WGU - D487 OBJECTIVE
ASSESSMENT FINAL EXAM
2025/2026 COMPLETE QUESTIONS
AND CORRECT DETAILED ANSWERS
WITH RATIONALES || 100%
GUARANTEED PASS!! <LATEST
VERSION>
1. Deployment Phase (SDLC) - ANSWER ✓ Security is pushed out
2. Solid line with arrow - DFD - ANSWER ✓ Data Flow
3. Trust boundary - DFD - ANSWER ✓ Dashed line
4. What are the two deliverables of the Architecture phase of the SDL
- ANSWER ✓ Threat modeling artifacts and Policy compliance
analysis
5. What SDL security assessment deliverable is used as an input to an
SDL architecture process - ANSWER ✓ Threat profile
6. alpha level testing - ANSWER ✓ testing done by the developers
themselves
7. beta level testing - ANSWER ✓ testing done by those not familiar
with the actual development of the system
,8. black box testing - ANSWER ✓ tests from an external perspective
with no prior knowledge of the software
9. Design and Development (A3) phase - ANSWER ✓ the third
phase of the security development life cycle, in which you analyze
and test software to determine security and privacy issues as you
make informed decisions moving forward with your software
10. external resources - ANSWER ✓ resources hired on a
temporary basis to come into a project, test the application, and
report findings
11. functional testing scripts - ANSWER ✓ step-by-step
instructions for a specific scenario or situation
12. gray box testing: - ANSWER ✓ analyzes the source code for
the software to help design the test cases
13. secure testing scripts - ANSWER ✓ scripts created
specifically for the application being tested
14. scripts: - ANSWER ✓ detailed, logical steps of instructions
to tell a person or tool what to do during the testing
15. white box testing - ANSWER ✓ tests from an internal
perspective with full knowledge of the software
16. SonarQube - ANSWER ✓ automatic reviews with static
analysis of code to detect bugs, code smells, and security
vulnerabilities in over 25 programming languages.
17. OWASP Zed Attack Proxy - ANSWER ✓ most commonly
used open-source security tools
, 18. Secure Software Testing for CSSLP - ANSWER ✓
Infrastructure, Operating environments, Performance, Reliability,
Scalability
19. AppSec - ANSWER ✓ is the overall process of identifying,
fixing, and preventing security vulnerabilities within the
application level
20. spider - ANSWER ✓ identifies inputs and supplies those to
the scanning components of the security tool
21. scheduled tests - ANSWER ✓ mandatory requirements
testing to validate the security of the software and associated
system
22. pull request - ANSWER ✓ a request to merge your code into
another branch
23. passive scanner: - ANSWER ✓ silently analyzes all the
hypertext transfer protocol (HTTP) requests and responses passing
through the web application security tool
24. Open Source Security Testing Methodology Manual -
ANSWER ✓ a manual that provides templates and standards used
when developing a test strategy
25. exploratory tests - ANSWER ✓ done by the development
tester to continually assess the quality of his or her work
26. Design and Development - ANSWER ✓ the fourth phase of
the security development life cycle, in which you will build onto
ASSESSMENT FINAL EXAM
2025/2026 COMPLETE QUESTIONS
AND CORRECT DETAILED ANSWERS
WITH RATIONALES || 100%
GUARANTEED PASS!! <LATEST
VERSION>
1. Deployment Phase (SDLC) - ANSWER ✓ Security is pushed out
2. Solid line with arrow - DFD - ANSWER ✓ Data Flow
3. Trust boundary - DFD - ANSWER ✓ Dashed line
4. What are the two deliverables of the Architecture phase of the SDL
- ANSWER ✓ Threat modeling artifacts and Policy compliance
analysis
5. What SDL security assessment deliverable is used as an input to an
SDL architecture process - ANSWER ✓ Threat profile
6. alpha level testing - ANSWER ✓ testing done by the developers
themselves
7. beta level testing - ANSWER ✓ testing done by those not familiar
with the actual development of the system
,8. black box testing - ANSWER ✓ tests from an external perspective
with no prior knowledge of the software
9. Design and Development (A3) phase - ANSWER ✓ the third
phase of the security development life cycle, in which you analyze
and test software to determine security and privacy issues as you
make informed decisions moving forward with your software
10. external resources - ANSWER ✓ resources hired on a
temporary basis to come into a project, test the application, and
report findings
11. functional testing scripts - ANSWER ✓ step-by-step
instructions for a specific scenario or situation
12. gray box testing: - ANSWER ✓ analyzes the source code for
the software to help design the test cases
13. secure testing scripts - ANSWER ✓ scripts created
specifically for the application being tested
14. scripts: - ANSWER ✓ detailed, logical steps of instructions
to tell a person or tool what to do during the testing
15. white box testing - ANSWER ✓ tests from an internal
perspective with full knowledge of the software
16. SonarQube - ANSWER ✓ automatic reviews with static
analysis of code to detect bugs, code smells, and security
vulnerabilities in over 25 programming languages.
17. OWASP Zed Attack Proxy - ANSWER ✓ most commonly
used open-source security tools
, 18. Secure Software Testing for CSSLP - ANSWER ✓
Infrastructure, Operating environments, Performance, Reliability,
Scalability
19. AppSec - ANSWER ✓ is the overall process of identifying,
fixing, and preventing security vulnerabilities within the
application level
20. spider - ANSWER ✓ identifies inputs and supplies those to
the scanning components of the security tool
21. scheduled tests - ANSWER ✓ mandatory requirements
testing to validate the security of the software and associated
system
22. pull request - ANSWER ✓ a request to merge your code into
another branch
23. passive scanner: - ANSWER ✓ silently analyzes all the
hypertext transfer protocol (HTTP) requests and responses passing
through the web application security tool
24. Open Source Security Testing Methodology Manual -
ANSWER ✓ a manual that provides templates and standards used
when developing a test strategy
25. exploratory tests - ANSWER ✓ done by the development
tester to continually assess the quality of his or her work
26. Design and Development - ANSWER ✓ the fourth phase of
the security development life cycle, in which you will build onto
