WGU D487 SECURE SOFTWARE
DESIGN EXAM | QUESTIONS AND
VERIFIED ANSWERS RATED A+ |
LATEST 2025/2026 GUIDE
A company developing software for the European market needs to
comply with GDPR. Which requirement should be a priority to align with
GDPR?
A) Limiting user authentication to reduce security complexity
B) Ensuring data subjects have control over their personal data and the
right to be forgotten
C) Allowing unrestricted data sharing with third parties
D) Storing all data without regard for user consent
- Correct Answer - B) Ensuring data subjects have control over their
personal data and the right to be forgotten
Which of the following best describes the role of compliance
requirements in secure software development?
A) Compliance requirements are optional and may be disregarded to
reduce project scope
B) Compliance requirements ensure the software meets industry and
legal standards, protecting both the organization and users
C) Compliance requirements are only relevant in the testing phase
D) Compliance requirements are used solely for auditing and not
necessary for development
,- Correct Answer - B) Compliance requirements ensure the software
meets industry and legal standards, protecting both the organization and
users
A project team is developing software that processes sensitive customer
information. To secure this data, the team decides to categorize it based
on sensitivity levels. Why is this categorization essential in data
protection?
A) It allows the team to ignore security requirements for low-sensitivity
data
B) It enables the team to apply appropriate security controls based on
data sensitivity, ensuring high-risk data is more protected
C) It removes the need for data access controls
D) It minimizes the importance of encrypting sensitive data
- Correct Answer - B) It enables the team to apply appropriate security
controls based on data sensitivity, ensuring high-risk data is more
protected
As part of a data protection strategy, a security analyst suggests
classifying data to determine ownership and access levels. Why is
identifying data ownership important?
A) It allows only the development team to access data
B) It clarifies accountability for data security and helps set permissions
based on data ownership
,C) It eliminates the need to monitor data access logs
D) It restricts data handling to a single user
- Correct Answer - B) It clarifies accountability for data security and helps
set permissions based on data ownership
The development team is required to implement data protection for both
structured and unstructured data. What is one critical reason for
protecting unstructured data, such as documents or emails?
A) Unstructured data is less valuable, so protection is optional
B) Unstructured data often contains sensitive information that, if
exposed, could lead to security breaches
C) Structured data alone requires protection for regulatory compliance
D) Data protection applies only to structured formats
- Correct Answer - B) Unstructured data often contains sensitive
information that, if exposed, could lead to security breaches
A software application requires access controls to limit data access to
authorized users. What is the primary purpose of implementing access
controls as part of data protection?
A) To simplify the data access process for all users
B) To restrict data access to individuals based on their role and need,
ensuring sensitive data remains protected
C) To allow unrestricted data access for internal users
D) To ensure that all users have equal access to data
, - Correct Answer - B) To restrict data access to individuals based on their
role and need, ensuring sensitive data remains protected
As part of data protection efforts, the team is tasked with establishing
guidelines for sensitive data. Which guideline is most critical for
protecting sensitive data?
A) Limiting all users from accessing data
B) Encrypting sensitive data to prevent unauthorized access
C) Allowing sensitive data to be shared freely within the organization
D) Storing all sensitive data in plaintext for easy access
- Correct Answer - B) Encrypting sensitive data to prevent unauthorized
access
As part of a secure data lifecycle strategy, the team is instructed to apply
protections to data from its creation to its disposal. Why is it essential to
manage data protection throughout its entire lifecycle?
A) To ensure data protection only during high-use phases
B) To provide continuous security and compliance at each stage, from
creation to disposal
C) To limit data protection efforts to storage phases only
D) To allow data to be securely deleted at any time without additional
processes
- Correct Answer - B) To provide continuous security and compliance at
each stage, from creation to disposal
DESIGN EXAM | QUESTIONS AND
VERIFIED ANSWERS RATED A+ |
LATEST 2025/2026 GUIDE
A company developing software for the European market needs to
comply with GDPR. Which requirement should be a priority to align with
GDPR?
A) Limiting user authentication to reduce security complexity
B) Ensuring data subjects have control over their personal data and the
right to be forgotten
C) Allowing unrestricted data sharing with third parties
D) Storing all data without regard for user consent
- Correct Answer - B) Ensuring data subjects have control over their
personal data and the right to be forgotten
Which of the following best describes the role of compliance
requirements in secure software development?
A) Compliance requirements are optional and may be disregarded to
reduce project scope
B) Compliance requirements ensure the software meets industry and
legal standards, protecting both the organization and users
C) Compliance requirements are only relevant in the testing phase
D) Compliance requirements are used solely for auditing and not
necessary for development
,- Correct Answer - B) Compliance requirements ensure the software
meets industry and legal standards, protecting both the organization and
users
A project team is developing software that processes sensitive customer
information. To secure this data, the team decides to categorize it based
on sensitivity levels. Why is this categorization essential in data
protection?
A) It allows the team to ignore security requirements for low-sensitivity
data
B) It enables the team to apply appropriate security controls based on
data sensitivity, ensuring high-risk data is more protected
C) It removes the need for data access controls
D) It minimizes the importance of encrypting sensitive data
- Correct Answer - B) It enables the team to apply appropriate security
controls based on data sensitivity, ensuring high-risk data is more
protected
As part of a data protection strategy, a security analyst suggests
classifying data to determine ownership and access levels. Why is
identifying data ownership important?
A) It allows only the development team to access data
B) It clarifies accountability for data security and helps set permissions
based on data ownership
,C) It eliminates the need to monitor data access logs
D) It restricts data handling to a single user
- Correct Answer - B) It clarifies accountability for data security and helps
set permissions based on data ownership
The development team is required to implement data protection for both
structured and unstructured data. What is one critical reason for
protecting unstructured data, such as documents or emails?
A) Unstructured data is less valuable, so protection is optional
B) Unstructured data often contains sensitive information that, if
exposed, could lead to security breaches
C) Structured data alone requires protection for regulatory compliance
D) Data protection applies only to structured formats
- Correct Answer - B) Unstructured data often contains sensitive
information that, if exposed, could lead to security breaches
A software application requires access controls to limit data access to
authorized users. What is the primary purpose of implementing access
controls as part of data protection?
A) To simplify the data access process for all users
B) To restrict data access to individuals based on their role and need,
ensuring sensitive data remains protected
C) To allow unrestricted data access for internal users
D) To ensure that all users have equal access to data
, - Correct Answer - B) To restrict data access to individuals based on their
role and need, ensuring sensitive data remains protected
As part of data protection efforts, the team is tasked with establishing
guidelines for sensitive data. Which guideline is most critical for
protecting sensitive data?
A) Limiting all users from accessing data
B) Encrypting sensitive data to prevent unauthorized access
C) Allowing sensitive data to be shared freely within the organization
D) Storing all sensitive data in plaintext for easy access
- Correct Answer - B) Encrypting sensitive data to prevent unauthorized
access
As part of a secure data lifecycle strategy, the team is instructed to apply
protections to data from its creation to its disposal. Why is it essential to
manage data protection throughout its entire lifecycle?
A) To ensure data protection only during high-use phases
B) To provide continuous security and compliance at each stage, from
creation to disposal
C) To limit data protection efforts to storage phases only
D) To allow data to be securely deleted at any time without additional
processes
- Correct Answer - B) To provide continuous security and compliance at
each stage, from creation to disposal
