Escrito por estudiantes que aprobaron Inmediatamente disponible después del pago Leer en línea o como PDF ¿Documento equivocado? Cámbialo gratis 4,6 TrustPilot
logo-home
Examen

WGU D487 SECURE SW DESIGN PRACTICE EXAM QUESTIONS WITH CORRECT DETAILED ANSWERS | ALREADY GRADED A+RECENT VERSION

Puntuación
-
Vendido
-
Páginas
51
Grado
A+
Subido en
20-11-2025
Escrito en
2025/2026

WGU D487 SECURE SW DESIGN PRACTICE EXAM QUESTIONS WITH CORRECT DETAILED ANSWERS | ALREADY GRADED A+RECENT VERSION 1) What are the four phases of penetration testing? - ANSWER assess, identify, evaluate and plan, and deploy. 2) What are scans that target security issues that are found outside the firewall? - ANSWER external scans 3) What are scans that require software to log onto a system to scan it? - ANSWER authenticated scans 4) What are scans to identify security issues that a malicious attacker could exploit from inside the network? - ANSWER internal scans 5) What are scans to exploit a vulnerability when it is identified? - ANSWER intrusive target search 6) What are regulations regarding the software licensing of in-house products - ANSWER open-source software license compliance 7) Which activity in the Ship (A5) phase of the security development cycle sets requirements for quality gates that must be met before release? - ANSWER A5 policy compliance analysis 8) The company's website uses query string parameters to filter products by category. The URL, when filtering on a product category, looks like this: 9) The model used to assess the severity of a vulnerability... - ANSWER Common Vulnerability Scoring System (CVSS) 10) The team that receives, investigates, and reports security vulnerabilities... - ANSWER Product Security Incident Response Team (PSIRT) 11) What is the phase of the SDLC in which organizations prepare for vulnerabilities after the product has been released? - ANSWER Post-Release Support phase 12) Who responds to software product security incidents that involve the external discovery of post-release software vulnerabilities? - ANSWER Post-Release PSIRT Response 13) Who is an expert on promoting security awareness, best practices, and simplifying software security? - ANSWER Software Security Champion (SSC) 14) Who is an expert to promote awareness of products to the wider software community? - ANSWER Software Security Evangelist (SSE) 15) Which post-release support activity (PRSA) details the process for investigating, mitigating, and communicating findings when security vulnerabilities are discovered in a software product? - ANSWER External vulnerability disclosure response 16) Which post-release support key success factor says that any change or component reuse should trigger security development life cycle activities? - ANSWER SDL cycle for any architectural changes or code reuses 17) What are the four categories in BSIMM? - ANSWER governance, intelligence, software security development life cycle touchpoints, and deployment. 18) In which Open SAMM core practice area would one find environment hardening? - ANSWER Deployment 19) Which step will you find in the SANS Institute Cyber Defense seven-step recipe for conducting threat modeling and application risk analysis? - ANSWER Brainstorm threats from adversaries 20) Which practice in the Ship (A5) phase of the security development cycle verifies whether the product meets security mandates? - ANSWER A5 policy compliance analysis 21) Which post-release support activity defines the process to communicate, identify, and alleviate security threats? - ANSWER PRSA1: External vulnerability disclosure response 22) Within OpenSAMM, what focuses on the processes and activities related to organizational software development activities within OpenSAMM practice areas? - ANSWER Governance 23) Within Open SAMM, what focuses on the processes and activities related to creating software within development projects within Open SAMM practice areas? - ANSWER Construction 24) Which practice in the Ship (A5) phase of the security development cycle uses tools to identify weaknesses in the product? - ANSWER Vulnerability scan 25) Which post-release support activity should be completed when companies are joining together? - ANSWER Security architectural reviews 26) Which of the Ship (A5) deliverables of the security development cycle are performed with code-assisted penetration testing? - ANSWER white-box security testing 27) Which of the Ship (A5) deliverables of the security development cycle are performed with open-source licensing review? - ANSWER license compliance 28) Which of the Ship (A5) deliverables of the security development cycle are performed with final security review? - ANSWER release and ship 29) Which phase of penetration testing allows for remediation to be performed? - ANSWER deploy 30) Which key deliverable occurs during post-release support? - ANSWER Third-party reviews 31) Which business function of Open SAMM is associated with the following core practices, governance? - ANSWER policy and compliance 32) Which business function of Open SAMM is associated with the following core practices, construction? - ANSWER threat assessment 33) Which business function of Open SAMM is associated with the following core practices, verification? - ANSWER code review 34) What is a unified conceptual framework for security auditing? - ANSWER Trike Threat Model 35) What is the path an attacker can take to exploit a vulnerability? - ANSWER threat vector 36) What is reusable software developed externally from the organization's platforms? - ANSWER third party codes 37) What is maliciously changing or modifying persistent data? - ANSWER Tampering 38) What defines what needs to be protected and how it will be protected? - ANSWER software security policy 39) What is performing illegal operations in a system that lacks the ability to trace the prohibited operations? - ANSWER repudiation 40) What is determining the fundamental functions of an app? - ANSWER application decomposition 41) What are threat models focused around senior management and protecting the assets of an organization? - ANSWER asset-centric threat modeling 42) What are threat models that start with visualizing the application you are building? - ANSWER application-centric threat modeling 43) During what phase of the SDL is any policy that exists outside of the SDL policy is reviewed? - ANSWER A3 Design and Development 44) A software security team member has been tasked with creating a threat model for the login process of a new product. What is the first step the team member should take? - ANSWER identify security objectives 45) What is the reason software security teams host discovery meetings with stakeholders early in the development life cycle? - ANSWER To ensure that security is built into the product from the start 46) Why should a security team provide documented certification requirements during the software assessment phase? - ANSWER Depending on the environment in which the product resides, certifications may be required by corporate or government entities before the software can be released to customers. 47) What are two items that should be included in the privacy impact assessment plan regardless of which methodology is used? - ANSWER Required process steps, technologies and techniques

