Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

WGU D487 Secure Software Design Test Bank | Verified Questions & Rationales | Grade A+

Rating
-
Sold
-
Pages
69
Grade
A+
Uploaded on
14-02-2026
Written in
2025/2026

Download the WGU D487 Secure Software Design Exam Questions and Correct Answers with Rationales Graded A+ Latest after making the Purchase. In Case You Encounter Difficulties Downloading the WGU D487 Secure Software Design Verified Exam Questions and Answers with Rationales, please Feel Free To Reach Out To Me. I Will gladly Send It To You. The WGU D487 Secure Software Design test bank is a comprehensive preparation resource designed to help students succeed in cybersecurity and software development assessments. This WGU D487 Secure Software Design exam questions and verified answers resource includes exam-style questions, correct answers, and detailed rationales covering secure coding principles, threat modeling, risk mitigation, authentication mechanisms, encryption standards, vulnerability management, and secure software development lifecycle (SDLC) practices. The WGU D487 Grade A+ verified test bank provides realistic practice scenarios that strengthen analytical thinking, secure design strategies, and risk-based decision-making skills. With the WGU D487 Secure Software Design correct answers and rationales, learners can reinforce core cybersecurity development concepts, identify weak areas, and build confidence before assessment. This WGU D487 Secure Software Design comprehensive study guide and test bank ensures structured review, mastery of secure architecture principles, and preparation aligned with the latest course objectives.

Show more Read less
Institution
WGU D487 Secure Software Design
Course
WGU D487 Secure Software Design

Content preview

WGU D487 SECURE SOFTWARE DESIGN EXAM
QUESTIONS AND CORRECT ANSWERS WITH
RATIONALES GRADED A+ LATEST



1. Which of the following best describes the principle of least privilege?

A. Users can access all resources but must authenticate first
B. Applications are granted only the permissions necessary to perform their tasks
C. Developers should have admin access to simplify testing
D. Only privileged users can perform security testing
Correct Answer: B
Rationale: Least privilege limits access rights for users and applications to only what
is strictly necessary to perform their tasks, reducing the attack surface.



2. In a threat model, which step comes first?

A. Identifying mitigations
B. Defining the system and boundaries
C. Running penetration tests
D. Reviewing compliance requirements
Correct Answer: B
Rationale: Threat modeling begins with defining the system, its boundaries, data flows,
and trust levels before identifying threats or mitigations.




1|Page

,3. A web application stores user passwords using SHA-256 without a salt. What is
the primary risk?

A. Data cannot be decrypted
B. Passwords can be easily reversed using rainbow tables
C. It violates PCI DSS
D. It prevents hashing collisions
Correct Answer: B
Rationale: Unsalted hashes are vulnerable to rainbow table attacks because identical
passwords produce identical hashes, allowing attackers to precompute common
passwords.



4. Which of the following is the most secure method for storing session
identifiers?

A. In local storage
B. In cookies with HttpOnly and Secure flags
C. In a hidden form field
D. In the URL query string
Correct Answer: B
Rationale: Cookies with HttpOnly and Secure flags protect against XSS and ensure
transmission only over HTTPS, making them the most secure option.



5. A developer is designing an API that handles sensitive medical records. Which
security control should be implemented first?

A. Rate limiting
B. Input validation
C. Encryption in transit and at rest
D. Logging
Correct Answer: C
Rationale: Protecting sensitive medical data requires encryption both in transit and at
rest as a foundational control before additional protections.

2|Page

,6. What is the purpose of a Web Application Firewall (WAF)?

A. Encrypts all application data
B. Detects and blocks malicious HTTP traffic
C. Manages user authentication
D. Automatically patches vulnerabilities
Correct Answer: B
Rationale: A WAF filters, monitors, and blocks HTTP traffic to protect web applications
from attacks like SQL injection and XSS.



7. Which of the following best describes “defense in depth”?

A. Using one strong security control
B. Layering multiple security controls
C. Relying solely on perimeter defenses
D. Encrypting data only at rest
Correct Answer: B
Rationale: Defense in depth uses multiple layers of security controls so if one fails,
others still protect the system.



8. Which type of testing is most appropriate for identifying insecure direct object
references (IDOR)?

A. Static code analysis
B. Dynamic application security testing
C. Manual authorization testing
D. Unit testing
Correct Answer: C
Rationale: Manual authorization testing is the most effective way to detect IDOR by
attempting access to resources without proper permissions.



3|Page

, 9. Scenario: A company must comply with GDPR. What is the most important security
design concept to include?

A. Data minimization
B. Open-source components
C. Frequent backups
D. Centralized logging
Correct Answer: A
Rationale: GDPR requires minimizing personal data collection and storage. Data
minimization reduces risk and ensures compliance.



10. Which of the following is the best way to prevent SQL injection?

A. Escaping user input
B. Using prepared statements and parameterized queries
C. Disabling database logs
D. Encrypting the database
Correct Answer: B
Rationale: Prepared statements ensure user input is treated as data, not executable SQL,
which prevents SQL injection.



11. What is the primary purpose of input validation?

A. To reduce network latency
B. To ensure user input is safe and expected
C. To encrypt user data
D. To generate session tokens
Correct Answer: B
Rationale: Input validation ensures data conforms to expected format and content,
preventing injection and other attacks.




4|Page

Written for

Institution
WGU D487 Secure Software Design
Course
WGU D487 Secure Software Design

Document information

Uploaded on
February 14, 2026
Number of pages
69
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

  • wgu d487 cybersecurity
$17.49
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
Dokkie247 California State University - East Bay
View profile
Follow You need to be logged in order to follow users or courses
Sold
306
Member since
1 year
Number of followers
7
Documents
1060
Last sold
3 days ago
Dokkie247

Dokkie247 Test Banks and Practice Exams Struggling to find the perfect study materials? Welcome to Dokkie247! We specialize in delivering high-quality test banks, practice exams, and study resources to make exam prep stress-free and effective. Tip: Success doesn’t happen by chance. It happens by choice. Choose Dokkie247 Test Banks and Practice Exams! Study smart, not hard. Your success story starts here! Let’s make exam success your new normal.

Read more Read less
4.4

72 reviews

5
52
4
8
3
4
2
2
1
6

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions