WGU D487 EXAM FULL QUESTIONS AND
CORRECT ANSWERS 2026 TESTED
QUESTIONS ALREADY PASSED
◍ Which type of requirement specifies that user passwords will
require a minimum of 8 characters and must include at least one
uppercase character, one number, and one special character? Answer:
Security requirement
◍ Which type of requirement specifies that credit card numbers are
designated as highly sensitive confidential personal information?
Answer: Data classification requirement
◍ Which privacy impact statement requirement type defines how
personal information is protected on devices used by more than a
single associate? Answer: Privacy control requirements
◍ In which step of the PASTA threat modeling methodology does
design flaw analysis take place? Answer: Vulnerability and weakness
analysis
◍ Which privacy impact statement requirement type defines who has
access to personal information within the product? Answer: Access
requirements
, ◍ Which security assessment deliverable defines milestones that will
be met during each phase of the project, merged into the product
development schedule? Answer: SDL project outline
◍ Which architecture deliverable identifies whether the product
adheres to organization security rules? Answer: Policy compliance
analysis
◍ Which threat modeling process identifies threats to each individual
object in a data flow diagram? Answer: STRIDE-per-element
◍ The DREAD methodology has been used to classify an identified
exploit where:
the attacker could log in as an administrator (damage potential)
the attacker could log in at any time (reproducibility)
almost anybody could perform the attack (exploitability)
all system users could be affected (affected users)
any person who knows how to open dev tools in a browser could find
the vulnerability (discoverability)
Which rating should be assigned to the exploit after performing an
analysis using a ternary ranking scale where high risk = 3 points,
medium risk = 2 points, and low risk = 1 point? Answer: High risk
◍ What is the recommended way to mitigate a threat identified during
threat modeling? Answer: Apply a standard accepted countermeasure
CORRECT ANSWERS 2026 TESTED
QUESTIONS ALREADY PASSED
◍ Which type of requirement specifies that user passwords will
require a minimum of 8 characters and must include at least one
uppercase character, one number, and one special character? Answer:
Security requirement
◍ Which type of requirement specifies that credit card numbers are
designated as highly sensitive confidential personal information?
Answer: Data classification requirement
◍ Which privacy impact statement requirement type defines how
personal information is protected on devices used by more than a
single associate? Answer: Privacy control requirements
◍ In which step of the PASTA threat modeling methodology does
design flaw analysis take place? Answer: Vulnerability and weakness
analysis
◍ Which privacy impact statement requirement type defines who has
access to personal information within the product? Answer: Access
requirements
, ◍ Which security assessment deliverable defines milestones that will
be met during each phase of the project, merged into the product
development schedule? Answer: SDL project outline
◍ Which architecture deliverable identifies whether the product
adheres to organization security rules? Answer: Policy compliance
analysis
◍ Which threat modeling process identifies threats to each individual
object in a data flow diagram? Answer: STRIDE-per-element
◍ The DREAD methodology has been used to classify an identified
exploit where:
the attacker could log in as an administrator (damage potential)
the attacker could log in at any time (reproducibility)
almost anybody could perform the attack (exploitability)
all system users could be affected (affected users)
any person who knows how to open dev tools in a browser could find
the vulnerability (discoverability)
Which rating should be assigned to the exploit after performing an
analysis using a ternary ranking scale where high risk = 3 points,
medium risk = 2 points, and low risk = 1 point? Answer: High risk
◍ What is the recommended way to mitigate a threat identified during
threat modeling? Answer: Apply a standard accepted countermeasure
