Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

WGU D487 Secure Software Design – Western Governors University – 2026/2027 Final Examination Answer Key

Rating
-
Sold
-
Pages
36
Grade
A+
Uploaded on
25-06-2026
Written in
2025/2026

This document contains questions and answers covering the core topics of WGU D487 Secure Software Design, including secure software development lifecycle (SSDLC), cryptography, secure coding practices, security testing, and compliance requirements. The material is aligned with the course blueprint and references industry frameworks such as OWASP Top 10, NIST SSDF, and ISO/IEC 27034. It serves as a comprehensive exam-preparation resource with verified questions designed to reinforce secure software design principles and cybersecurity best practices. The content is organized across multiple domains commonly assessed in the final examination.

Show more Read less
Institution
WGU D487 Secure Software Design
Course
WGU D487 Secure Software Design

Content preview

WESTERN GOVERNORS UNIVERSITY |
CYBERSECURITY & SOFTWARE ENGINEERING

WGU D487 Secure Software Design

Actual Exam —


FINAL EXAMINATION — ANSWER KEY
70 Questions | Verified | 2026/2027 Edition
Aligned with OWASP Top 10 (2026), NIST SSDF, and ISO/IEC 27034
Five Domains • SSDLC • Cryptography • Secure Coding • Testing • Compliance


Prepared per WGU D487 Course Blueprint | Confidential Academic Assessment Material
© 2026 Western Governors University — D487 Secure Software Design

,Key Features



✓ Secure Software Development Life Cycle (SSDLC) and threat modeling methodologies — STRIDE,
PASTA, and attack-tree driven design across all lifecycle phases.
✓ Cryptography, encryption standards, and key management principles — AES, RSA, ECC, hashing,
digital signatures, PKI, and HSM-backed key lifecycle controls.
✓ OWASP Top 10 vulnerabilities and secure coding techniques — injection, broken access control,
cryptographic failures, SSRF, and insecure design mitigations.
✓ Security testing, code inspection, and static/dynamic analysis — SAST, DAST, IAST, fuzzing,
penetration testing, and continuous security regression validation.
✓ Compliance frameworks, risk management, and software supply chain security — NIST SSDF,
SLSA, SBOM, zero-trust integration, and CI/CD pipeline hardening.

Updates for 2026



• Updated OWASP Top 10 for 2026 — New category coverage for AI-driven prompt injection,
advanced API vulnerabilities (BOLA, broken function-level authorization), and insecure LLM
integrations reflecting the rise of generative-AI-enabled application surfaces.
• Revised NIST Secure Software Development Framework (SSDF) guidelines — SP 800-
218 Revision 2 guidance now mandates zero-trust architecture integration, attested build
environments, cryptographic provenance for artifacts, and explicit AI/ML model supply-chain
controls.
• New industry standards for software supply chain security — SLSA Level 3+ build
provenance, signed SBOMs (CycloneDX 1.6 / SPDX 3.0), in-toto attestations, and Sigstore-based
signing are now baseline expectations for CI/CD pipeline hardening.

Abstract



This document presents a verified 70-question actual examination for the WGU D487 Secure
Software Design Objective Assessment, calibrated to the 2026/2027 Western Governors University
course blueprint and aligned with current OWASP, NIST, and ISO secure software engineering
standards. The examination comprehensively assesses the candidate's mastery of integrating security
principles into every phase of the software development lifecycle — from initial threat modeling and
security requirements elicitation through architecture-level risk analysis, secure coding, cryptographic
key management, rigorous security testing, deployment hardening, and ongoing maintenance.
Questions span five weighted domains: SSDLC and Threat Modeling, Cryptography and Key
Management, Secure Coding and the OWASP Top 10, Security Testing and Code Inspection, and
Compliance, Risk, and Supply Chain Security. Each item is accompanied by a verified correct answer, a
Deep Teal rationale explaining the underlying security principle, an analysis of why each distractor is
incorrect, and a precise reference to the authoritative source. The structure is designed to mirror the
rigor of the live assessment and to reinforce the candidate's ability to apply security standards, threat-
driven design decisions, and proven methodologies in realistic software engineering scenarios.

