WGU D487 PRE-ASSESSMENT SECURE
SOFTWARE DESIGN Exam with Questions
and Correct Answers 2025
What ,is ,a ,study ,of ,real-world ,software ,security ,initiatives ,organized ,so ,companies ,can
,measure ,their ,initiatives ,and ,understand ,how ,to ,evolve ,them ,over ,time?, ,- ,CORRECT
,ANSWER-Building ,Security ,In ,Maturity ,Model ,(BSIMM)
What ,is ,the ,analysis ,of ,computer ,software ,that ,is ,performed ,without ,executing
,programs? ,- ,CORRECT ,ANSWER-Static ,analysis
Which ,International ,Organization ,for ,Standardization ,(ISO) ,standard ,is ,the ,benchmark
,for ,information ,security ,today? ,- ,CORRECT ,ANSWER-ISO/IEC ,27001.
What ,is ,the ,analysis ,of ,computer ,software ,that ,is ,performed ,by ,executing ,programs
,on ,a ,real ,or ,virtual ,processor ,in ,real ,time?, ,- ,CORRECT ,ANSWER-Dynamic ,analysis
Which ,person ,is ,responsible ,for ,designing, ,planning, ,and ,implementing ,secure ,coding
,practices ,and ,security ,testing ,methodologies? ,- ,CORRECT ,ANSWER-Software
,security ,architect
A ,company ,is ,preparing ,to ,add ,a ,new ,feature ,to ,its ,flagship ,software ,product. ,The
,new ,feature ,is ,similar ,to ,features ,that ,have ,been ,added ,in ,previous ,years, ,and ,the
,requirements ,are ,well-documented. ,The ,project ,is ,expected ,to ,last ,three ,to ,four
,months, ,at ,which ,time ,the ,new ,feature ,will ,be ,released ,to ,customers. ,Project ,team
,members ,will ,focus ,solely ,on ,the ,new ,feature ,until ,the ,project ,ends. ,Which ,software
,development ,methodology ,is ,being ,used? ,- ,CORRECT ,ANSWER-Waterfall
, A ,new ,product ,will ,require ,an ,administration ,section ,for ,a ,small ,number ,of ,users.
,Normal ,users ,will ,be ,able ,to ,view ,limited ,customer ,information ,and ,should ,not ,see
,admin ,functionality ,within ,the ,application. ,Which ,concept ,is ,being ,used? ,- ,CORRECT
,ANSWER-Principle ,of ,least ,privilege
The ,scrum ,team ,is ,attending ,their ,morning ,meeting, ,which ,is ,scheduled ,at ,the
,beginning ,of ,the ,work ,day. ,Each ,team ,member ,reports ,what ,they ,accomplished
,yesterday, ,what ,they ,plan ,to ,accomplish ,today, ,and ,if ,they ,have ,any ,impediments
,that ,may ,cause ,them ,to ,miss ,their ,delivery ,deadline. ,Which ,scrum ,ceremony ,is ,the
,team ,participating ,in? ,- ,CORRECT ,ANSWER-Daily ,Scrum
What ,is ,a ,list ,of ,information ,security ,vulnerabilities ,that ,aims ,to ,provide ,names ,for
,publicly ,known ,problems? ,- ,CORRECT ,ANSWER-Common ,computer ,vulnerabilities
,and ,exposures ,(CVE)
Which ,secure ,coding ,best ,practice ,uses ,well-tested, ,publicly ,available ,algorithms ,to
,hide ,product ,data ,from ,unauthorized ,access? ,- ,CORRECT ,ANSWER-Cryptographic
,practices
Which ,secure ,coding ,best ,practice ,uses ,well-tested, ,publicly ,available ,algorithms ,to
,hide ,product ,data ,from ,unauthorized ,access? ,- ,CORRECT ,ANSWER-Cryptographic
,practices
Which ,secure ,coding ,best ,practice ,ensures ,servers, ,frameworks, ,and ,system
,components ,are ,all ,running ,the ,latest ,approved ,versions? ,- ,CORRECT ,ANSWER-
System ,configuration
Which ,secure ,coding ,best ,practice ,says ,to ,use ,parameterized ,queries, ,encrypted
,connection ,strings ,stored ,in ,separate ,configuration ,files, ,and ,strong ,passwords ,or
,multi-factor ,authentication? ,- ,CORRECT ,ANSWER-Database ,security
Which ,secure ,coding ,best ,practice ,says ,that ,all ,information ,passed ,to ,other ,systems
,should ,be ,encrypted? ,- ,CORRECT ,ANSWER-Communication ,security
eam ,members ,are ,being ,introduced ,during ,sprint ,zero ,in ,the ,project ,kickoff ,meeting.
,The ,person ,being ,introduced ,is ,a ,member ,of ,the ,scrum ,team, ,responsible ,for ,writing
,feature ,logic ,and ,attending ,sprint ,ceremonies. ,Which ,role ,is ,the ,team ,member
,playing? ,- ,CORRECT ,ANSWER-Software ,developer
A ,software ,security ,team ,member ,has ,created ,data ,flow ,diagrams, ,chosen ,the
,STRIDE ,methodology ,to ,perform ,threat ,reviews, ,and ,created ,the ,security ,assessment
,for ,the ,new ,product. ,Which ,category ,of ,secure ,software ,best ,practices ,did ,the ,team
,member ,perform? ,- ,CORRECT ,ANSWER-Architecture ,analysis
Team ,members ,are ,being ,introduced ,during ,sprint ,zero ,in ,the ,project ,kickoff ,meeting.
