WGU D487 Secure Software Design
Performance Assessment 2026/2027 –
Verified Q&As with Detailed Rationales
(Test Bank Bundle - 36 Questions)
---
*QUESTION 1:*
What is the primary goal of secure software design?
A) To build software that is resilient to attacks and vulnerabilities
B) To write software as quickly as possible
C) To minimize the cost of development
D) To ignore security risks
> 🎯 *CORRECT ANSWER:* A) To build software that is resilient to attacks and vulnerabilities
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Secure software design focuses on building secure software.
> * *Why Distractors Fail:* Speed, cost minimization, and ignoring risks are not goals.
> * *Core Takeaway:* Secure software design builds resilient software.
---
*QUESTION 2:*
A software designer is using the principle of least privilege. This means:
A) Users and processes have the minimum permissions needed
,B) Users have all permissions
C) Users have no permissions
D) Users have maximum permissions
> 🎯 *CORRECT ANSWER:* A) Users and processes have the minimum permissions needed
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Least privilege gives minimum permissions.
> * *Why Distractors Fail:* All permissions, no permissions, and maximum are not least privilege.
> * *Core Takeaway:* Least privilege gives minimum permissions.
---
*QUESTION 3:*
A software designer is using the principle of defense in depth. This means:
A) Multiple layers of security controls
B) A single layer of security
C) No security
D) Only physical security
> 🎯 *CORRECT ANSWER:* A) Multiple layers of security controls
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Defense in depth uses multiple layers.
> * *Why Distractors Fail:* Single layer, no security, and only physical are not defense in depth.
> * *Core Takeaway:* Defense in depth uses multiple layers.
---
*QUESTION 4:*
A software designer is using the principle of fail securely. What does this mean?
, A) The system should fail in a secure state
B) The system should fail in an insecure state
C) The system should ignore failures
D) The system should crash
> 🎯 *CORRECT ANSWER:* A) The system should fail in a secure state
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Fail securely means failing safely.
> * *Why Distractors Fail:* Insecure failure, ignoring, and crashing are not secure.
> * *Core Takeaway:* Fail securely means failing safely.
---
*QUESTION 5:*
A software designer is using the principle of secure defaults. What does this mean?
A) The system's default configuration should be secure
B) The system's default configuration should be insecure
C) The system's default configuration should be ignored
D) The system's default configuration should be complex
> 🎯 *CORRECT ANSWER:* A) The system's default configuration should be secure
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Secure defaults mean safe out-of-the-box.
> * *Why Distractors Fail:* Insecure, ignored, and complex defaults are not secure.
> * *Core Takeaway:* Secure defaults are safe out-of-the-box.
---
*QUESTION 6:*
Performance Assessment 2026/2027 –
Verified Q&As with Detailed Rationales
(Test Bank Bundle - 36 Questions)
---
*QUESTION 1:*
What is the primary goal of secure software design?
A) To build software that is resilient to attacks and vulnerabilities
B) To write software as quickly as possible
C) To minimize the cost of development
D) To ignore security risks
> 🎯 *CORRECT ANSWER:* A) To build software that is resilient to attacks and vulnerabilities
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Secure software design focuses on building secure software.
> * *Why Distractors Fail:* Speed, cost minimization, and ignoring risks are not goals.
> * *Core Takeaway:* Secure software design builds resilient software.
---
*QUESTION 2:*
A software designer is using the principle of least privilege. This means:
A) Users and processes have the minimum permissions needed
,B) Users have all permissions
C) Users have no permissions
D) Users have maximum permissions
> 🎯 *CORRECT ANSWER:* A) Users and processes have the minimum permissions needed
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Least privilege gives minimum permissions.
> * *Why Distractors Fail:* All permissions, no permissions, and maximum are not least privilege.
> * *Core Takeaway:* Least privilege gives minimum permissions.
---
*QUESTION 3:*
A software designer is using the principle of defense in depth. This means:
A) Multiple layers of security controls
B) A single layer of security
C) No security
D) Only physical security
> 🎯 *CORRECT ANSWER:* A) Multiple layers of security controls
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Defense in depth uses multiple layers.
> * *Why Distractors Fail:* Single layer, no security, and only physical are not defense in depth.
> * *Core Takeaway:* Defense in depth uses multiple layers.
---
*QUESTION 4:*
A software designer is using the principle of fail securely. What does this mean?
, A) The system should fail in a secure state
B) The system should fail in an insecure state
C) The system should ignore failures
D) The system should crash
> 🎯 *CORRECT ANSWER:* A) The system should fail in a secure state
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Fail securely means failing safely.
> * *Why Distractors Fail:* Insecure failure, ignoring, and crashing are not secure.
> * *Core Takeaway:* Fail securely means failing safely.
---
*QUESTION 5:*
A software designer is using the principle of secure defaults. What does this mean?
A) The system's default configuration should be secure
B) The system's default configuration should be insecure
C) The system's default configuration should be ignored
D) The system's default configuration should be complex
> 🎯 *CORRECT ANSWER:* A) The system's default configuration should be secure
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Secure defaults mean safe out-of-the-box.
> * *Why Distractors Fail:* Insecure, ignored, and complex defaults are not secure.
> * *Core Takeaway:* Secure defaults are safe out-of-the-box.
---
*QUESTION 6:*