, based on identified
threats or changes to organizational guidelines, can be implemented prior to releasing
the new product. Which activity of the Ship SDL phase is being performed?
Policy compliance analysis
Policy compliance review
Every-sprint requirement
Final security review
Answer: Policy compliance review
5 of 59
What is a countermeasure to the web application security frame (ASF) configuration
management threat category?
Static analysis
Security requirement
Privacy requirement
Compliance requirement
, of 59
Answer: Security requirement
6 of 59
eam members are being introduced during sprint zero in the project kickoff meeting.
The person being introduced is a member of the scrum team, responsible for writing
feature logic and attending sprint ceremonies. Which role is the team member playing?
Web developer
Software engineer
Software developer
Systems analyst
Answer: Software developer
7
Which secure coding best practice uses well-tested, publicly available algorithms to hide
product data from unauthorized access?
System configuration
Digital signatures
Cryptographic practices