Mostrar más Leer menos
Institución
WGU D487
Grado
WGU D487

Vista previa del contenido

WGU D487 SECURE SW DESIGN
PRACTICE EXAM QUESTIONS
WITH CORRECT DETAILED
ANSWERS | ALREADY GRADED
A+<RECENT VERSION>



1) What are the four phases of penetration testing? - ANSWER assess, identify,
evaluate and plan, and deploy.


2) What are scans that target security issues that are found outside the firewall? -
ANSWER external scans



3) What are scans that require software to log onto a system to scan it? - ANSWER
authenticated scans


4) What are scans to identify security issues that a malicious attacker could exploit from
inside the network? - ANSWER internal scans



5) What are scans to exploit a vulnerability when it is identified? - ANSWER
intrusive target search


6) What are regulations regarding the software licensing of in-house products -
ANSWER open-source software license compliance


7) Which activity in the Ship (A5) phase of the security development cycle sets
requirements for quality gates that must be met before release? - ANSWER A5
policy compliance analysis

,8) The company's website uses query string parameters to filter products by category.
The URL, when filtering on a product category, looks like this:
company.com/products? category=2.If the security team saw a URL of
company.com/products? category=2 OR 1=1 in the logs, what assumption should they
make? - ANSWER An attacker is attempting to use SQL injection to gain access to
information.


9) The model used to assess the severity of a vulnerability... - ANSWER Common
Vulnerability Scoring System (CVSS)


10) The team that receives, investigates, and reports security vulnerabilities... -
ANSWER Product Security Incident Response Team (PSIRT)


11) What is the phase of the SDLC in which organizations prepare for vulnerabilities after
the product has been released? - ANSWER Post-Release Support phase


12) Who responds to software product security incidents that involve the external
discovery of post-release software vulnerabilities? - ANSWER Post-Release
PSIRT Response


13) Who is an expert on promoting security awareness, best practices, and simplifying
software security? - ANSWER Software Security Champion (SSC)


14) Who is an expert to promote awareness of products to the wider software community?
- ANSWER Software Security Evangelist (SSE)


15) Which post-release support activity (PRSA) details the process for investigating,
mitigating, and communicating findings when security vulnerabilities are discovered
in a software product? - ANSWER External vulnerability disclosure response


16) Which post-release support key success factor says that any change or component
reuse should trigger security development life cycle activities? - ANSWER SDL
cycle for any architectural changes or code reuses

,17) What are the four categories in BSIMM? - ANSWER governance, intelligence,
software security development life cycle touchpoints, and deployment.


