Escrito por estudiantes que aprobaron Inmediatamente disponible después del pago Leer en línea o como PDF ¿Documento equivocado? Cámbialo gratis 4,6 TrustPilot
logo-home
Examen

WGU D487 Secure Software Design Test Bank | Verified Questions & Rationales | Grade A+

Puntuación
-
Vendido
-
Páginas
69
Grado
A+
Subido en
14-02-2026
Escrito en
2025/2026

Download the WGU D487 Secure Software Design Exam Questions and Correct Answers with Rationales Graded A+ Latest after making the Purchase. In Case You Encounter Difficulties Downloading the WGU D487 Secure Software Design Verified Exam Questions and Answers with Rationales, please Feel Free To Reach Out To Me. I Will gladly Send It To You. The WGU D487 Secure Software Design test bank is a comprehensive preparation resource designed to help students succeed in cybersecurity and software development assessments. This WGU D487 Secure Software Design exam questions and verified answers resource includes exam-style questions, correct answers, and detailed rationales covering secure coding principles, threat modeling, risk mitigation, authentication mechanisms, encryption standards, vulnerability management, and secure software development lifecycle (SDLC) practices. The WGU D487 Grade A+ verified test bank provides realistic practice scenarios that strengthen analytical thinking, secure design strategies, and risk-based decision-making skills. With the WGU D487 Secure Software Design correct answers and rationales, learners can reinforce core cybersecurity development concepts, identify weak areas, and build confidence before assessment. This WGU D487 Secure Software Design comprehensive study guide and test bank ensures structured review, mastery of secure architecture principles, and preparation aligned with the latest course objectives.

Mostrar más Leer menos
Institución
WGU D487 Secure Software Design
Grado
WGU D487 Secure Software Design

Vista previa del contenido

WGU D487 SECURE SOFTWARE DESIGN EXAM
QUESTIONS AND CORRECT ANSWERS WITH
RATIONALES GRADED A+ LATEST



1. Which of the following best describes the principle of least privilege?

A. Users can access all resources but must authenticate first
B. Applications are granted only the permissions necessary to perform their tasks
C. Developers should have admin access to simplify testing
D. Only privileged users can perform security testing
Correct Answer: B
Rationale: Least privilege limits access rights for users and applications to only what
is strictly necessary to perform their tasks, reducing the attack surface.



2. In a threat model, which step comes first?

A. Identifying mitigations
B. Defining the system and boundaries
C. Running penetration tests
D. Reviewing compliance requirements
Correct Answer: B
Rationale: Threat modeling begins with defining the system, its boundaries, data flows,
and trust levels before identifying threats or mitigations.




1|Page

,3. A web application stores user passwords using SHA-256 without a salt. What is
the primary risk?

A. Data cannot be decrypted
B. Passwords can be easily reversed using rainbow tables
C. It violates PCI DSS
D. It prevents hashing collisions
Correct Answer: B
Rationale: Unsalted hashes are vulnerable to rainbow table attacks because identical
passwords produce identical hashes, allowing attackers to precompute common
passwords.



4. Which of the following is the most secure method for storing session
identifiers?

A. In local storage
B. In cookies with HttpOnly and Secure flags
C. In a hidden form field
D. In the URL query string
Correct Answer: B
Rationale: Cookies with HttpOnly and Secure flags protect against XSS and ensure
transmission only over HTTPS, making them the most secure option.



5. A developer is designing an API that handles sensitive medical records. Which
security control should be implemented first?

A. Rate limiting
B. Input validation
C. Encryption in transit and at rest
D. Logging
Correct Answer: C
Rationale: Protecting sensitive medical data requires encryption both in transit and at
rest as a foundational control before additional protections.

2|Page

,6. What is the purpose of a Web Application Firewall (WAF)?

A. Encrypts all application data
B. Detects and blocks malicious HTTP traffic
C. Manages user authentication
D. Automatically patches vulnerabilities
Correct Answer: B
Rationale: A WAF filters, monitors, and blocks HTTP traffic to protect web applications
from attacks like SQL injection and XSS.



