D487 Final Exam Practice
Question and Correct Answers /
WGU D487 Secure Software
Design Final Exam Prep 2026
(New!)
D487
, D487 Final Exam - Correct Answers
1. What is the study of real-world software security initiatives organized so companies can
measure their initiatives and understand how to evolve them over time?
Answer: Building Security in Maturity Model (BSIMM)
2. A software security team member has created data flow diagrams, chosen the STRIDE
methodology to perform threat reviews, and created the security assessment for the new
product. Which category of secure software best practices did the team member perform?
Answer: Architecture analysis
3. The security team is reviewing whether new security requirements, based on identified
threats or changes to organizational guidelines, can be implemented prior to releasing the
new product. Which activity of the Ship SDL phase is being performed?
Answer: Policy compliance analysis
4. Which type of requirement states that all user input values must be validated by type, size,
and range?
Answer: Every-sprint requirement
5. The software security group is conducting a maturity assessment using the Building
Security in Maturity Model (BSIMM). They are currently focused on reviewing security testing
results from recently completed initiatives. Which BSIMM domain is being assessed?
Answer: Software security development life cycle (SSDL) touchpoints
6. Which type of requirement states that the team must perform remote procedure call (RPC)
fuzz testing?
Answer: Bucket requirement
7. The person being introduced during sprint zero will be a facilitator, will try to remove
roadblocks and ensure the team is communicating freely, and will be responsible for
Question and Correct Answers /
WGU D487 Secure Software
Design Final Exam Prep 2026
(New!)
D487
, D487 Final Exam - Correct Answers
1. What is the study of real-world software security initiatives organized so companies can
measure their initiatives and understand how to evolve them over time?
Answer: Building Security in Maturity Model (BSIMM)
2. A software security team member has created data flow diagrams, chosen the STRIDE
methodology to perform threat reviews, and created the security assessment for the new
product. Which category of secure software best practices did the team member perform?
Answer: Architecture analysis
3. The security team is reviewing whether new security requirements, based on identified
threats or changes to organizational guidelines, can be implemented prior to releasing the
new product. Which activity of the Ship SDL phase is being performed?
Answer: Policy compliance analysis
4. Which type of requirement states that all user input values must be validated by type, size,
and range?
Answer: Every-sprint requirement
5. The software security group is conducting a maturity assessment using the Building
Security in Maturity Model (BSIMM). They are currently focused on reviewing security testing
results from recently completed initiatives. Which BSIMM domain is being assessed?
Answer: Software security development life cycle (SSDL) touchpoints
6. Which type of requirement states that the team must perform remote procedure call (RPC)
fuzz testing?
Answer: Bucket requirement
7. The person being introduced during sprint zero will be a facilitator, will try to remove
roadblocks and ensure the team is communicating freely, and will be responsible for