,The ,person ,being ,introduced ,will ,be ,a ,facilitator, ,will ,try ,to ,remove ,roadblocks ,and
SOFTWARE DESIGN Exam with Questions
and Correct Answers 2025
What ,is ,a ,study ,of ,real-world ,software ,security ,initiatives ,organized ,so ,companies ,can
,measure ,their ,initiatives ,and ,understand ,how ,to ,evolve ,them ,over ,time?, ,- ,CORRECT
,ANSWER-Building ,Security ,In ,Maturity ,Model ,(BSIMM)
What ,is ,the ,analysis ,of ,computer ,software ,that ,is ,performed ,without ,executing
,programs? ,- ,CORRECT ,ANSWER-Static ,analysis
Which ,International ,Organization ,for ,Standardization ,(ISO) ,standard ,is ,the ,benchmark
,for ,information ,security ,today? ,- ,CORRECT ,ANSWER-ISO/IEC ,27001.
What ,is ,the ,analysis ,of ,computer ,software ,that ,is ,performed ,by ,executing ,programs
,on ,a ,real ,or ,virtual ,processor ,in ,real ,time?, ,- ,CORRECT ,ANSWER-Dynamic ,analysis
Which ,person ,is ,responsible ,for ,designing, ,planning, ,and ,implementing ,secure ,coding
,practices ,and ,security ,testing ,methodologies? ,- ,CORRECT ,ANSWER-Software
,security ,architect
A ,company ,is ,preparing ,to ,add ,a ,new ,feature ,to ,its ,flagship ,software ,product. ,The
,new ,feature ,is ,similar ,to ,features ,that ,have ,been ,added ,in ,previous ,years, ,and ,the
,requirements ,are ,well-documented. ,The ,project ,is ,expected ,to ,last ,three ,to ,four
,months, ,at ,which ,time ,the ,new ,feature ,will ,be ,released ,to ,customers. ,Project ,team
,members ,will ,focus ,solely ,on ,the ,new ,feature ,until ,the ,project ,ends. ,Which ,software
,development ,methodology ,is ,being ,used? ,- ,CORRECT ,ANSWER-Waterfall
, A ,new ,product ,will ,require ,an ,administration ,section ,for ,a ,small ,number ,of ,users.
,Normal ,users ,will ,be ,able ,to ,view ,limited ,customer ,information ,and ,should ,not ,see
,admin ,functionality ,within ,the ,application. ,Which ,concept ,is ,being ,used? ,- ,CORRECT
,ANSWER-Principle ,of ,least ,privilege
The ,scrum ,team ,is ,attending ,their ,morning ,meeting, ,which ,is ,scheduled ,at ,the
,beginning ,of ,the ,work ,day. ,Each ,team ,member ,reports ,what ,they ,accomplished
,yesterday, ,what ,they ,plan ,to ,accomplish ,today, ,and ,if ,they ,have ,any ,impediments
,that ,may ,cause ,them ,to ,miss ,their ,delivery ,deadline. ,Which ,scrum ,ceremony ,is ,the
,team ,participating ,in? ,- ,CORRECT ,ANSWER-Daily ,Scrum
What ,is ,a ,list ,of ,information ,security ,vulnerabilities ,that ,aims ,to ,provide ,names ,for
,publicly ,known ,problems? ,- ,CORRECT ,ANSWER-Common ,computer ,vulnerabilities
,and ,exposures ,(CVE)
Which ,secure ,coding ,best ,practice ,uses ,well-tested, ,publicly ,available ,algorithms ,to
,hide ,product ,data ,from ,unauthorized ,access? ,- ,CORRECT ,ANSWER-Cryptographic
,practices
Which ,secure ,coding ,best ,practice ,uses ,well-tested, ,publicly ,available ,algorithms ,to
,hide ,product ,data ,from ,unauthorized ,access? ,- ,CORRECT ,ANSWER-Cryptographic
,practices
Which ,secure ,coding ,best ,practice ,ensures ,servers, ,frameworks, ,and ,system
,components ,are ,all ,running ,the ,latest ,approved ,versions? ,- ,CORRECT ,ANSWER-
System ,configuration
Which ,secure ,coding ,best ,practice ,says ,to ,use ,parameterized ,queries, ,encrypted
,connection ,strings ,stored ,in ,separate ,configuration ,files, ,and ,strong ,passwords ,or
,multi-factor ,authentication? ,- ,CORRECT ,ANSWER-Database ,security
Which ,secure ,coding ,best ,practice ,says ,that ,all ,information ,passed ,to ,other ,systems
,should ,be ,encrypted? ,- ,CORRECT ,ANSWER-Communication ,security
eam ,members ,are ,being ,introduced ,during ,sprint ,zero ,in ,the ,project ,kickoff ,meeting.
,The ,person ,being ,introduced ,is ,a ,member ,of ,the ,scrum ,team, ,responsible ,for ,writing
,feature ,logic ,and ,attending ,sprint ,ceremonies. ,Which ,role ,is ,the ,team ,member
,playing? ,- ,CORRECT ,ANSWER-Software ,developer
A ,software ,security ,team ,member ,has ,created ,data ,flow ,diagrams, ,chosen ,the
,STRIDE ,methodology ,to ,perform ,threat ,reviews, ,and ,created ,the ,security ,assessment
,for ,the ,new ,product. ,Which ,category ,of ,secure ,software ,best ,practices ,did ,the ,team
,member ,perform? ,- ,CORRECT ,ANSWER-Architecture ,analysis
Team ,members ,are ,being ,introduced ,during ,sprint ,zero ,in ,the ,project ,kickoff ,meeting.
,The ,person ,being ,introduced ,will ,be ,a ,facilitator, ,will ,try ,to ,remove ,roadblocks ,and
