WGU D487 Software Security and Development Lifecycle
OBJECTIVE ASSESSMENT Comprehensive Resource
To Help You Ace 2026-2027 Includes Frequently
Tested Questions With ELABORATED 100% Correct
COMPLETE SOLUTIONS
Guaranteed Pass First Attempt!!
Current Update!!
1. Which SDLC phase focuses on releasing security controls and protections
into the production environment?
A. Design Phase
B. Implementation Phase
C. Deployment Phase
D. Maintenance Phase
Correct Answer: C
2. During which SDLC phase are requirements translated into a technical
design?
A. Planning Phase
B. Design Phase
C. Deployment Phase
D. Maintenance Phase
Correct Answer: B
3. Which SDLC phase determines the resources involved in building the
application from known inputs?
A. Design Phase
B. Implementation Phase
C. Testing Phase
, D. Maintenance Phase
Correct Answer: B
4. Which SDLC phase focuses on ongoing monitoring and updates to ensure
continued security?
A. Deployment Phase
B. Testing Phase
C. Maintenance Phase
D. End-of-Life Phase
Correct Answer: C
5. Which SDLC phase establishes the vision, scope, and next steps of a
project?
A. Requirements Phase
B. Design Phase
C. Planning Phase
D. Implementation Phase
Correct Answer: C
6. What best describes secure code?
A. Code that runs efficiently
B. Code optimized for performance
C. Code written following security best practices to prevent vulnerabilities
D. Code reviewed after deployment
Correct Answer: C
7. Threat modeling is best defined as:
A. Testing deployed applications
B. A structured process to identify and protect against vulnerabilities
C. Writing secure code
D. Monitoring system logs
Correct Answer: B
8. What are the three core elements of information security (CIA Triad)?
A. Confidentiality, Integrity, Authentication
, B. Confidentiality, Integrity, Availability
C. Authentication, Authorization, Accounting
D. Integrity, Availability, Authorization
Correct Answer: B
9. Which of the following correctly lists the eight phases of the SDLC?
A. Planning, Design, Coding, Testing, Deployment, Maintenance
B. Requirements, Design, Implementation, Testing, Review
C. Planning, Requirements, Design, Implementation, Testing, Deployment,
Maintenance, End of Life
D. Concept, Build, Test, Release, Monitor
Correct Answer: C
10.Software security primarily focuses on:
A. Protecting hardware devices
B. Securing the foundational logic and code of software
C. Managing network traffic
D. End-user training
Correct Answer: B
11.Which CIA principle prevents unauthorized users from accessing sensitive
information?
A. Integrity
B. Availability
C. Confidentiality
D. Authentication
Correct Answer: C
12.BSIMM is best described as:
A. A security testing tool
B. A regulatory compliance framework
C. A study of real-world software security practices
D. A vulnerability scanning standard
Correct Answer: C
, 13.Dynamic analysis is performed:
A. By reviewing source code only
B. Without executing the program
C. While the program is running in real time
D. After deployment only
Correct Answer: C
14.Fuzz testing involves:
A. Reviewing documentation
B. Supplying invalid or random data to an application
C. Manual penetration testing
D. Reviewing access controls
Correct Answer: B
15.The measure model in software security refers to:
A. Encryption standards
B. A set of data security methods used to protect against vulnerabilities
C. Performance benchmarks
D. Compliance audits
Correct Answer: B
16.A metric model allows organizations to:
A. Identify software bugs
B. Measure employee performance
C. Determine the effectiveness of security controls
D. Enforce compliance
Correct Answer: C
17.OWASP is best described as:
A. A government security agency
B. A static testing tool
C. A flexible framework for building secure software
D. A compliance regulation
Correct Answer: C
OBJECTIVE ASSESSMENT Comprehensive Resource
To Help You Ace 2026-2027 Includes Frequently
Tested Questions With ELABORATED 100% Correct
COMPLETE SOLUTIONS
Guaranteed Pass First Attempt!!
Current Update!!
1. Which SDLC phase focuses on releasing security controls and protections
into the production environment?
A. Design Phase
B. Implementation Phase
C. Deployment Phase
D. Maintenance Phase
Correct Answer: C
2. During which SDLC phase are requirements translated into a technical
design?
A. Planning Phase
B. Design Phase
C. Deployment Phase
D. Maintenance Phase
Correct Answer: B
3. Which SDLC phase determines the resources involved in building the
application from known inputs?
A. Design Phase
B. Implementation Phase
C. Testing Phase
, D. Maintenance Phase
Correct Answer: B
4. Which SDLC phase focuses on ongoing monitoring and updates to ensure
continued security?
A. Deployment Phase
B. Testing Phase
C. Maintenance Phase
D. End-of-Life Phase
Correct Answer: C
5. Which SDLC phase establishes the vision, scope, and next steps of a
project?
A. Requirements Phase
B. Design Phase
C. Planning Phase
D. Implementation Phase
Correct Answer: C
6. What best describes secure code?
A. Code that runs efficiently
B. Code optimized for performance
C. Code written following security best practices to prevent vulnerabilities
D. Code reviewed after deployment
Correct Answer: C
7. Threat modeling is best defined as:
A. Testing deployed applications
B. A structured process to identify and protect against vulnerabilities
C. Writing secure code
D. Monitoring system logs
Correct Answer: B
8. What are the three core elements of information security (CIA Triad)?
A. Confidentiality, Integrity, Authentication
, B. Confidentiality, Integrity, Availability
C. Authentication, Authorization, Accounting
D. Integrity, Availability, Authorization
Correct Answer: B
9. Which of the following correctly lists the eight phases of the SDLC?
A. Planning, Design, Coding, Testing, Deployment, Maintenance
B. Requirements, Design, Implementation, Testing, Review
C. Planning, Requirements, Design, Implementation, Testing, Deployment,
Maintenance, End of Life
D. Concept, Build, Test, Release, Monitor
Correct Answer: C
10.Software security primarily focuses on:
A. Protecting hardware devices
B. Securing the foundational logic and code of software
C. Managing network traffic
D. End-user training
Correct Answer: B
11.Which CIA principle prevents unauthorized users from accessing sensitive
information?
A. Integrity
B. Availability
C. Confidentiality
D. Authentication
Correct Answer: C
12.BSIMM is best described as:
A. A security testing tool
B. A regulatory compliance framework
C. A study of real-world software security practices
D. A vulnerability scanning standard
Correct Answer: C
, 13.Dynamic analysis is performed:
A. By reviewing source code only
B. Without executing the program
C. While the program is running in real time
D. After deployment only
Correct Answer: C
14.Fuzz testing involves:
A. Reviewing documentation
B. Supplying invalid or random data to an application
C. Manual penetration testing
D. Reviewing access controls
Correct Answer: B
15.The measure model in software security refers to:
A. Encryption standards
B. A set of data security methods used to protect against vulnerabilities
C. Performance benchmarks
D. Compliance audits
Correct Answer: B
16.A metric model allows organizations to:
A. Identify software bugs
B. Measure employee performance
C. Determine the effectiveness of security controls
D. Enforce compliance
Correct Answer: C
17.OWASP is best described as:
A. A government security agency
B. A static testing tool
C. A flexible framework for building secure software
D. A compliance regulation
Correct Answer: C
