Page | 1
WGU D487 OA SECURE SOFTWARE
DESIGN OBJECTIVE ASSESSMENT
EXAM 2025 BRAND NEW ACTUAL EXAM
WITH ANSWERS.
1. The final security review determined that all security issues
identified in testing have been resolved and all SDL
requirements have been met. What is the result of the final
security review? - correct answer -Passed
2. The security team is reviewing all threat models, identified
vulnerabilities, and documented requirements. They are also
performing static and dynamic analysis on the software product
to determine if it is ready for release. Which activity of the Ship
SDL phase is being performed? - correct answer -Final security
review
3. The security team is reviewing whether new security
requirements, based on identified threats or changes to
organizational guidelines, can be implemented prior to
releasing the new product.Which activity of the Ship SDL
phase is being performed? - correct answer -Policy compliance
analysis
, Page | 2
4. An organizational security review discovered multiple database
instances that were installed using publicly available default
settings, including security and access. How should the
organization remediate this vulnerability? - correct answer -
Ensure default accounts and passwords are disabled or
removed
5. During penetration testing, an analyst discovered a DOM-
based (document object model) cross-site scripting vulnerability
within the applications search bar that could allow an attacker
to insert malicious code. How should the organization
remediate this vulnerability? - correct answer -Enforce
encoding of special characters
6. Application credentials are stored in the database using simple
hashes to store passwords. An undiscovered credential
recovery flaw allowed a security analyst to download the
database and expose passwords using their GPU to crack the
simple encryption. How should the organization remediate this
vulnerability? - correct answer -Enforce the use of strong,
salted hashing functions when storing passwords
, Page | 3
7. During functional testing, a QA analyst using a non-admin
account caused an application exception. After the exception
was handled, the tester was able to navigate to the admin
section of the application by typing the URL directly into the
browser address bar. They were unable to force the same
navigation before the exception was thrown. How should the
organization remediate this vulnerability? - correct answer -
Ensure user privileges are restored to the appropriate level
after exceptions
8. The product security incident response team (PSIRT)
determined a reported vulnerability was credible and of a high
enough severity that it needs to be fixed. What is the response
team's next step? - correct answer -Identify resources and
schedule the fix
9. Organizational leadership is considering buying a competitor
and has asked the software security team to develop a plan to
ensure the competitor's point-of-sale system complies with
organizational policies. Which post-release deliverable is being
described? - correct answer -Security strategy for M&A
products
10. The software security team has been tasked with identifying
who will be involved when security vulnerabilities are reported
WGU D487 OA SECURE SOFTWARE
DESIGN OBJECTIVE ASSESSMENT
EXAM 2025 BRAND NEW ACTUAL EXAM
WITH ANSWERS.
1. The final security review determined that all security issues
identified in testing have been resolved and all SDL
requirements have been met. What is the result of the final
security review? - correct answer -Passed
2. The security team is reviewing all threat models, identified
vulnerabilities, and documented requirements. They are also
performing static and dynamic analysis on the software product
to determine if it is ready for release. Which activity of the Ship
SDL phase is being performed? - correct answer -Final security
review
3. The security team is reviewing whether new security
requirements, based on identified threats or changes to
organizational guidelines, can be implemented prior to
releasing the new product.Which activity of the Ship SDL
phase is being performed? - correct answer -Policy compliance
analysis
, Page | 2
4. An organizational security review discovered multiple database
instances that were installed using publicly available default
settings, including security and access. How should the
organization remediate this vulnerability? - correct answer -
Ensure default accounts and passwords are disabled or
removed
5. During penetration testing, an analyst discovered a DOM-
based (document object model) cross-site scripting vulnerability
within the applications search bar that could allow an attacker
to insert malicious code. How should the organization
remediate this vulnerability? - correct answer -Enforce
encoding of special characters
6. Application credentials are stored in the database using simple
hashes to store passwords. An undiscovered credential
recovery flaw allowed a security analyst to download the
database and expose passwords using their GPU to crack the
simple encryption. How should the organization remediate this
vulnerability? - correct answer -Enforce the use of strong,
salted hashing functions when storing passwords
, Page | 3
7. During functional testing, a QA analyst using a non-admin
account caused an application exception. After the exception
was handled, the tester was able to navigate to the admin
section of the application by typing the URL directly into the
browser address bar. They were unable to force the same
navigation before the exception was thrown. How should the
organization remediate this vulnerability? - correct answer -
Ensure user privileges are restored to the appropriate level
after exceptions
8. The product security incident response team (PSIRT)
determined a reported vulnerability was credible and of a high
enough severity that it needs to be fixed. What is the response
team's next step? - correct answer -Identify resources and
schedule the fix
9. Organizational leadership is considering buying a competitor
and has asked the software security team to develop a plan to
ensure the competitor's point-of-sale system complies with
organizational policies. Which post-release deliverable is being
described? - correct answer -Security strategy for M&A
products
10. The software security team has been tasked with identifying
who will be involved when security vulnerabilities are reported
