WGU D487 SECURE SW DESIGN OBJECTIVE ASSESSMENT
Comprehensive Resource To Help You Ace
2026-2027 Includes Frequently Tested
Questions With ELABORATED 100% Correct
COMPLETE SOLUTIONS
Guaranteed Pass First Attempt!!
Current Update!!
1. Which practice in the Ship (A5) phase of the security development cycle
verifies whether a product meets required security mandates?
A. Vulnerability scanning
B. Final security review
C. Policy compliance analysis
D. Code-assisted penetration testing
{Correct Answer: C}
2. Which post-release support activity defines the process for
communicating, identifying, and mitigating external security threats?
A. Security architectural review
B. Third-party audit
C. External vulnerability disclosure response
D. Incident response testing
{Correct Answer: C}
3. Which two core practice areas are part of the OWASP Security Assurance
Maturity Model (OpenSAMM)?
A. Design and Testing
B. Governance and Construction
C. Architecture and Deployment
, D. Planning and Operations
{Correct Answer: B}
4. Which Ship (A5) practice uses automated tools to identify weaknesses in a
product before release?
A. Threat modeling
B. Vulnerability scanning
C. Risk profiling
D. Compliance reporting
{Correct Answer: B}
5. Which post-release support activity should be conducted when two
companies merge or integrate systems?
A. Penetration testing
B. Vulnerability disclosure
C. Security architectural reviews
D. Code refactoring
{Correct Answer: C}
6. Which Ship (A5) deliverable is produced during policy compliance
analysis?
A. White-box test results
B. Analyze activities and standards
C. Threat matrices
D. Vulnerability remediation plan
{Correct Answer: B}
7. Which Ship (A5) deliverable is produced through code-assisted
penetration testing?
A. Black-box security test
B. License compliance report
C. White-box security test
D. Architectural risk summary
{Correct Answer: C}
, 8. Which Ship (A5) deliverable is produced during an open-source licensing
review?
A. Release checklist
B. License compliance documentation
C. Vulnerability scan results
D. Penetration testing report
{Correct Answer: B}
9. Which Ship (A5) deliverable occurs during the final security review?
A. Risk analysis
B. Code scanning
C. Release and ship
D. Architecture modeling
{Correct Answer: C}
10.How can an organization establish its own SDL using an agile
methodology?
A. Sequential development
B. Iterative development
C. Waterfall planning
D. Annual security reviews
{Correct Answer: B}
11.How can an organization establish its own SDL using DevOps practices?
A. Manual deployment controls
B. Scheduled code reviews
C. Continuous integration and continuous deployment
D. Quarterly security audits
{Correct Answer: C}
12.How can an organization establish its own SDL in a cloud-based
environment?
A. Threat modeling only
B. API invocation processes
C. On-premise controls
Comprehensive Resource To Help You Ace
2026-2027 Includes Frequently Tested
Questions With ELABORATED 100% Correct
COMPLETE SOLUTIONS
Guaranteed Pass First Attempt!!
Current Update!!
1. Which practice in the Ship (A5) phase of the security development cycle
verifies whether a product meets required security mandates?
A. Vulnerability scanning
B. Final security review
C. Policy compliance analysis
D. Code-assisted penetration testing
{Correct Answer: C}
2. Which post-release support activity defines the process for
communicating, identifying, and mitigating external security threats?
A. Security architectural review
B. Third-party audit
C. External vulnerability disclosure response
D. Incident response testing
{Correct Answer: C}
3. Which two core practice areas are part of the OWASP Security Assurance
Maturity Model (OpenSAMM)?
A. Design and Testing
B. Governance and Construction
C. Architecture and Deployment
, D. Planning and Operations
{Correct Answer: B}
4. Which Ship (A5) practice uses automated tools to identify weaknesses in a
product before release?
A. Threat modeling
B. Vulnerability scanning
C. Risk profiling
D. Compliance reporting
{Correct Answer: B}
5. Which post-release support activity should be conducted when two
companies merge or integrate systems?
A. Penetration testing
B. Vulnerability disclosure
C. Security architectural reviews
D. Code refactoring
{Correct Answer: C}
6. Which Ship (A5) deliverable is produced during policy compliance
analysis?
A. White-box test results
B. Analyze activities and standards
C. Threat matrices
D. Vulnerability remediation plan
{Correct Answer: B}
7. Which Ship (A5) deliverable is produced through code-assisted
penetration testing?
A. Black-box security test
B. License compliance report
C. White-box security test
D. Architectural risk summary
{Correct Answer: C}
, 8. Which Ship (A5) deliverable is produced during an open-source licensing
review?
A. Release checklist
B. License compliance documentation
C. Vulnerability scan results
D. Penetration testing report
{Correct Answer: B}
9. Which Ship (A5) deliverable occurs during the final security review?
A. Risk analysis
B. Code scanning
C. Release and ship
D. Architecture modeling
{Correct Answer: C}
10.How can an organization establish its own SDL using an agile
methodology?
A. Sequential development
B. Iterative development
C. Waterfall planning
D. Annual security reviews
{Correct Answer: B}
11.How can an organization establish its own SDL using DevOps practices?
A. Manual deployment controls
B. Scheduled code reviews
C. Continuous integration and continuous deployment
D. Quarterly security audits
{Correct Answer: C}
12.How can an organization establish its own SDL in a cloud-based
environment?
A. Threat modeling only
B. API invocation processes
C. On-premise controls
