WGU D487 SECURE SW DESIGN PRACTICE EXAM
2025 ACTUAL EXAM 2 VERSIONS (VERSION A AND B)
COMPLETE ACCURATE EXAM QUESTIONS WITH
DETAILED VERIFIED ANSWERS (100% CORRECT
ANSWERS) /ALREADY GRADED A+
After determining a reported vulnerability was a credible claim, the product
security incident response team (PSIRT) worked with development teams to
create and test a patch. The patch is scheduled to be released at the end of the
month.What is the response team's next step?
- Notify customers that the fix is available
The organization is moving from a waterfall to an agile software development
methodology, so the software security group must adapt the security
development life cycle as well. They have decided to break out security
requirements and deliverables to fit better in the iterative life cycle by defining
every-sprint requirements, one-time requirements, bucket requirements, and
final security review requirements. Which type of requirement states that all user
input values must be validated by type, size, and range?
- Every-sprint requirement
The software security group is conducting a maturity assessment using the
Building Security in Maturity Model (BSIMM). They are currently focused on
reviewing security testing results from recently completed initiatives.Which
BSIMM domain is being assessed?
- Software security development life cycle (SSDL) touchpoints
The organization is moving from a waterfall to an agile software development
methodology, so the software security group must adapt the security
development life cycle as well. They have decided to break out security
,WGU D487 SECURE SW DESIGN PRACTICE EXAM
2025 ACTUAL EXAM 2 VERSIONS (VERSION A AND B)
COMPLETE ACCURATE EXAM QUESTIONS WITH
DETAILED VERIFIED ANSWERS (100% CORRECT
ANSWERS) /ALREADY GRADED A+
requirements and deliverables to fit better in the iterative life cycle by defining
every-sprint requirements, one-time requirements, bucket requirements, and
final security review requirements. Which type of requirement states that the
team must perform remote procedure call (RPC) fuzz testing?
- Bucket requirement
1.BSIMM
- ANSWER-Building Security In Maturity Model
Studies real-world software security initiatives for benchmarking
2.SAMM
- ANSWER-Software Assurance Maturity Model
3.BSIMM Four Domains –
ANSWER-🏛️ Governance: Strategy, compliance, training programs
Intelligence: Attack models, security features, standards research
🔨 SSDL Touchpoints: Hands-on security activities (code review, testing)
🚀 Deployment: Configuration management, vulnerability management
4.STRIDE Threat Modeling
, WGU D487 SECURE SW DESIGN PRACTICE EXAM
2025 ACTUAL EXAM 2 VERSIONS (VERSION A AND B)
COMPLETE ACCURATE EXAM QUESTIONS WITH
DETAILED VERIFIED ANSWERS (100% CORRECT
ANSWERS) /ALREADY GRADED A+
- ANSWER-Spoofing: Identity impersonation attacks
Tampering: Unauthorized data modification
Repudiation: Denial of performed actions
Information Disclosure: Unauthorized data access
Denial of Service: Service availability attacks
Elevation of Privilege: Unauthorized access escalation
Purpose - Threat Categorization
5.STRIDE-per-element
- ANSWER-Analyze each individual component/object
6.STRIDE-per-process:
- ANSWER-Focus only on processes
7.STRIDE-per-trust-boundary
- ANSWER-Analyze security boundary crossings
8.STRIDE-per-interaction
- ANSWER-Focus on data flows between components
2025 ACTUAL EXAM 2 VERSIONS (VERSION A AND B)
COMPLETE ACCURATE EXAM QUESTIONS WITH
DETAILED VERIFIED ANSWERS (100% CORRECT
ANSWERS) /ALREADY GRADED A+
After determining a reported vulnerability was a credible claim, the product
security incident response team (PSIRT) worked with development teams to
create and test a patch. The patch is scheduled to be released at the end of the
month.What is the response team's next step?
- Notify customers that the fix is available
The organization is moving from a waterfall to an agile software development
methodology, so the software security group must adapt the security
development life cycle as well. They have decided to break out security
requirements and deliverables to fit better in the iterative life cycle by defining
every-sprint requirements, one-time requirements, bucket requirements, and
final security review requirements. Which type of requirement states that all user
input values must be validated by type, size, and range?
- Every-sprint requirement
The software security group is conducting a maturity assessment using the
Building Security in Maturity Model (BSIMM). They are currently focused on
reviewing security testing results from recently completed initiatives.Which
BSIMM domain is being assessed?
- Software security development life cycle (SSDL) touchpoints
The organization is moving from a waterfall to an agile software development
methodology, so the software security group must adapt the security
development life cycle as well. They have decided to break out security
,WGU D487 SECURE SW DESIGN PRACTICE EXAM
2025 ACTUAL EXAM 2 VERSIONS (VERSION A AND B)
COMPLETE ACCURATE EXAM QUESTIONS WITH
DETAILED VERIFIED ANSWERS (100% CORRECT
ANSWERS) /ALREADY GRADED A+
requirements and deliverables to fit better in the iterative life cycle by defining
every-sprint requirements, one-time requirements, bucket requirements, and
final security review requirements. Which type of requirement states that the
team must perform remote procedure call (RPC) fuzz testing?
- Bucket requirement
1.BSIMM
- ANSWER-Building Security In Maturity Model
Studies real-world software security initiatives for benchmarking
2.SAMM
- ANSWER-Software Assurance Maturity Model
3.BSIMM Four Domains –
ANSWER-🏛️ Governance: Strategy, compliance, training programs
Intelligence: Attack models, security features, standards research
🔨 SSDL Touchpoints: Hands-on security activities (code review, testing)
🚀 Deployment: Configuration management, vulnerability management
4.STRIDE Threat Modeling
, WGU D487 SECURE SW DESIGN PRACTICE EXAM
2025 ACTUAL EXAM 2 VERSIONS (VERSION A AND B)
COMPLETE ACCURATE EXAM QUESTIONS WITH
DETAILED VERIFIED ANSWERS (100% CORRECT
ANSWERS) /ALREADY GRADED A+
- ANSWER-Spoofing: Identity impersonation attacks
Tampering: Unauthorized data modification
Repudiation: Denial of performed actions
Information Disclosure: Unauthorized data access
Denial of Service: Service availability attacks
Elevation of Privilege: Unauthorized access escalation
Purpose - Threat Categorization
5.STRIDE-per-element
- ANSWER-Analyze each individual component/object
6.STRIDE-per-process:
- ANSWER-Focus only on processes
7.STRIDE-per-trust-boundary
- ANSWER-Analyze security boundary crossings
8.STRIDE-per-interaction
- ANSWER-Focus on data flows between components
