WGU D487 EXAMINATION TEST SOLVED
QUESTIONS 2026 FINAL PAPER VIEW AHEAD
EXAM
◍ SAMM. Answer: offers a roadmap and a well-defined maturity
model for secure software development and deployment, along with
useful tools for self-assessment and planning.
◍ Core OpenSAMM activities. Answer: Governance
Construction
Verification
Deployment
◍ static analysis. Answer: Source code of an application is reviewed
manually or with automatic tools without running the code
◍ dynamic analysis. Answer: Analysis and testing of a program
occurs while it is being executed or run
◍ Fuzzing. Answer: Injection of randomized data into a software
program in an attempt to find system failures, memory leaks, error
handling issues, and improper input validation
, ◍ OWASP ZAP. Answer: -Open-source web application security
scanner-Can be used as a proxy to manipulate traffic running through
it (even https)
◍ ISO/IEC 27001. Answer: Specifies requirements for establishing,
implementing, operating, monitoring, reviewing, maintaining and
improving a documented information security management system
◍ ISO/IEC 17799. Answer: ISO/EIC is a joint committee that
develops and maintains standards in the IT industry. 17799 is an
international code of practice for information security management.
This section defines confidentiality, integrity and availability controls.
◍ ISO/IEC 27034. Answer: A standard that provides guidance to help
organizations embed security within their processes that help secure
applications running in the environment, including application
lifecycle processes
◍ Software security champion. Answer: a developer with an interest
in security who helps amplify the security message at the team level
◍ waterfall methodology. Answer: a sequential, activity-based
process in which each phase in the SDLC is performed sequentially
from planning through implementation and maintenance
◍ Agile Development. Answer: A software development
methodology that delivers functionality in rapid iterations, measured
QUESTIONS 2026 FINAL PAPER VIEW AHEAD
EXAM
◍ SAMM. Answer: offers a roadmap and a well-defined maturity
model for secure software development and deployment, along with
useful tools for self-assessment and planning.
◍ Core OpenSAMM activities. Answer: Governance
Construction
Verification
Deployment
◍ static analysis. Answer: Source code of an application is reviewed
manually or with automatic tools without running the code
◍ dynamic analysis. Answer: Analysis and testing of a program
occurs while it is being executed or run
◍ Fuzzing. Answer: Injection of randomized data into a software
program in an attempt to find system failures, memory leaks, error
handling issues, and improper input validation
, ◍ OWASP ZAP. Answer: -Open-source web application security
scanner-Can be used as a proxy to manipulate traffic running through
it (even https)
◍ ISO/IEC 27001. Answer: Specifies requirements for establishing,
implementing, operating, monitoring, reviewing, maintaining and
improving a documented information security management system
◍ ISO/IEC 17799. Answer: ISO/EIC is a joint committee that
develops and maintains standards in the IT industry. 17799 is an
international code of practice for information security management.
This section defines confidentiality, integrity and availability controls.
◍ ISO/IEC 27034. Answer: A standard that provides guidance to help
organizations embed security within their processes that help secure
applications running in the environment, including application
lifecycle processes
◍ Software security champion. Answer: a developer with an interest
in security who helps amplify the security message at the team level
◍ waterfall methodology. Answer: a sequential, activity-based
process in which each phase in the SDLC is performed sequentially
from planning through implementation and maintenance
◍ Agile Development. Answer: A software development
methodology that delivers functionality in rapid iterations, measured
