WGU D487 SECURE SOFTWARE DESIGN
ACTUAL EXAM PAPER 2026 QUESTIONS WITH
SOLUTIONS GRADED A+
◉ SAMM. Answer: Software Assurance Maturity Model
◉ BSIMM Four Domains. Answer: Governance: Strategy,
compliance, training programs
Intelligence: Attack models, security features, standards research
SSDL Touchpoints: Hands-on security activities (code review,
testing)
Deployment: Configuration management, vulnerability management
◉ STRIDE Threat Modeling. Answer: Spoofing: Identity impersonation
attacks
Tampering: Unauthorized data modification
Repudiation: Denial of performed actions
Information Disclosure: Unauthorized data access
Denial of Service: Service availability attacks
Elevation of Privilege: Unauthorized access escalation
, Purpose - Threat Categorization
◉ STRIDE-per-element. Answer: Analyze each individual
component/object
◉ STRIDE-per-process:. Answer: Focus only on processes
◉ STRIDE-per-trust-boundary. Answer: Analyze security boundary
crossings
◉ STRIDE-per-interaction. Answer: Focus on data flows between
components
◉ DREAD Stages. Answer: Damage: Potential impact severity
Reproducibility: How easily attack can be repeated
Exploitability: Difficulty of executing the attack
Affected users: Scope and number of impacted users
Discoverability: How easy vulnerability is to find
◉ DREAD Scoring System. Answer: Each Stage gets 1-3 Points
13-15 points = High Risk
8-12 points = Medium Risk
5-7 points = Low Risk
ACTUAL EXAM PAPER 2026 QUESTIONS WITH
SOLUTIONS GRADED A+
◉ SAMM. Answer: Software Assurance Maturity Model
◉ BSIMM Four Domains. Answer: Governance: Strategy,
compliance, training programs
Intelligence: Attack models, security features, standards research
SSDL Touchpoints: Hands-on security activities (code review,
testing)
Deployment: Configuration management, vulnerability management
◉ STRIDE Threat Modeling. Answer: Spoofing: Identity impersonation
attacks
Tampering: Unauthorized data modification
Repudiation: Denial of performed actions
Information Disclosure: Unauthorized data access
Denial of Service: Service availability attacks
Elevation of Privilege: Unauthorized access escalation
, Purpose - Threat Categorization
◉ STRIDE-per-element. Answer: Analyze each individual
component/object
◉ STRIDE-per-process:. Answer: Focus only on processes
◉ STRIDE-per-trust-boundary. Answer: Analyze security boundary
crossings
◉ STRIDE-per-interaction. Answer: Focus on data flows between
components
◉ DREAD Stages. Answer: Damage: Potential impact severity
Reproducibility: How easily attack can be repeated
Exploitability: Difficulty of executing the attack
Affected users: Scope and number of impacted users
Discoverability: How easy vulnerability is to find
◉ DREAD Scoring System. Answer: Each Stage gets 1-3 Points
13-15 points = High Risk
8-12 points = Medium Risk
5-7 points = Low Risk
