WGU D487 Secure Software Design Practice Questions and Answers
Updated 2026 | Complete WGU D487 Cybersecurity Study Guide with
Verified Questions, Detailed Rationales, Secure Coding Principles, Threat
Modeling, Authentication & Authorization, Risk Management, Software
Vulnerabilities, Encryption, OWASP Security Concepts & Software Design
Exam Prep
Question 1: Which phase of the Secure SDLC is most appropriate for integrating
automated static application security testing (SAST) into the development
pipeline? A. Requirements gathering
B. Architecture design
C. Implementation and coding
D. Deployment and maintenance
CORRECT ANSWER: C. Implementation and coding
Rationale: SAST tools analyze source code, bytecode, or binaries for security
vulnerabilities without executing the program. This aligns directly with the
implementation and coding phase, where developers write and commit code, enabling
early vulnerability detection before compilation or deployment.
Question 2: When applying the principle of least privilege to a microservices
architecture, what is the most effective strategy for service-to-service
communication? A. Grant all services unrestricted network access to simplify
debugging
B. Assign each service a dedicated identity with only the permissions required for its
specific function
C. Use a shared administrative credential for all backend services
D. Disable authentication between internal services to reduce latency
CORRECT ANSWER: B. Assign each service a dedicated identity with only the
permissions required for its specific function
Rationale: Least privilege requires that every component operates with the minimum
permissions necessary. Assigning unique, scoped identities to each microservice
ensures that a compromised service cannot access unrelated systems or escalate
privileges laterally.
Question 3: Which threat modeling methodology uses a data flow diagram to
identify trust boundaries and potential attack vectors? A. STRIDE
B. PASTA
C. VAST
D. OCTAVE
CORRECT ANSWER: A. STRIDE
,Rationale: STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of
Service, Elevation of Privilege) is traditionally applied by creating data flow diagrams,
mapping trust boundaries, and systematically evaluating each component for the six
threat categories.
Question 4: In secure software design, what is the primary purpose of
implementing defense in depth? A. To reduce the overall cost of security tools by
using a single vendor
B. To ensure that if one security control fails, additional layers will continue to protect
the system
C. To eliminate the need for user authentication by relying on network perimeter security
D. To consolidate all security logging into a centralized dashboard
CORRECT ANSWER: B. To ensure that if one security control fails, additional layers
will continue to protect the system
Rationale: Defense in depth employs multiple, overlapping security controls across
different layers of an application and infrastructure. This approach mitigates the risk of
single points of failure and increases the attacker's effort required to compromise the
system.
Question 5: Which secure design principle dictates that security decisions should
be based on explicit authorization checks rather than implicit assumptions? A. Fail-
safe defaults
B. Complete mediation
C. Economy of mechanism
D. Separation of privilege
CORRECT ANSWER: B. Complete mediation
Rationale: Complete mediation requires that every access request to every resource is
checked against security policies, with no shortcuts or cached permissions bypassing
verification. This prevents unauthorized access due to assumed trust or stale session
states.
Question 6: A developer wants to prevent stored cross-site scripting (XSS) in a web
application. Which technique should be prioritized during the design phase? A.
Implementing client-side input filtering only
B. Using context-aware output encoding
C. Relying on Content Security Policy headers alone
D. Disabling JavaScript execution in the browser
CORRECT ANSWER: B. Using context-aware output encoding
Rationale: Context-aware output encoding ensures that untrusted data is safely
converted into a format that the browser will not execute as code. This must be applied
based on where the data is inserted (HTML body, attribute, JavaScript, CSS), providing
reliable protection against stored XSS.
,Question 7: Which cryptographic approach should be used to securely store user
passwords in a modern application? A. Fast symmetric encryption like AES-256
B. Reversible hashing like SHA-1 with salt
C. Memory-hard password hashing functions like Argon2id or bcrypt
D. Base64 encoding combined with a static salt
CORRECT ANSWER: C. Memory-hard password hashing functions like Argon2id or
bcrypt
Rationale: Password storage requires one-way, computationally intensive hashing
designed to resist brute-force and GPU/ASIC-based attacks. Argon2id and bcrypt
include work factors and memory-hardness specifically tailored for credential
protection.
Question 8: When designing an API gateway for a cloud-native application, which
security control best mitigates distributed denial-of-service (DDoS) attacks? A.
Enforcing strict JSON schema validation on all endpoints
B. Implementing rate limiting and request throttling based on client identity or IP
C. Requiring mutual TLS for all internal service communication
D. Logging all API requests to a centralized SIEM
CORRECT ANSWER: B. Implementing rate limiting and request throttling based on
client identity or IP
Rationale: Rate limiting and throttling control the volume of requests a client can send
within a timeframe, directly mitigating volumetric and application-layer DDoS attacks by
preventing resource exhaustion at the gateway level.
