WGU D487 SECURE SW DESIGN OA EXAM QUESTIONS AND ANSWERS
LATEST UPDATED 2025/2026 ALL ANSWERS 100% ACCURATE BEST
RATED A+ FOR SUCCESS
How should you rank an organization's threats? - CORRECT ANSWERS based on their
probability and damage potential.
What does DREAD stand for? - CORRECT ANSWERS damage potential, reproducibility,
exploitability, affected users, and discoverability
What is a weakness that can be exploited? - CORRECT ANSWERS vulnerability
What is a unified conceptual framework for security auditing? - CORRECT ANSWERS
Trike Threat Model
What is the path an attacker can take to exploit a vulnerability? - CORRECT ANSWERS
threat vector
What is reusable software developed externally from the organization's platforms? -
CORRECT ANSWERS third party codes
What is maliciously changing or modifying persistent data? - CORRECT ANSWERS
Tampering
What defines what needs to be protected and how it will be protected? - CORRECT
ANSWERS software security policy
What is performing illegal operations in a system that lacks the ability to trace the prohibited
operations? - CORRECT ANSWERS repudiation
What is determining the fundamental functions of an app? - CORRECT ANSWERS
application decomposition
,WGU D487 SECURE SW DESIGN OA EXAM QUESTIONS AND ANSWERS
LATEST UPDATED 2025/2026 ALL ANSWERS 100% ACCURATE BEST
RATED A+ FOR SUCCESS
What are threat models focused around senior management and protecting the assets of an
organization? - CORRECT ANSWERS asset-centric threat modeling
What are threat models that start with visualizing the application you are building? -
CORRECT ANSWERS application-centric threat modeling
During what phase of the SDL is any policy that exists outside of the SDL policy is reviewed? -
CORRECT ANSWERS A3 Design and Development
A software security team member has been tasked with creating a threat model for the login
process of a new product. What is the first step the team member should take? - CORRECT
ANSWERS identify security objectives
What is the reason software security teams host discovery meetings with stakeholders early in
the development life cycle? - CORRECT ANSWERS To ensure that security is built into
the product from the start
Why should a security team provide documented certification requirements during the
software assessment phase? - CORRECT ANSWERS Depending on the environment in
which the product resides, certifications may be required by corporate or government entities
before the software can be released to customers.
What are two items that should be included in the privacy impact assessment plan regardless of
which methodology is used? - CORRECT ANSWERS Required process steps,
technologies and techniques
What are the goals of the product risk profile in the SDL deliverable? - CORRECT
ANSWERS Estimate the actual cost of the product
, WGU D487 SECURE SW DESIGN OA EXAM QUESTIONS AND ANSWERS
LATEST UPDATED 2025/2026 ALL ANSWERS 100% ACCURATE BEST
RATED A+ FOR SUCCESS
What are the goals of the SDL project outline in the SDL deliverable? - CORRECT
ANSWERS map security activities to the development schedule
What are the goals of the threat profile in the SDL deliverable? - CORRECT ANSWERS
Guide security activities to protect the product from vulnerabilities
What are the goals of listing the third party software in the SDL deliverable? - CORRECT
ANSWERS identify dependence on unmanaged software
What is a threat action that is designed to illegally access and use another person's credentials?
- CORRECT ANSWERS Spoofing
Which shape indicates the external elements in the flow diagram? - CORRECT ANSWERS
rectangle
Which shape indicates the data storage in the flow diagram? - CORRECT ANSWERS two
parallel horizontal lines
Which shape indicates the data flow in the flow diagram? - CORRECT ANSWERS single
solid line with an arrow
Which shape indicates the trust boundary in the flow diagram? - CORRECT ANSWERS
dashed line
What are the two deliverables of the Architecture phase of the SDL? - CORRECT
ANSWERS threat modeling artifacts, policy compliance analysis
LATEST UPDATED 2025/2026 ALL ANSWERS 100% ACCURATE BEST
RATED A+ FOR SUCCESS
How should you rank an organization's threats? - CORRECT ANSWERS based on their
probability and damage potential.
What does DREAD stand for? - CORRECT ANSWERS damage potential, reproducibility,
exploitability, affected users, and discoverability
What is a weakness that can be exploited? - CORRECT ANSWERS vulnerability
What is a unified conceptual framework for security auditing? - CORRECT ANSWERS
Trike Threat Model
What is the path an attacker can take to exploit a vulnerability? - CORRECT ANSWERS
threat vector
What is reusable software developed externally from the organization's platforms? -
CORRECT ANSWERS third party codes
What is maliciously changing or modifying persistent data? - CORRECT ANSWERS
Tampering
What defines what needs to be protected and how it will be protected? - CORRECT
ANSWERS software security policy
What is performing illegal operations in a system that lacks the ability to trace the prohibited
operations? - CORRECT ANSWERS repudiation
What is determining the fundamental functions of an app? - CORRECT ANSWERS
application decomposition
,WGU D487 SECURE SW DESIGN OA EXAM QUESTIONS AND ANSWERS
LATEST UPDATED 2025/2026 ALL ANSWERS 100% ACCURATE BEST
RATED A+ FOR SUCCESS
What are threat models focused around senior management and protecting the assets of an
organization? - CORRECT ANSWERS asset-centric threat modeling
What are threat models that start with visualizing the application you are building? -
CORRECT ANSWERS application-centric threat modeling
During what phase of the SDL is any policy that exists outside of the SDL policy is reviewed? -
CORRECT ANSWERS A3 Design and Development
A software security team member has been tasked with creating a threat model for the login
process of a new product. What is the first step the team member should take? - CORRECT
ANSWERS identify security objectives
What is the reason software security teams host discovery meetings with stakeholders early in
the development life cycle? - CORRECT ANSWERS To ensure that security is built into
the product from the start
Why should a security team provide documented certification requirements during the
software assessment phase? - CORRECT ANSWERS Depending on the environment in
which the product resides, certifications may be required by corporate or government entities
before the software can be released to customers.
What are two items that should be included in the privacy impact assessment plan regardless of
which methodology is used? - CORRECT ANSWERS Required process steps,
technologies and techniques
What are the goals of the product risk profile in the SDL deliverable? - CORRECT
ANSWERS Estimate the actual cost of the product
, WGU D487 SECURE SW DESIGN OA EXAM QUESTIONS AND ANSWERS
LATEST UPDATED 2025/2026 ALL ANSWERS 100% ACCURATE BEST
RATED A+ FOR SUCCESS
What are the goals of the SDL project outline in the SDL deliverable? - CORRECT
ANSWERS map security activities to the development schedule
What are the goals of the threat profile in the SDL deliverable? - CORRECT ANSWERS
Guide security activities to protect the product from vulnerabilities
What are the goals of listing the third party software in the SDL deliverable? - CORRECT
ANSWERS identify dependence on unmanaged software
What is a threat action that is designed to illegally access and use another person's credentials?
- CORRECT ANSWERS Spoofing
Which shape indicates the external elements in the flow diagram? - CORRECT ANSWERS
rectangle
Which shape indicates the data storage in the flow diagram? - CORRECT ANSWERS two
parallel horizontal lines
Which shape indicates the data flow in the flow diagram? - CORRECT ANSWERS single
solid line with an arrow
Which shape indicates the trust boundary in the flow diagram? - CORRECT ANSWERS
dashed line
What are the two deliverables of the Architecture phase of the SDL? - CORRECT
ANSWERS threat modeling artifacts, policy compliance analysis