18) In which OpenSAMM core practice area would one find environment hardening? -
ANSWER Deployment


19) Which step will you find in the SANS Institute Cyber Defense seven-step recipe for
conducting threat modeling and application risk analysis? - ANSWER Brainstorm
threats from adversaries


20) Which practice in the Ship (A5) phase of the security development cycle verifies
whether the product meets security mandates? - ANSWER A5 policy compliance
analysis


21) Which post-release support activity defines the process to communicate, identify, and
alleviate security threats? - ANSWER PRSA1: External vulnerability disclosure
response


22) Within OpenSAMM, what focuses on the processes and activities related to
organizational software development activities within OpenSAMM practice areas? -
ANSWER Governance


23) Within Open SAMM, what focuses on the processes and activities related to creating
software within development projects within Open SAMM practice areas? -
ANSWER Construction


24) Which practice in the Ship (A5) phase of the security development cycle uses tools to
identify weaknesses in the product? - ANSWER Vulnerability scan


25) Which post-release support activity should be completed when companies are joining
together? - ANSWER Security architectural reviews


26) Which of the Ship (A5) deliverables of the security development cycle are performed
with code-assisted penetration testing? - ANSWER white-box security testing

, 27) Which of the Ship (A5) deliverables of the security development cycle are performed
with open-source licensing review? - ANSWER license compliance


28) Which of the Ship (A5) deliverables of the security development cycle are performed
with final security review? - ANSWER release and ship


29) Which phase of penetration testing allows for remediation to be performed? -
ANSWER deploy



30) Which key deliverable occurs during post-release support? - ANSWER Third-
party reviews


31) Which business function of Open SAMM is associated with the following core
practices, governance? - ANSWER policy and compliance


32) Which business function of Open SAMM is associated with the following core
practices, construction? - ANSWER threat assessment


33) Which business function of Open SAMM is associated with the following core
practices, verification? - ANSWER code review




34) What is a unified conceptual framework for security auditing? - ANSWER Trike
Threat Model


35) What is the path an attacker can take to exploit a vulnerability? - ANSWER threat
vector


36) What is reusable software developed externally from the organization's platforms? -
ANSWER third party codes



37) What is maliciously changing or modifying persistent data? - ANSWER
Tampering

Escuela, estudio y materia

Institución
WGU D487
Grado
WGU D487

Información del documento

Subido en
20 de noviembre de 2025
Número de páginas
51
Escrito en
2025/2026
Tipo
Examen
Contiene
Preguntas y respuestas

Temas

$11.99
Accede al documento completo:

¿Documento equivocado? Cámbialo gratis Dentro de los 14 días posteriores a la compra y antes de descargarlo, puedes elegir otro documento. Puedes gastar el importe de nuevo.
Escrito por estudiantes que aprobaron
Inmediatamente disponible después del pago
Leer en línea o como PDF

Conoce al vendedor

Seller avatar
Los indicadores de reputación están sujetos a la cantidad de artículos vendidos por una tarifa y las reseñas que ha recibido por esos documentos. Hay tres niveles: Bronce, Plata y Oro. Cuanto mayor reputación, más podrás confiar en la calidad del trabajo del vendedor.
jervismuthami Teachme2-tutor
Ver perfil
Seguir Necesitas iniciar sesión para seguir a otros usuarios o asignaturas
Vendido
10
Miembro desde
1 año
Número de seguidores
0
Documentos
573
Última venta
2 meses hace

4.5

2 reseñas

5
1
4
1
3
0
2
0
1
0

Por qué los estudiantes eligen Stuvia

Creado por compañeros estudiantes, verificado por reseñas

Calidad en la que puedes confiar: escrito por estudiantes que aprobaron y evaluado por otros que han usado estos resúmenes.

¿No estás satisfecho? Elige otro documento

¡No te preocupes! Puedes elegir directamente otro documento que se ajuste mejor a lo que buscas.

Paga como quieras, empieza a estudiar al instante

Sin suscripción, sin compromisos. Paga como estés acostumbrado con tarjeta de crédito y descarga tu documento PDF inmediatamente.

Student with book image

“Comprado, descargado y aprobado. Así de fácil puede ser.”

Alisha Student

Preguntas frecuentes