WGU D487 EXAM | SECURE SOFTWARE
DESIGN EXAM | QUESTIONS AND
VERIFIED ANSWERS RATED A+ |
2025/2026 GUIDE
What are the 5 phases of the Security Development Life Cycle (SDL)?
- Correct Answer –
A1 - Security Assessment
A2 - Architecture
A3 - Design and Development
A4 - Design and Development
A5 - Ship
Phase A1
- Correct Answer - Security Assessment - the project team identifies the
product risks and creates a project outline for security milestones
Phase A2
- Correct Answer - Architecture - examines security from perspective of
business risks
Phase A3
,- Correct Answer - Design and Development - analyze and test software
to determine security and privacy issues as you make informed
decisions moving forward with your software
Phase A4
- Correct Answer - Design and Development - build onto the proper
process of security testing and continue to analyze necessities at the
security level
Phase A5
- Correct Answer - Ship - verifies that the product complies with security
policies
Policy Compliance Analysis
- Correct Answer - done in A5 - final review of security and compliance
requirements
Open-Source Licensing Review
- Correct Answer - done in A5 - final review of open-source software
used in the stack
Final Security Review
,- Correct Answer - done in A5 - final review of compliance against all
security requirements identified during the SDL cycle - passed, passed
with exceptions, not passed and requires escalation
Final Privacy Review
- Correct Answer - done in A5 - final review of compliance against all
privacy requirements identified during the SDL cycle
Customer Engagement Framework
- Correct Answer - defines the process for sharing security-related
information with customers
PRSA1
- Correct Answer - External Vulnerability Disclosure Response -
stakeholders are clearly identified and a RACI matrix should be created
PRSA2
- Correct Answer - Third-Party Security Reviews - security assessment
performed by groups other than internal testing teams
PRSA3
- Correct Answer - Post-Release Certifications - certifications from
external parties to demonstrate the security posture of products or
services
, PRSA4 & PRSA5
- Correct Answer - Security Strategy for Legacy Code, M&A, and EOL
Plans - strategy to mitigate security risk from legacy code and M&As
Governance (OpenSAMM function)
- Correct Answer - centered on how organizations manage overall
software development activities
Construction (OpenSAMM function)
- Correct Answer - centered around how organizations define goals and
create software within development projects
Verification (OpenSAMM function)
- Correct Answer - centered around how an organization checks and
tests artifacts produced through software development
Deployment (OpenSAMM function)
- Correct Answer - centered around how an organization releases
software
BSIMM Categories
DESIGN EXAM | QUESTIONS AND
VERIFIED ANSWERS RATED A+ |
2025/2026 GUIDE
What are the 5 phases of the Security Development Life Cycle (SDL)?
- Correct Answer –
A1 - Security Assessment
A2 - Architecture
A3 - Design and Development
A4 - Design and Development
A5 - Ship
Phase A1
- Correct Answer - Security Assessment - the project team identifies the
product risks and creates a project outline for security milestones
Phase A2
- Correct Answer - Architecture - examines security from perspective of
business risks
Phase A3
,- Correct Answer - Design and Development - analyze and test software
to determine security and privacy issues as you make informed
decisions moving forward with your software
Phase A4
- Correct Answer - Design and Development - build onto the proper
process of security testing and continue to analyze necessities at the
security level
Phase A5
- Correct Answer - Ship - verifies that the product complies with security
policies
Policy Compliance Analysis
- Correct Answer - done in A5 - final review of security and compliance
requirements
Open-Source Licensing Review
- Correct Answer - done in A5 - final review of open-source software
used in the stack
Final Security Review
,- Correct Answer - done in A5 - final review of compliance against all
security requirements identified during the SDL cycle - passed, passed
with exceptions, not passed and requires escalation
Final Privacy Review
- Correct Answer - done in A5 - final review of compliance against all
privacy requirements identified during the SDL cycle
Customer Engagement Framework
- Correct Answer - defines the process for sharing security-related
information with customers
PRSA1
- Correct Answer - External Vulnerability Disclosure Response -
stakeholders are clearly identified and a RACI matrix should be created
PRSA2
- Correct Answer - Third-Party Security Reviews - security assessment
performed by groups other than internal testing teams
PRSA3
- Correct Answer - Post-Release Certifications - certifications from
external parties to demonstrate the security posture of products or
services
, PRSA4 & PRSA5
- Correct Answer - Security Strategy for Legacy Code, M&A, and EOL
Plans - strategy to mitigate security risk from legacy code and M&As
Governance (OpenSAMM function)
- Correct Answer - centered on how organizations manage overall
software development activities
Construction (OpenSAMM function)
- Correct Answer - centered around how organizations define goals and
create software within development projects
Verification (OpenSAMM function)
- Correct Answer - centered around how an organization checks and
tests artifacts produced through software development
Deployment (OpenSAMM function)
- Correct Answer - centered around how an organization releases
software
BSIMM Categories
