Questions .
WGU D487 Secure Software Design – Objective Assessment Practice Questions
200 Multiple-Choice Questions with Answers and Rationales
Domain 1: Secure Software Design Principles (Questions 1-40)
Question 1
Which security principle assumes attackers have the source code and
specifications of the product?
A. Least Privilege
B. Open Design
C. Separation of Privileges
D. Total Mediation
Answer: B. Open Design
Rationale: The Open Design principle states that the security of a system should
not depend on the secrecy of its design or implementation. This principle assumes
attackers may have access to source code and specifications, so security must rely
on robust cryptographic keys and access controls rather than obscurity .
,Question 2
What is the primary goal of secure software design?
A. Maximize software performance
B. Protect applications from security threats
C. Reduce development time
D. Enhance user interface
Answer: B. Protect applications from security threats
Rationale: Secure design focuses on mitigating vulnerabilities throughout the
SDLC by building security into the software from the ground up. Security must be
considered at every phase of development rather than being added as an
afterthought .
Question 3
Which principle advocates minimizing attack surfaces?
A. Least Privilege
,B. Defense in Depth
C. Attack Surface Minimization
D. Economy of Mechanism
Answer: C. Attack Surface Minimization
Rationale: Attack surface minimization involves reducing the number of entry
points and potential attack vectors in a system. This includes disabling
unnecessary services, removing unused features, and limiting network exposure .
Question 4
The principle of least privilege requires that:
A. Users have administrative access at all times
B. Users are granted only the minimum permissions necessary to perform their
tasks
C. All users have equal access to system resources
D. Privileges are granted based on seniority
, Answer: B. Users are granted only the minimum permissions necessary to
perform their tasks
Rationale: The principle of least privilege limits access rights to the bare minimum
required for a user, process, or system to perform its authorized functions. This
reduces the potential impact of security breaches .
Question 5
Which secure design principle requires that all access requests be checked for
authorization?
A. Open Design
B. Separation of Privileges
C. Total Mediation
D. Psychological Acceptability
Answer: C. Total Mediation
Rationale: Total mediation (also called complete mediation) requires that every
access to a resource must be checked for authorization. Every attempt must be
validated to prevent bypasses or unauthorized access .