WGU D487 OA EXAM | Secure Software
Design Exam | 100+ Questions and
Correct Answers Rated A+ | 2025/2026
Guide
What is the primary benefit of conducting threat modeling in the software
development lifecycle?
A) It focuses only on increasing application speed
B) It provides a repeatable process for identifying and mitigating security
risks, enhancing security awareness across the team
C) It ensures all team members prioritize design aesthetics
D) It delays the need for security assessments until deployment
- Correct Answer - B) It provides a repeatable process for identifying and
mitigating security risks, enhancing security awareness across the team
Which of the following best describes the purpose of involving multiple
team members in threat modeling?
A) To reduce the number of security requirements
B) To gather a broad range of insights, ensuring a thorough assessment
of security risks from various perspectives
C) To prioritize aesthetics over security risks
D) To streamline the SDL by limiting team involvement
,- Correct Answer - B) To gather a broad range of insights, ensuring a
thorough assessment of security risks from various perspectives
When is threat modeling ideally performed to maximize its benefits in the
SDL?
A) At the very end of the SDL
B) Early in the SDL, during the requirements or design phase, and
iteratively throughout development
C) Only after testing is complete
D) Exclusively after user feedback is gathered
- Correct Answer - B) Early in the SDL, during the requirements or
design phase, and iteratively throughout development
What is a major advantage of threat modeling for a development team?
A) It limits the number of features that need testing
B) It helps prioritize security risks, focusing efforts on the highest risks
first
C) It replaces the need for functional testing
D) It ensures all code remains the same throughout the SDL
- Correct Answer - B) It helps prioritize security risks, focusing efforts on
the highest risks first
How does threat modeling support collaboration within the software
development team?
,A) By allowing each team member to work independently without sharing
information
B) By encouraging team members from different areas to contribute
insights, promoting shared understanding of security risks and
requirements
C) By reducing the involvement of non-technical team members
D) By avoiding discussions about application architecture
- Correct Answer - B) By encouraging team members from different
areas to contribute insights, promoting shared understanding of security
risks and requirements
Which threat modeling approach is most suitable when the primary focus
is on protecting high-value assets within an application?
A) Attacker-centric
B) Application-centric
C) Asset-centric
D) Agile-centric
- Correct Answer - C) Asset-centric
What is a potential disadvantage of using the attacker-centric approach
in threat modeling?
A) It lacks a clear structure for identifying threats
B) It relies heavily on specialized security knowledge and may introduce
bias
, C) It primarily focuses on external compliance requirements
D) It is limited to asset protection only
- Correct Answer - B) It relies heavily on specialized security knowledge
and may introduce bias
Which threat modeling approach starts with analyzing the architecture
and data flows within the application?
A) Asset-centric
B) Attacker-centric
C) Application-centric
D) Developer-centric
- Correct Answer - C) Application-centric
The application-centric approach is particularly useful for which type of
teams?
A) Teams without access to data flow diagrams (DFDs)
B) Teams familiar with the application's architecture and internal data
flows
C) Teams with a primary focus on external threats
D) Teams focusing exclusively on asset valuation
- Correct Answer - B) Teams familiar with the application's architecture
and internal data flows
Design Exam | 100+ Questions and
Correct Answers Rated A+ | 2025/2026
Guide
What is the primary benefit of conducting threat modeling in the software
development lifecycle?
A) It focuses only on increasing application speed
B) It provides a repeatable process for identifying and mitigating security
risks, enhancing security awareness across the team
C) It ensures all team members prioritize design aesthetics
D) It delays the need for security assessments until deployment
- Correct Answer - B) It provides a repeatable process for identifying and
mitigating security risks, enhancing security awareness across the team
Which of the following best describes the purpose of involving multiple
team members in threat modeling?
A) To reduce the number of security requirements
B) To gather a broad range of insights, ensuring a thorough assessment
of security risks from various perspectives
C) To prioritize aesthetics over security risks
D) To streamline the SDL by limiting team involvement
,- Correct Answer - B) To gather a broad range of insights, ensuring a
thorough assessment of security risks from various perspectives
When is threat modeling ideally performed to maximize its benefits in the
SDL?
A) At the very end of the SDL
B) Early in the SDL, during the requirements or design phase, and
iteratively throughout development
C) Only after testing is complete
D) Exclusively after user feedback is gathered
- Correct Answer - B) Early in the SDL, during the requirements or
design phase, and iteratively throughout development
What is a major advantage of threat modeling for a development team?
A) It limits the number of features that need testing
B) It helps prioritize security risks, focusing efforts on the highest risks
first
C) It replaces the need for functional testing
D) It ensures all code remains the same throughout the SDL
- Correct Answer - B) It helps prioritize security risks, focusing efforts on
the highest risks first
How does threat modeling support collaboration within the software
development team?
,A) By allowing each team member to work independently without sharing
information
B) By encouraging team members from different areas to contribute
insights, promoting shared understanding of security risks and
requirements
C) By reducing the involvement of non-technical team members
D) By avoiding discussions about application architecture
- Correct Answer - B) By encouraging team members from different
areas to contribute insights, promoting shared understanding of security
risks and requirements
Which threat modeling approach is most suitable when the primary focus
is on protecting high-value assets within an application?
A) Attacker-centric
B) Application-centric
C) Asset-centric
D) Agile-centric
- Correct Answer - C) Asset-centric
What is a potential disadvantage of using the attacker-centric approach
in threat modeling?
A) It lacks a clear structure for identifying threats
B) It relies heavily on specialized security knowledge and may introduce
bias
, C) It primarily focuses on external compliance requirements
D) It is limited to asset protection only
- Correct Answer - B) It relies heavily on specialized security knowledge
and may introduce bias
Which threat modeling approach starts with analyzing the architecture
and data flows within the application?
A) Asset-centric
B) Attacker-centric
C) Application-centric
D) Developer-centric
- Correct Answer - C) Application-centric
The application-centric approach is particularly useful for which type of
teams?
A) Teams without access to data flow diagrams (DFDs)
B) Teams familiar with the application's architecture and internal data
flows
C) Teams with a primary focus on external threats
D) Teams focusing exclusively on asset valuation
- Correct Answer - B) Teams familiar with the application's architecture
and internal data flows
