WGU D487 SECURE SW DESIGN OA EXAM QUESTIONS AND
CORRECT ANSWERS (VERIFIED ANSWERS GRADED A+)
LATEST UPDATE 2024/2025
Which practice in the Ship (A5) phase of the security development cycle
bq bq bq bq bq bq bq bq bq bq bq
verifies whether the product meets security mandates? - CORRECT
bq bq bq bq bq bq bq bq bq
ANSWER A5 policy compliance analysis
bq bq bq bq bq
Which post-release support activity defines the process to communicate,
bq bq bq bq bq bq bq bq
identify, and alleviate security threats? - CORRECT ANSWER
bq bq bq bq bq bq bq bq
PRSA1: External vulnerability disclosure response
bq bq bq bq bq
What are two core practice areas of the OWASP Security Assurance
bq bq bq bq bq bq bq bq bq bq
Maturity Model (OpenSAMM)? - CORRECT ANSWER Governance,
bq bq bq bq bq bq bq
Construction
bq
Which practice in the Ship (A5) phase of the security development cycle
bq bq bq bq bq bq bq bq bq bq bq
uses tools to identify weaknesses in the product? - CORRECT
bq bq bq bq bq bq bq bq bq bq
ANSWER Vulnerability scan
bq bq bq
Which post-release support activity should be completed when
bq bq bq bq bq bq bq
companies are joining together? - CORRECT ANSWER Security
bq bq bq bq bq bq bq bq
architectural reviews
bq bq
,Which of the Ship (A5) deliverables of the security development cycle
bq bq bq bq bq bq bq bq bq bq
are performed during the A5 policy compliance analysis? - CORRECT
bq bq bq bq bq bq bq bq bq bq
ANSWER Analyze activities and standards
bq bq bq bq bq
Which of the Ship (A5) deliverables of the security development cycle
bq bq bq bq bq bq bq bq bq bq
are performed during the code-assisted penetration testing? -
bq bq bq bq bq bq bq bq
CORRECT ANSWER white-box security test
bq bq bq bq
Which of the Ship (A5) deliverables of the security development cycle
bq bq bq bq bq bq bq bq bq bq
are performed during the open-source licensing review? - CORRECT
bq bq bq bq bq bq bq bq bq
ANSWER license compliance
bq bq bq
Which of the Ship (A5) deliverables of the security development cycle
bq bq bq bq bq bq bq bq bq bq
are performed during the final security review? - CORRECT
bq bq bq bq bq bq bq bq bq
ANSWER Release and ship
bq bq bq bq
How can you establish your own SDL to build security into a process
bq bq bq bq bq bq bq bq bq bq bq bq
appropriate for your organization's needs based on agile? - CORRECT
bq bq bq bq bq bq bq bq bq bq
ANSWER iterative development
bq bq bq
How can you establish your own SDL to build security into a process
bq bq bq bq bq bq bq bq bq bq bq bq
appropriate for your organization's needs based on devops? -
bq bq bq bq bq bq bq bq bq
CORRECT ANSWER continuous integration and continuous
bq bq bq bq bq
deployments
bq
, How can you establish your own SDL to build security into a process
bq bq bq bq bq bq bq bq bq bq bq bq
appropriate for your organization's needs based on cloud? - CORRECT
bq bq bq bq bq bq bq bq bq bq
ANSWER API invocation processes
bq bq bq bq
How can you establish your own SDL to build security into a process
bq bq bq bq bq bq bq bq bq bq bq bq
appropriate for your organization's needs based on digital enterprise? -
bq bq bq bq bq bq bq bq bq bq
CORRECT ANSWER enables and improves business activities
bq bq bq bq bq bq bq
Which phase of penetration testing allows for remediation to be
bq bq bq bq bq bq bq bq bq
performed? - CORRECT ANSWER Deploy
bq bq bq bq bq
Which key deliverable occurs during post-release support? - CORRECT
bq bq bq bq bq bq bq bq
ANSWER third-party reviews
bq bq bq
Which business function of OpenSAMM is associated with governance?
