WGU D487 OA 2025 WITH 80 QUESTIONS AND CORRECT
ANSWERS (100% CORRECT VERIFIED ANSWERS) D487
SECURE SOFTWARE DESIGN OBJECTIVE ASSESSMENT 2025
What is the study of real-world software security initiatives organized so companies can measure
their initiatives and understand how to evolve them over time?
-Building Security in Maturity Model (BSIMM)
-Security features and design
-OWASP Software Assurance Maturity Model (SAMM)
-ISO 27001 - ANSWER--Building Security in Maturity Model (BSIMM)
What is the analysis of computer software that is performed without executing programs?
-static analysis
-fuzzing
-dynamic analysis
-owasp zap - ANSWER--static analysis
Which secure coding best practice says to use parameterized queries, encrypted connection strings
stored in separate configuration files, and strong passwords or multi-factor authentication?
-access control
-database security
-file management
-session management - ANSWER--database security
which secure coding best practice says that all information passed to other systems should be
encrypted?
-output encoding
-memory management
-communication security
-database security - ANSWER--communication security
, A company is preparing to add a new feature to its flagship software product. The new feature is
similar to features that have been added in previous years, and the requirements are well-
documented. The project is expected to last three to four months, at which time the new feature will
be released to customers. Project team members will focus solely on the new feature until the
project ends. Which software development methodology is being used?
-Agile
-Waterfall
-Scrum
-Extreme programming - ANSWER--waterfall
A new product will require an administration section for a small number of users. Normal users will
be able to view limited customer information and should not see admin functionality within the
application. Which concept is being used?
-privacy
-POLP
-software security champion
-elevation of privilege - ANSWER--POLP
The software security team is currently working to identify approaches for input validation,
authentication, authorization, and configuration management of a new software product so they can
deliver a security profile. Which threat modeling step is being described?
-Rating threats
-Identifying and documenting threats
-analyzing the target
-drawing data flow diagram - ANSWER--analyzing the target
The scrum team is attending their morning meeting, which is scheduled at the beginning of the work
day. Each team member reports what they accomplished yesterday, what they plan to accomplish
today, and if they have any impediments that may cause them to miss their delivery deadline.
Which scrum ceremony is the team participating in?
-Daily scrum
-Sprint review
-Sprint retrospective
-Sprint planning - ANSWER--Daily scrum
ANSWERS (100% CORRECT VERIFIED ANSWERS) D487
SECURE SOFTWARE DESIGN OBJECTIVE ASSESSMENT 2025
What is the study of real-world software security initiatives organized so companies can measure
their initiatives and understand how to evolve them over time?
-Building Security in Maturity Model (BSIMM)
-Security features and design
-OWASP Software Assurance Maturity Model (SAMM)
-ISO 27001 - ANSWER--Building Security in Maturity Model (BSIMM)
What is the analysis of computer software that is performed without executing programs?
-static analysis
-fuzzing
-dynamic analysis
-owasp zap - ANSWER--static analysis
Which secure coding best practice says to use parameterized queries, encrypted connection strings
stored in separate configuration files, and strong passwords or multi-factor authentication?
-access control
-database security
-file management
-session management - ANSWER--database security
which secure coding best practice says that all information passed to other systems should be
encrypted?
-output encoding
-memory management
-communication security
-database security - ANSWER--communication security
, A company is preparing to add a new feature to its flagship software product. The new feature is
similar to features that have been added in previous years, and the requirements are well-
documented. The project is expected to last three to four months, at which time the new feature will
be released to customers. Project team members will focus solely on the new feature until the
project ends. Which software development methodology is being used?
-Agile
-Waterfall
-Scrum
-Extreme programming - ANSWER--waterfall
A new product will require an administration section for a small number of users. Normal users will
be able to view limited customer information and should not see admin functionality within the
application. Which concept is being used?
-privacy
-POLP
-software security champion
-elevation of privilege - ANSWER--POLP
The software security team is currently working to identify approaches for input validation,
authentication, authorization, and configuration management of a new software product so they can
deliver a security profile. Which threat modeling step is being described?
-Rating threats
-Identifying and documenting threats
-analyzing the target
-drawing data flow diagram - ANSWER--analyzing the target
The scrum team is attending their morning meeting, which is scheduled at the beginning of the work
day. Each team member reports what they accomplished yesterday, what they plan to accomplish
today, and if they have any impediments that may cause them to miss their delivery deadline.
Which scrum ceremony is the team participating in?
-Daily scrum
-Sprint review
-Sprint retrospective
-Sprint planning - ANSWER--Daily scrum