Question 9: Which design pattern ensures that sensitive operations require
multiple independent approvals to proceed? A. Singleton
B. Factory method
C. Separation of duties
D. Observer
CORRECT ANSWER: C. Separation of duties
Rationale: Separation of duties divides critical functions among multiple individuals or
systems, ensuring no single entity can complete a high-risk action alone. This reduces
insider threat risk and enforces accountability through dual control.
Question 10: In the context of secure software architecture, what does "secure by
default" primarily mean? A. The software ships with all features enabled and relies on
administrators to disable risks
B. The initial configuration requires minimal user interaction and automatically patches
itself
C. The system is configured with the most restrictive settings upon installation,
requiring explicit opt-in for permissive features
D. Security features are optional modules that users can purchase after deployment
, CORRECT ANSWER: C. The system is configured with the most restrictive settings
upon installation, requiring explicit opt-in for permissive features
Rationale: Secure by default ensures that out-of-the-box configurations minimize the
attack surface. Users must intentionally enable additional functionality, preventing
accidental exposure due to permissive default settings.
Question 11: Which vulnerability is most likely to occur when an application
concatenates user input directly into an SQL query string without
parameterization? A. Cross-site scripting
B. SQL injection
C. Server-side request forgery
D. Insecure direct object reference
CORRECT ANSWER: B. SQL injection
Rationale: Direct concatenation of untrusted input into SQL queries allows attackers to
manipulate the query structure, enabling unauthorized data access, modification, or
execution of administrative database commands.
Question 12: What is the primary security benefit of using ephemeral credentials
for cloud service access? A. They reduce storage costs by minimizing database entries
B. They automatically rotate and expire, limiting the window of exploitation if
compromised
C. They bypass multi-factor authentication requirements for faster deployment
D. They encrypt all network traffic without requiring TLS certificates
CORRECT ANSWER: B. They automatically rotate and expire, limiting the window of
exploitation if compromised
Rationale: Ephemeral credentials have short lifespans and are automatically refreshed.
If leaked or stolen, their limited validity significantly reduces the attacker's opportunity
to maintain persistent access.
Question 13: Which secure coding practice directly addresses the risk of insecure
deserialization? A. Validating file uploads by extension only
B. Using strict type checking and whitelisting allowed classes during object
reconstruction
C. Disabling all JSON parsing in the application
D. Storing serialized objects in plaintext for easier debugging
CORRECT ANSWER: B. Using strict type checking and whitelisting allowed classes
during object reconstruction
Rationale: Insecure deserialization occurs when untrusted data is used to reconstruct
objects, potentially triggering malicious code. Whitelisting permissible classes and
enforcing strict type validation prevents unexpected or dangerous object instantiation.
Updated 2026 | Complete WGU D487 Cybersecurity Study Guide with
Verified Questions, Detailed Rationales, Secure Coding Principles, Threat
Modeling, Authentication & Authorization, Risk Management, Software
Vulnerabilities, Encryption, OWASP Security Concepts & Software Design
Exam Prep
Question 1: Which phase of the Secure SDLC is most appropriate for integrating
automated static application security testing (SAST) into the development
pipeline? A. Requirements gathering
B. Architecture design
C. Implementation and coding
D. Deployment and maintenance
CORRECT ANSWER: C. Implementation and coding
Rationale: SAST tools analyze source code, bytecode, or binaries for security
vulnerabilities without executing the program. This aligns directly with the
implementation and coding phase, where developers write and commit code, enabling
early vulnerability detection before compilation or deployment.
Question 2: When applying the principle of least privilege to a microservices
architecture, what is the most effective strategy for service-to-service
communication? A. Grant all services unrestricted network access to simplify
debugging
B. Assign each service a dedicated identity with only the permissions required for its
specific function
C. Use a shared administrative credential for all backend services
D. Disable authentication between internal services to reduce latency
CORRECT ANSWER: B. Assign each service a dedicated identity with only the
permissions required for its specific function
Rationale: Least privilege requires that every component operates with the minimum
permissions necessary. Assigning unique, scoped identities to each microservice
ensures that a compromised service cannot access unrelated systems or escalate
privileges laterally.
Question 3: Which threat modeling methodology uses a data flow diagram to
identify trust boundaries and potential attack vectors? A. STRIDE
B. PASTA
C. VAST
D. OCTAVE
CORRECT ANSWER: A. STRIDE
,Rationale: STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of
Service, Elevation of Privilege) is traditionally applied by creating data flow diagrams,
mapping trust boundaries, and systematically evaluating each component for the six
threat categories.
Question 4: In secure software design, what is the primary purpose of
implementing defense in depth? A. To reduce the overall cost of security tools by
using a single vendor
B. To ensure that if one security control fails, additional layers will continue to protect
the system
C. To eliminate the need for user authentication by relying on network perimeter security
D. To consolidate all security logging into a centralized dashboard
CORRECT ANSWER: B. To ensure that if one security control fails, additional layers
will continue to protect the system
Rationale: Defense in depth employs multiple, overlapping security controls across
different layers of an application and infrastructure. This approach mitigates the risk of
single points of failure and increases the attacker's effort required to compromise the
system.
