WGU D487 OA EXAM QUESTIONS AND CORRECT
ANSWERS (100% VERIFIED) D487 SECURE SOFTWARE
DESIGN - OBJECTIVE ASSESSMENT | LATEST 2026-2027
UPDATE | GRADED A+ | GUARANTEED SUCCESS.
Which design and development deliverable details the progress of personal
information requirements created in earlier phases of the security development
lifecycle?
-Privacy compliance report
-Security testing reports
-Remediation report
-Security test execution report - ANSWER--Privacy compliance report
Which design and development deliverable contains technical and executive
level reports detailing any newly identified vulnerabilities?
-Updated threat modeling artifacts
-Privacy implementation assessment results
-Security test plans
-Design security review - ANSWER--Updated threat modeling artifacts
Which programming language is highly susceptible to buffer overflow
vulnerabilities?
-C++
,-
-Javascript
-C#
Java - ANSWER--C++
Which type of software testing is being performed when an analyst executes a
series of test cases based on application requirements?
-Unit testing
-Regression testing
-Integration testing
-Functional testing - ANSWER--Functional testing
A security tester changed the application URL from
www.app.com/account?id='3' to www.app.com/account?id='3 or 1=1', which
returned a collection of account information. Database logs showed that the
query that was executed was SELECT * FROM ACCOUNTS WHERE
accountId=3 or 1=1. How should existing security controls be adjusted to
prevent this in the future?
-Ensure server-side queries are parameterized
-Ensure all requests and responses are encrypted
-Ensure sensitive transactions can be traced through a audit log
-Ensure database service accounts do not have administrative access -
ANSWER--Ensure serverside queries are parameterized
, -
What is the first step of the SDLC/SDL code review process?
-Identify security code review objectives
-Perform preliminary scan
-Review code for security issues
-Review for security issues unique to the architecture - ANSWER--Identify
security code review objectives
A potential threat was discovered during functional testing of a file upload
component when a QA analyst was allowed to upload a shell script. Users
should only be allowed to upload image files. How should existing security
controls be adjusted to prevent this in the future?
-Validate all user input
-Enforce role-based authorization
-Ensure all data is encrypted in transit
-Force users to re-authenticate when accessing critical functionality -
ANSWER--Validate all user input
An organizational security review discovered multiple database instances that
were installed using publicly available default settings, including security and
access. How should the organization remediate this vulnerability?
-Ensure default accounts and passwords are disabled or removed
-Ensure auditing and logging is enabled on all servers
-Ensure access to configuration files is limited to administrators
ANSWERS (100% VERIFIED) D487 SECURE SOFTWARE
DESIGN - OBJECTIVE ASSESSMENT | LATEST 2026-2027
UPDATE | GRADED A+ | GUARANTEED SUCCESS.
Which design and development deliverable details the progress of personal
information requirements created in earlier phases of the security development
lifecycle?
-Privacy compliance report
-Security testing reports
-Remediation report
-Security test execution report - ANSWER--Privacy compliance report
Which design and development deliverable contains technical and executive
level reports detailing any newly identified vulnerabilities?
-Updated threat modeling artifacts
-Privacy implementation assessment results
-Security test plans
-Design security review - ANSWER--Updated threat modeling artifacts
Which programming language is highly susceptible to buffer overflow
vulnerabilities?
-C++
,-
-Javascript
-C#
Java - ANSWER--C++
Which type of software testing is being performed when an analyst executes a
series of test cases based on application requirements?
-Unit testing
-Regression testing
-Integration testing
-Functional testing - ANSWER--Functional testing
A security tester changed the application URL from
www.app.com/account?id='3' to www.app.com/account?id='3 or 1=1', which
returned a collection of account information. Database logs showed that the
query that was executed was SELECT * FROM ACCOUNTS WHERE
accountId=3 or 1=1. How should existing security controls be adjusted to
prevent this in the future?
-Ensure server-side queries are parameterized
-Ensure all requests and responses are encrypted
-Ensure sensitive transactions can be traced through a audit log
-Ensure database service accounts do not have administrative access -
ANSWER--Ensure serverside queries are parameterized
, -
What is the first step of the SDLC/SDL code review process?
-Identify security code review objectives
-Perform preliminary scan
-Review code for security issues
-Review for security issues unique to the architecture - ANSWER--Identify
security code review objectives
A potential threat was discovered during functional testing of a file upload
component when a QA analyst was allowed to upload a shell script. Users
should only be allowed to upload image files. How should existing security
controls be adjusted to prevent this in the future?
-Validate all user input
-Enforce role-based authorization
-Ensure all data is encrypted in transit
-Force users to re-authenticate when accessing critical functionality -
ANSWER--Validate all user input
An organizational security review discovered multiple database instances that
were installed using publicly available default settings, including security and
access. How should the organization remediate this vulnerability?
-Ensure default accounts and passwords are disabled or removed
-Ensure auditing and logging is enabled on all servers
-Ensure access to configuration files is limited to administrators