7. Which of the following best describes “defense in depth”?

A. Using one strong security control
B. Layering multiple security controls
C. Relying solely on perimeter defenses
D. Encrypting data only at rest
Correct Answer: B
Rationale: Defense in depth uses multiple layers of security controls so if one fails,
others still protect the system.



8. Which type of testing is most appropriate for identifying insecure direct object
references (IDOR)?

A. Static code analysis
B. Dynamic application security testing
C. Manual authorization testing
D. Unit testing
Correct Answer: C
Rationale: Manual authorization testing is the most effective way to detect IDOR by
attempting access to resources without proper permissions.



3|Page

, 9. Scenario: A company must comply with GDPR. What is the most important security
design concept to include?

A. Data minimization
B. Open-source components
C. Frequent backups
D. Centralized logging
Correct Answer: A
Rationale: GDPR requires minimizing personal data collection and storage. Data
minimization reduces risk and ensures compliance.



10. Which of the following is the best way to prevent SQL injection?

A. Escaping user input
B. Using prepared statements and parameterized queries
C. Disabling database logs
D. Encrypting the database
Correct Answer: B
Rationale: Prepared statements ensure user input is treated as data, not executable SQL,
which prevents SQL injection.



11. What is the primary purpose of input validation?

A. To reduce network latency
B. To ensure user input is safe and expected
C. To encrypt user data
D. To generate session tokens
Correct Answer: B
Rationale: Input validation ensures data conforms to expected format and content,
preventing injection and other attacks.




4|Page

Escuela, estudio y materia

Institución
WGU D487 Secure Software Design
Grado
WGU D487 Secure Software Design

Información del documento

Subido en
14 de febrero de 2026
Número de páginas
69
Escrito en
2025/2026
Tipo
Examen
Contiene
Preguntas y respuestas

Temas

  • wgu d487 cybersecurity
$17.49
Accede al documento completo:

¿Documento equivocado? Cámbialo gratis Dentro de los 14 días posteriores a la compra y antes de descargarlo, puedes elegir otro documento. Puedes gastar el importe de nuevo.
Escrito por estudiantes que aprobaron
Inmediatamente disponible después del pago
Leer en línea o como PDF

Conoce al vendedor

Seller avatar
Los indicadores de reputación están sujetos a la cantidad de artículos vendidos por una tarifa y las reseñas que ha recibido por esos documentos. Hay tres niveles: Bronce, Plata y Oro. Cuanto mayor reputación, más podrás confiar en la calidad del trabajo del vendedor.
Dokkie247 California State University - East Bay
Ver perfil
Seguir Necesitas iniciar sesión para seguir a otros usuarios o asignaturas
Vendido
306
Miembro desde
1 año
Número de seguidores
7
Documentos
1060
Última venta
3 días hace
Dokkie247

Dokkie247 Test Banks and Practice Exams Struggling to find the perfect study materials? Welcome to Dokkie247! We specialize in delivering high-quality test banks, practice exams, and study resources to make exam prep stress-free and effective. Tip: Success doesn’t happen by chance. It happens by choice. Choose Dokkie247 Test Banks and Practice Exams! Study smart, not hard. Your success story starts here! Let’s make exam success your new normal.

Lee mas Leer menos
4.4

72 reseñas

5
52
4
8
3
4
2
2
1
6

Recientemente visto por ti

Por qué los estudiantes eligen Stuvia

Creado por compañeros estudiantes, verificado por reseñas

Calidad en la que puedes confiar: escrito por estudiantes que aprobaron y evaluado por otros que han usado estos resúmenes.

¿No estás satisfecho? Elige otro documento

¡No te preocupes! Puedes elegir directamente otro documento que se ajuste mejor a lo que buscas.

Paga como quieras, empieza a estudiar al instante

Sin suscripción, sin compromisos. Paga como estés acostumbrado con tarjeta de crédito y descarga tu documento PDF inmediatamente.

Student with book image

“Comprado, descargado y aprobado. Así de fácil puede ser.”

Alisha Student

Preguntas frecuentes