WGU D487 OA 2026 Test Bank With CURRENTLY MOST TESTED
Questions And 100% Correct VERIFIED Answers / D487 Secure
Software Design Objective Assessment UPDATED 2026 Test Bank
Why should SDL policies be incorporated into every phase of the software
development process?
A) To ensure security practices are considered consistently across all phases,
reducing risks throughout the SDL
B) To limit security assessments to testing phases only
C) To enable developers to bypass SDL requirements for faster deployment
D) To ensure SDL policies are applied only during post-production - VERIFIED
ANSWER✅ A) To ensure security practices are considered consistently across
all phases, reducing risks throughout the SDL
A project manager is defining the scope of SDL policies for a complex software
system. What should be the primary focus of scoping in this context?
A) Minimizing security requirements to reduce costs
B) Aligning SDL policies with the complexity of the system and specific security
needs
C) Standardizing requirements without considering project-specific needs
,D) Focusing only on technical requirements - VERIFIED ANSWER✅ B) Aligning
SDL policies with the complexity of the system and specific security needs
In the Architecture (A2) phase, a team begins threat modeling by identifying
security objectives, understanding the application structure, and pinpointing
vulnerabilities. Why is threat modeling essential at this stage?
A) To delay security analysis until testing
B) To proactively identify and mitigate risks before implementation
C) To focus only on post-deployment security measures
D) To ensure that no changes are made to the software's design - VERIFIED
ANSWER✅ B) To proactively identify and mitigate risks before implementation
A security analyst uses Data Flow Diagrams (DFDs) during threat modeling. What
is the main benefit of using DFDs in this context?
A) They simplify the data encryption process
B) They provide a visual map of data movement and trust boundaries, highlighting
potential vulnerabilities
C) They eliminate the need for further security assessments
D) They focus exclusively on user access control - VERIFIED ANSWER✅ B) They
provide a visual map of data movement and trust boundaries, highlighting
potential vulnerabilities
,In threat modeling, the team applies the STRIDE model to categorize threats. What
type of threat is addressed by "Elevation of Privilege" in the STRIDE model?
A) Unauthorized access to sensitive data
B) The ability for users to gain higher privileges than intended, leading to potential
misuse
C) Access control based solely on user roles
D) Restriction of data sharing - VERIFIED ANSWER✅ B) The ability for users to
gain higher privileges than intended, leading to potential misuse
A team uses the DREAD model to rank threats based on factors like damage
potential and exploitability. Why is ranking threats important in the threat
modeling process?
A) To prioritize resources toward mitigating the most impactful and likely risks
B) To focus only on compliance without assessing risks
C) To ensure that all threats are treated equally
D) To allow the team to ignore low-probability risks - VERIFIED ANSWER✅ A) To
prioritize resources toward mitigating the most impactful and likely risks
, The organization considers using alternative threat modeling methodologies, such
as PASTA (Process for Attack Simulation and Threat Analysis) and CVSS (Common
Vulnerability Scoring System), to meet specific project needs. When would it be
beneficial to use alternative threat modeling frameworks?
A) When the organization's security needs require a tailored approach beyond
standard models
B) When reducing the threat modeling process to only one step
C) When the project requires minimal security oversight
D) When using only one universal threat modeling approach for all cases -
VERIFIED ANSWER✅ A) When the organization's security needs require a
tailored approach beyond standard models
A company's leadership team wants to set a security policy for software
developers to follow throughout the SDL. Why is it essential for leadership to
support SDL policies?
A) To allow developers to set security requirements independently
B) To ensure security policies are taken seriously and align with business needs
C) To enable the SDL policies to be flexible based on project timelines
Questions And 100% Correct VERIFIED Answers / D487 Secure
Software Design Objective Assessment UPDATED 2026 Test Bank
Why should SDL policies be incorporated into every phase of the software
development process?
A) To ensure security practices are considered consistently across all phases,
reducing risks throughout the SDL
B) To limit security assessments to testing phases only
C) To enable developers to bypass SDL requirements for faster deployment
D) To ensure SDL policies are applied only during post-production - VERIFIED
ANSWER✅ A) To ensure security practices are considered consistently across
all phases, reducing risks throughout the SDL
A project manager is defining the scope of SDL policies for a complex software
system. What should be the primary focus of scoping in this context?
A) Minimizing security requirements to reduce costs
B) Aligning SDL policies with the complexity of the system and specific security
needs
C) Standardizing requirements without considering project-specific needs
,D) Focusing only on technical requirements - VERIFIED ANSWER✅ B) Aligning
SDL policies with the complexity of the system and specific security needs
In the Architecture (A2) phase, a team begins threat modeling by identifying
security objectives, understanding the application structure, and pinpointing
vulnerabilities. Why is threat modeling essential at this stage?
A) To delay security analysis until testing
B) To proactively identify and mitigate risks before implementation
C) To focus only on post-deployment security measures
D) To ensure that no changes are made to the software's design - VERIFIED
ANSWER✅ B) To proactively identify and mitigate risks before implementation
A security analyst uses Data Flow Diagrams (DFDs) during threat modeling. What
is the main benefit of using DFDs in this context?
A) They simplify the data encryption process
B) They provide a visual map of data movement and trust boundaries, highlighting
potential vulnerabilities
C) They eliminate the need for further security assessments
D) They focus exclusively on user access control - VERIFIED ANSWER✅ B) They
provide a visual map of data movement and trust boundaries, highlighting
potential vulnerabilities
,In threat modeling, the team applies the STRIDE model to categorize threats. What
type of threat is addressed by "Elevation of Privilege" in the STRIDE model?
A) Unauthorized access to sensitive data
B) The ability for users to gain higher privileges than intended, leading to potential
misuse
C) Access control based solely on user roles
D) Restriction of data sharing - VERIFIED ANSWER✅ B) The ability for users to
gain higher privileges than intended, leading to potential misuse
A team uses the DREAD model to rank threats based on factors like damage
potential and exploitability. Why is ranking threats important in the threat
modeling process?
A) To prioritize resources toward mitigating the most impactful and likely risks
B) To focus only on compliance without assessing risks
C) To ensure that all threats are treated equally
D) To allow the team to ignore low-probability risks - VERIFIED ANSWER✅ A) To
prioritize resources toward mitigating the most impactful and likely risks
, The organization considers using alternative threat modeling methodologies, such
as PASTA (Process for Attack Simulation and Threat Analysis) and CVSS (Common
Vulnerability Scoring System), to meet specific project needs. When would it be
beneficial to use alternative threat modeling frameworks?
A) When the organization's security needs require a tailored approach beyond
standard models
B) When reducing the threat modeling process to only one step
C) When the project requires minimal security oversight
D) When using only one universal threat modeling approach for all cases -
VERIFIED ANSWER✅ A) When the organization's security needs require a
tailored approach beyond standard models
A company's leadership team wants to set a security policy for software
developers to follow throughout the SDL. Why is it essential for leadership to
support SDL policies?
A) To allow developers to set security requirements independently
B) To ensure security policies are taken seriously and align with business needs
C) To enable the SDL policies to be flexible based on project timelines
