D487 Secure Software
Design Unanswered
Practice Exam 3 With 60
Practice Questions Best for
Exam Prep/ WGU D487
Secure Software Design
Exam 3 Prep 2026 (New!)
D487 Secure Software Design – Practice Exam 3
,D487 Secure Software Design – Practice Exam 3 (Advanced Style)
Questions 1–10
1. During which SDL phase is the Security Test Plan typically drafted and test tools
selected?
A. A1 – Security Assessment
B. A2 – Architecture
C. A3 – Design & Development
D. A5 – Ship
2. Which of the following best reflects the purpose of a Product Risk Profile in SDL?
A. Identifies code quality issues
B. Evaluates business risk and security exposure
C. Tracks static test coverage
D. Defines backlog user stories
3. Which component of the CIA triad ensures that sensitive information is accessible
only to authorized individuals?
A. Integrity
B. Availability
C. Confidentiality
D. Authentication
, 4. What is the role of a Software Security Champion within Agile development?
A. Conducts dynamic analysis scans
B. Leads UI design iterations
C. Advocates secure practices and mentorship within teams
D. Approves sprint deliverables
5. Which threat modeling methodology is focused on attacker-centric analysis using
threat trees and attack simulations?
A. STRIDE
B. DREAD
C. PASTA
D. OCTAVE
6. What is the purpose of the ‘Repudiation’ element in STRIDE?
A. Prevent access to system logs
B. Ensure users can’t deny actions
C. Prevent spoofing attacks
D. Restrict unauthorized service usage
7. How does OpenSAMM support secure software practices?
A. Through a test case library
B. By providing a maturity model for security program development
C. Through incident response templates
D. By enforcing sprint-level metrics
Design Unanswered
Practice Exam 3 With 60
Practice Questions Best for
Exam Prep/ WGU D487
Secure Software Design
Exam 3 Prep 2026 (New!)
D487 Secure Software Design – Practice Exam 3
,D487 Secure Software Design – Practice Exam 3 (Advanced Style)
Questions 1–10
1. During which SDL phase is the Security Test Plan typically drafted and test tools
selected?
A. A1 – Security Assessment
B. A2 – Architecture
C. A3 – Design & Development
D. A5 – Ship
2. Which of the following best reflects the purpose of a Product Risk Profile in SDL?
A. Identifies code quality issues
B. Evaluates business risk and security exposure
C. Tracks static test coverage
D. Defines backlog user stories
3. Which component of the CIA triad ensures that sensitive information is accessible
only to authorized individuals?
A. Integrity
B. Availability
C. Confidentiality
D. Authentication
, 4. What is the role of a Software Security Champion within Agile development?
A. Conducts dynamic analysis scans
B. Leads UI design iterations
C. Advocates secure practices and mentorship within teams
D. Approves sprint deliverables
5. Which threat modeling methodology is focused on attacker-centric analysis using
threat trees and attack simulations?
A. STRIDE
B. DREAD
C. PASTA
D. OCTAVE
6. What is the purpose of the ‘Repudiation’ element in STRIDE?
A. Prevent access to system logs
B. Ensure users can’t deny actions
C. Prevent spoofing attacks
D. Restrict unauthorized service usage
7. How does OpenSAMM support secure software practices?
A. Through a test case library
B. By providing a maturity model for security program development
C. Through incident response templates
D. By enforcing sprint-level metrics