Keywords

,WGU D487, Secure Software Design, SSDLC, OWASP, Threat Modeling, Cryptography, Secure Coding,
Security Testing, NIST SSDF, Supply Chain Security, STRIDE, Key Management, Static Analysis, Zero
Trust, SBOM

Content Area Overview



The 70-question actual exam is distributed across five weighted domains reflecting the official WGU
D487 course blueprint. The table below summarizes each content area, its question allocation, key
topics, and examination weight.

Content Area Questions Key Topics Weight

Lifecycle phases, STRIDE, PASTA, abuse
SSDLC & Threat Modeling 14 20%
cases, risk ranking, attack surface reduction

Cryptography & Key Symmetric/asymmetric, AES/RSA/ECC,
14 20%
Management hashing, PKI, HSM, key rotation, TLS

Secure Coding & OWASP Injection, XSS, CSRF, access control, SSRF,
21 30%
Top 10 input validation, secure session handling

Security Testing & Code SAST/DAST/IAST, fuzzing, penetration
11 15%
Inspection testing, code inspection, DevSecOps

NIST SSDF, ISO 27001, SLSA, SBOM, zero
Compliance, Risk & Supply
10 trust, GDPR/CCPA, dependency 15%
Chain Security
management

Comprehensive Secure Software
TOTAL 70 100%
Design coverage


Examination Questions




Domain: SSDLC & Threat Modeling

, 1. Which activity is performed FIRST in a mature Secure Software Development Life Cycle
(SSDLC)?
A. Writing unit tests for security controls
B. Eliciting and documenting security requirements alongside functional requirements
C. Deploying web application firewall (WAF) rules in production
D. Running dynamic analysis against the staging build
Correct Answer: B. Eliciting and documenting security requirements alongside functional
requirements
Rationale: Security requirements must be elicited and documented during the requirements phase so
that confidentiality, integrity, availability, and compliance needs drive every downstream design and
implementation decision.
Why Wrong:
• A is incorrect because unit testing occurs during the implementation phase, after
requirements and design are established.
• C is incorrect because production WAF deployment is a late-stage operational control, not an
SSDLC initiation activity.
• D is incorrect because dynamic analysis requires a buildable artifact and therefore occurs
much later in the lifecycle.
Reference: WGU D487 Course Module 1 — SSDLC Overview; NIST SP 800-218 (SSDF) PO.1

2. In the STRIDE threat modeling framework, the 'T' represents Tampering. Which
security property does tampering primarily compromise?
A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation
Correct Answer: B. Integrity
Rationale: Tampering involves unauthorized modification of data or code, directly violating the
integrity property. STRIDE maps each threat category to a specific CIA triad property (or related
axiom such as authentication or non-repudiation).
Why Wrong:
• A is incorrect because confidentiality is targeted by Spoofing and Information Disclosure in
STRIDE.
• C is incorrect because availability is targeted by Denial of Service.
• D is incorrect because non-repudiation is targeted by Repudiation, not Tampering.
Reference: WGU D487 Module 2 — Threat Modeling; Microsoft STRIDE Reference (Shostack, Threat
Modeling: Designing for Security)

Written for

Institution
WGU D487 Secure Software Design
Course
WGU D487 Secure Software Design

Document information

Uploaded on
June 25, 2026
Number of pages
36
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$16.00
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
BestSellerStuvia Chamberlain College Of Nursing
View profile
Follow You need to be logged in order to follow users or courses
Sold
4562
Member since
5 year
Number of followers
2073
Documents
5883
Last sold
4 hours ago
BestSellerStuvia

Welcome to BESTSELLERSTUVIA, your ultimate destination for high-quality, verified study materials trusted by students, educators, and professionals across the globe. We specialize in providing A+ graded exam files, practice questions, complete study guides, and certification prep tailored to a wide range of academic and professional fields. Whether you're preparing for nursing licensure (NCLEX, ATI, HESI, ANCC, AANP), healthcare certifications (ACLS, BLS, PALS, PMHNP, AGNP), standardized tests (TEAS, HESI, PAX, NLN), or university-specific exams (WGU, Portage Learning, Georgia Tech, and more), our documents are 100% correct, up-to-date for 2025/2026, and reviewed for accuracy. What makes BESTSELLERSTUVIA stand out: ✅ Verified Questions & Correct Answers

Read more Read less
3.6

653 reviews

5
269
4
113
3
136
2
31
1
104

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions