WGU D487 OA EXAM 200 QUESTIONS & CORRECT
ANSWERS LATEST 2025
Privacy Compliance Report
The _________ report should provide progress against privacy requirements
provided in earlier phases. Any outstanding requirement should be implemented
as soon as possible. It is also prudent to assess any changes in laws/regulations to
identify (and put on a roadmap) any new requirements. A4 D&D
Security Testing Reports
A findings summary should be prepared for each type of security testing: manual
code review, static analysis, dynamic analysis, penetration testing, and fuzzing.
The reports should provide the type and number of issues identified and any
consistent theme that can be derived from the findings. A4 D&D
Remediation Report
A ____ report/dashboard should be prepared and updated regularly from this
stage. The purpose of this report is to showcase the security posture and risk of
the product at a technical level. A4 D&D
Security Assessment
What are the key activities in the Security Assessment phase of SDL?
SDL Phase 1 (A1) = SDLC 1 Concept
Software security team is looped in early
Security team hosts a discovery meeting
Software security team discusses project plan
States what further work will be done
Privacy Impact Assessment (PIA) plan is created
,Architecture
What are the key activities in the Architecture phase of SDL?
SDL Phase 2 (A2) = SDLC 2 Planning
A2 Policy compliance analysis
SDL policy assessment and scoping
Threat modeling & architecture security analysis
Open-source selection
Privacy information gathering and analysis
Design & Development
What are the key activities in the Design & Development phase of SDL?
SDL Phase 3 (A3) = SDLC 3 Design & Development
A3 Policy compliance analysis
Security test plan composition
Static analysis updating
Threat modeling analysis & review
Privacy implementation assessment
Design & Development Cont.
What are the key activities in the Design & Development Cont. phase of SDL?
SDL Phase 4 (A4) = SDLC 4 Readiness
A4 Policy compliance analysis
Security test case execution
Static analysis
Fuzz testing
Privacy code review
Privacy validation and remediation
Ship
What are the key activities in the Ship phase of SDL?
SDL Phase 5 (A5) = SDLC 5 Release & Launch
,A5 Policy compliance analysis
Vulnerability scan
Penetration testing
Open-source licensing review
Final privacy review
What is the purpose of the Product risk profile deliverable in Security Assessment
(A1)?
To estimate the actual cost of the product.
What is the goal of the SDL project outline in Security Assessment (A1)?
To map SDL activities to the development schedule.
Why are Applicable laws and regulations important in Security Assessment (A1)?
To obtain formal sign-off from stakeholders on applicable laws.
What is the purpose of the Threat profile in Security Assessment (A1)?
To guide SDL activities to mitigate threats.
What is the goal of the Certification requirements deliverable in Security
Assessment (A1)?
To list requirements for product and operations certifications.
Why is maintaining a List of third-party software important in Security
Assessment (A1)?
To identify dependence on third-party software.
What is the purpose of the Metrics template in Security Assessment (A1)?
To establish a cadence for regular reporting to executives.
What is the purpose of defining Business requirements in A2 Architecture?
To establish software requirements, including Confidentiality, Integrity, and
Availability (CIA).
What are Threat modeling artifacts used for in A2 Architecture?
, They include data flow diagrams, elements, and threat listings to assess security
risks.
What is the goal of Architecture threat analysis in A2 Architecture?
To prioritize threats and risks based on a detailed threat analysis.
What is a Risk mitigation plan in A2 Architecture?
A plan to mitigate, accept, or tolerate risk within the system.
What does Policy compliance analysis ensure in A2 Architecture?
It ensures adherence to company policies and security regulations.
What is the purpose of Updated threat modeling artifacts in A3 Design &
Development?
To maintain data flow diagrams, elements, and threat listings for security analysis.
What does a Design security review focus on in A3 Design & Development?
It includes modifications to the design of software components based on security
assessments.
What is the purpose of Security test plans in A3 Design & Development?
To create a plan to mitigate, accept, or tolerate risk.
What does Updated policy compliance analysis ensure in A3 Design &
Development?
It ensures adherence to company policies.
What are Privacy implementation assessment results used for in A3 Design &
Development?
They provide recommendations from privacy assessments to improve
compliance.
What is the purpose of the Security test execution report in A4 Design &
Development?