Question 5: Which secure design principle dictates that security decisions should
be based on explicit authorization checks rather than implicit assumptions? A. Fail-
safe defaults
B. Complete mediation
C. Economy of mechanism
D. Separation of privilege
CORRECT ANSWER: B. Complete mediation
Rationale: Complete mediation requires that every access request to every resource is
checked against security policies, with no shortcuts or cached permissions bypassing
verification. This prevents unauthorized access due to assumed trust or stale session
states.
Question 6: A developer wants to prevent stored cross-site scripting (XSS) in a web
application. Which technique should be prioritized during the design phase? A.
Implementing client-side input filtering only
B. Using context-aware output encoding
C. Relying on Content Security Policy headers alone
D. Disabling JavaScript execution in the browser
CORRECT ANSWER: B. Using context-aware output encoding
Rationale: Context-aware output encoding ensures that untrusted data is safely
converted into a format that the browser will not execute as code. This must be applied
based on where the data is inserted (HTML body, attribute, JavaScript, CSS), providing
reliable protection against stored XSS.
,Question 7: Which cryptographic approach should be used to securely store user
passwords in a modern application? A. Fast symmetric encryption like AES-256
B. Reversible hashing like SHA-1 with salt
C. Memory-hard password hashing functions like Argon2id or bcrypt
D. Base64 encoding combined with a static salt
CORRECT ANSWER: C. Memory-hard password hashing functions like Argon2id or
bcrypt
Rationale: Password storage requires one-way, computationally intensive hashing
designed to resist brute-force and GPU/ASIC-based attacks. Argon2id and bcrypt
include work factors and memory-hardness specifically tailored for credential
protection.
Question 8: When designing an API gateway for a cloud-native application, which
security control best mitigates distributed denial-of-service (DDoS) attacks? A.
Enforcing strict JSON schema validation on all endpoints
B. Implementing rate limiting and request throttling based on client identity or IP
C. Requiring mutual TLS for all internal service communication
D. Logging all API requests to a centralized SIEM
CORRECT ANSWER: B. Implementing rate limiting and request throttling based on
client identity or IP
Rationale: Rate limiting and throttling control the volume of requests a client can send
within a timeframe, directly mitigating volumetric and application-layer DDoS attacks by
preventing resource exhaustion at the gateway level.
Question 9: Which design pattern ensures that sensitive operations require
multiple independent approvals to proceed? A. Singleton
B. Factory method
C. Separation of duties
D. Observer
CORRECT ANSWER: C. Separation of duties
Rationale: Separation of duties divides critical functions among multiple individuals or
systems, ensuring no single entity can complete a high-risk action alone. This reduces
insider threat risk and enforces accountability through dual control.
Question 10: In the context of secure software architecture, what does "secure by
default" primarily mean? A. The software ships with all features enabled and relies on
administrators to disable risks
B. The initial configuration requires minimal user interaction and automatically patches
itself
C. The system is configured with the most restrictive settings upon installation,
requiring explicit opt-in for permissive features
D. Security features are optional modules that users can purchase after deployment
, CORRECT ANSWER: C. The system is configured with the most restrictive settings
upon installation, requiring explicit opt-in for permissive features
Rationale: Secure by default ensures that out-of-the-box configurations minimize the
attack surface. Users must intentionally enable additional functionality, preventing
accidental exposure due to permissive default settings.
Question 11: Which vulnerability is most likely to occur when an application
concatenates user input directly into an SQL query string without
parameterization? A. Cross-site scripting
B. SQL injection
C. Server-side request forgery
D. Insecure direct object reference
CORRECT ANSWER: B. SQL injection
Rationale: Direct concatenation of untrusted input into SQL queries allows attackers to
manipulate the query structure, enabling unauthorized data access, modification, or
execution of administrative database commands.
Question 12: What is the primary security benefit of using ephemeral credentials
for cloud service access? A. They reduce storage costs by minimizing database entries
B. They automatically rotate and expire, limiting the window of exploitation if
compromised
C. They bypass multi-factor authentication requirements for faster deployment
D. They encrypt all network traffic without requiring TLS certificates
CORRECT ANSWER: B. They automatically rotate and expire, limiting the window of
exploitation if compromised
Rationale: Ephemeral credentials have short lifespans and are automatically refreshed.
If leaked or stolen, their limited validity significantly reduces the attacker's opportunity
to maintain persistent access.
Question 13: Which secure coding practice directly addresses the risk of insecure
deserialization? A. Validating file uploads by extension only
B. Using strict type checking and whitelisting allowed classes during object
reconstruction
C. Disabling all JSON parsing in the application
D. Storing serialized objects in plaintext for easier debugging
CORRECT ANSWER: B. Using strict type checking and whitelisting allowed classes
during object reconstruction
Rationale: Insecure deserialization occurs when untrusted data is used to reconstruct
objects, potentially triggering malicious code. Whitelisting permissible classes and
enforcing strict type validation prevents unexpected or dangerous object instantiation.
