D487 WGU Secure SW Design Test Guide Exam
with Questions and Correct Answers
100% Graded A+
1. Which practice in the Ship (A5) phase of the security development cycle
verifies whether the product meets security mandates?: A5 policy compliance
analysis
2. Which post-release support activity defines the process to communicate,
identify, and alleviate security threats?: PRSA1: External vulnerability disclosure
response
3. What are two core practice areas of the OWASP Security Assurance Maturity
Model (OpenSAMM)?: Governance, Construction
4. Which practice in the Ship (A5) phase of the security development cycle
uses tools to identify weaknesses in the product?: Vulnerability scan
5. Which post-release support activity should be completed when companiesare
joining together?: Security architectural reviews
6. Which of the Ship (A5) deliverables of the security development cycle are
performed during the A5 policy compliance analysis?: Analyze activities and
1/9
,standards
7. Which of the Ship (A5) deliverables of the security development cycle are
performed during the code-assisted penetration testing?: white-box securitytest
8. Which of the Ship (A5) deliverables of the security development cycle are
performed during the open-source licensing review?: license compliance
9. Which of the Ship (A5) deliverables of the security development cycle are
performed during the final security review?: Release and ship
10. How can you establish your own SDL to build security into a process ap-
propriate for your organization's needs based on agile?: iterative development
11. How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on devops?: continuous inte-
gration and continuous deployments
12. How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on cloud?: API invocation
processes
13. How can you establish your own SDL to build security into a process ap-
propriate for your organization's needs based on digital enterprise?: enables and
improves business activities
2/9
, 14. Which phase of penetration testing allows for remediation to be per-
formed?: Deploy
15. Which key deliverable occurs during post-release support?: third-party re-
views
16. Which business function of OpenSAMM is associated with governance?-
: Policy and compliance
3/9
with Questions and Correct Answers
100% Graded A+
1. Which practice in the Ship (A5) phase of the security development cycle
verifies whether the product meets security mandates?: A5 policy compliance
analysis
2. Which post-release support activity defines the process to communicate,
identify, and alleviate security threats?: PRSA1: External vulnerability disclosure
response
3. What are two core practice areas of the OWASP Security Assurance Maturity
Model (OpenSAMM)?: Governance, Construction
4. Which practice in the Ship (A5) phase of the security development cycle
uses tools to identify weaknesses in the product?: Vulnerability scan
5. Which post-release support activity should be completed when companiesare
joining together?: Security architectural reviews
6. Which of the Ship (A5) deliverables of the security development cycle are
performed during the A5 policy compliance analysis?: Analyze activities and
1/9
,standards
7. Which of the Ship (A5) deliverables of the security development cycle are
performed during the code-assisted penetration testing?: white-box securitytest
8. Which of the Ship (A5) deliverables of the security development cycle are
performed during the open-source licensing review?: license compliance
9. Which of the Ship (A5) deliverables of the security development cycle are
performed during the final security review?: Release and ship
10. How can you establish your own SDL to build security into a process ap-
propriate for your organization's needs based on agile?: iterative development
11. How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on devops?: continuous inte-
gration and continuous deployments
12. How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on cloud?: API invocation
processes
13. How can you establish your own SDL to build security into a process ap-
propriate for your organization's needs based on digital enterprise?: enables and
improves business activities
2/9
, 14. Which phase of penetration testing allows for remediation to be per-
formed?: Deploy
15. Which key deliverable occurs during post-release support?: third-party re-
views
16. Which business function of OpenSAMM is associated with governance?-
: Policy and compliance
3/9