To review progress against identified security test cases.
ANSWERS LATEST 2025
Privacy Compliance Report
The _________ report should provide progress against privacy requirements
provided in earlier phases. Any outstanding requirement should be implemented
as soon as possible. It is also prudent to assess any changes in laws/regulations to
identify (and put on a roadmap) any new requirements. A4 D&D
Security Testing Reports
A findings summary should be prepared for each type of security testing: manual
code review, static analysis, dynamic analysis, penetration testing, and fuzzing.
The reports should provide the type and number of issues identified and any
consistent theme that can be derived from the findings. A4 D&D
Remediation Report
A ____ report/dashboard should be prepared and updated regularly from this
stage. The purpose of this report is to showcase the security posture and risk of
the product at a technical level. A4 D&D
Security Assessment
What are the key activities in the Security Assessment phase of SDL?
SDL Phase 1 (A1) = SDLC 1 Concept
Software security team is looped in early
Security team hosts a discovery meeting
Software security team discusses project plan
States what further work will be done
Privacy Impact Assessment (PIA) plan is created
,Architecture
What are the key activities in the Architecture phase of SDL?
SDL Phase 2 (A2) = SDLC 2 Planning
A2 Policy compliance analysis
SDL policy assessment and scoping
Threat modeling & architecture security analysis
Open-source selection
Privacy information gathering and analysis
Design & Development
What are the key activities in the Design & Development phase of SDL?
SDL Phase 3 (A3) = SDLC 3 Design & Development
A3 Policy compliance analysis
Security test plan composition
Static analysis updating
Threat modeling analysis & review
Privacy implementation assessment
Design & Development Cont.
What are the key activities in the Design & Development Cont. phase of SDL?
SDL Phase 4 (A4) = SDLC 4 Readiness
A4 Policy compliance analysis
Security test case execution
Static analysis
Fuzz testing
Privacy code review
Privacy validation and remediation
Ship
What are the key activities in the Ship phase of SDL?
SDL Phase 5 (A5) = SDLC 5 Release & Launch
,A5 Policy compliance analysis
Vulnerability scan
Penetration testing
Open-source licensing review
Final privacy review
What is the purpose of the Product risk profile deliverable in Security Assessment
(A1)?
To estimate the actual cost of the product.
What is the goal of the SDL project outline in Security Assessment (A1)?
To map SDL activities to the development schedule.
Why are Applicable laws and regulations important in Security Assessment (A1)?
To obtain formal sign-off from stakeholders on applicable laws.
What is the purpose of the Threat profile in Security Assessment (A1)?
To guide SDL activities to mitigate threats.
What is the goal of the Certification requirements deliverable in Security
Assessment (A1)?
To list requirements for product and operations certifications.
Why is maintaining a List of third-party software important in Security
Assessment (A1)?
To identify dependence on third-party software.
What is the purpose of the Metrics template in Security Assessment (A1)?
To establish a cadence for regular reporting to executives.
What is the purpose of defining Business requirements in A2 Architecture?
To establish software requirements, including Confidentiality, Integrity, and
Availability (CIA).
What are Threat modeling artifacts used for in A2 Architecture?
, They include data flow diagrams, elements, and threat listings to assess security
risks.
What is the goal of Architecture threat analysis in A2 Architecture?
To prioritize threats and risks based on a detailed threat analysis.
What is a Risk mitigation plan in A2 Architecture?
A plan to mitigate, accept, or tolerate risk within the system.
What does Policy compliance analysis ensure in A2 Architecture?
It ensures adherence to company policies and security regulations.
What is the purpose of Updated threat modeling artifacts in A3 Design &
Development?
To maintain data flow diagrams, elements, and threat listings for security analysis.
What does a Design security review focus on in A3 Design & Development?
It includes modifications to the design of software components based on security
assessments.
What is the purpose of Security test plans in A3 Design & Development?
To create a plan to mitigate, accept, or tolerate risk.
What does Updated policy compliance analysis ensure in A3 Design &
Development?
It ensures adherence to company policies.
What are Privacy implementation assessment results used for in A3 Design &
Development?
They provide recommendations from privacy assessments to improve
compliance.
What is the purpose of the Security test execution report in A4 Design &
Development?
To review progress against identified security test cases.