bq bq bq bq bq bq bq bq
- CORRECT ANSWER Policy and compliance bq bq bq bq
Which business function of OpenSAMM is associated with construction?
bq bq bq bq bq bq bq bq
- CORRECT ANSWER Threat assessment
bq bq bq bq bq
Which business function of OpenSAMM is associated with verification?
bq bq bq bq bq bq bq bq
- CORRECT ANSWER Code review bq bq bq
Which business function of OpenSAMM is associated with deployment?
bq bq bq bq bq bq bq bq
- CORRECT ANSWER Vulnerability management bq bq bq
CORRECT ANSWERS (VERIFIED ANSWERS GRADED A+)
LATEST UPDATE 2024/2025
Which practice in the Ship (A5) phase of the security development cycle
bq bq bq bq bq bq bq bq bq bq bq
verifies whether the product meets security mandates? - CORRECT
bq bq bq bq bq bq bq bq bq
ANSWER A5 policy compliance analysis
bq bq bq bq bq
Which post-release support activity defines the process to communicate,
bq bq bq bq bq bq bq bq
identify, and alleviate security threats? - CORRECT ANSWER
bq bq bq bq bq bq bq bq
PRSA1: External vulnerability disclosure response
bq bq bq bq bq
What are two core practice areas of the OWASP Security Assurance
bq bq bq bq bq bq bq bq bq bq
Maturity Model (OpenSAMM)? - CORRECT ANSWER Governance,
bq bq bq bq bq bq bq
Construction
bq
Which practice in the Ship (A5) phase of the security development cycle
bq bq bq bq bq bq bq bq bq bq bq
uses tools to identify weaknesses in the product? - CORRECT
bq bq bq bq bq bq bq bq bq bq
ANSWER Vulnerability scan
bq bq bq
Which post-release support activity should be completed when
bq bq bq bq bq bq bq
companies are joining together? - CORRECT ANSWER Security
bq bq bq bq bq bq bq bq
architectural reviews
bq bq
,Which of the Ship (A5) deliverables of the security development cycle
bq bq bq bq bq bq bq bq bq bq
are performed during the A5 policy compliance analysis? - CORRECT
bq bq bq bq bq bq bq bq bq bq
ANSWER Analyze activities and standards
bq bq bq bq bq
Which of the Ship (A5) deliverables of the security development cycle
bq bq bq bq bq bq bq bq bq bq
are performed during the code-assisted penetration testing? -
bq bq bq bq bq bq bq bq
CORRECT ANSWER white-box security test
bq bq bq bq
Which of the Ship (A5) deliverables of the security development cycle
bq bq bq bq bq bq bq bq bq bq
are performed during the open-source licensing review? - CORRECT
bq bq bq bq bq bq bq bq bq
ANSWER license compliance
bq bq bq
Which of the Ship (A5) deliverables of the security development cycle
bq bq bq bq bq bq bq bq bq bq
are performed during the final security review? - CORRECT
bq bq bq bq bq bq bq bq bq
ANSWER Release and ship
bq bq bq bq
How can you establish your own SDL to build security into a process
bq bq bq bq bq bq bq bq bq bq bq bq
appropriate for your organization's needs based on agile? - CORRECT
bq bq bq bq bq bq bq bq bq bq
ANSWER iterative development
bq bq bq
How can you establish your own SDL to build security into a process
bq bq bq bq bq bq bq bq bq bq bq bq
appropriate for your organization's needs based on devops? -
bq bq bq bq bq bq bq bq bq
CORRECT ANSWER continuous integration and continuous
bq bq bq bq bq
deployments
bq
, How can you establish your own SDL to build security into a process
bq bq bq bq bq bq bq bq bq bq bq bq
appropriate for your organization's needs based on cloud? - CORRECT
bq bq bq bq bq bq bq bq bq bq
ANSWER API invocation processes
bq bq bq bq
How can you establish your own SDL to build security into a process
bq bq bq bq bq bq bq bq bq bq bq bq
appropriate for your organization's needs based on digital enterprise? -
bq bq bq bq bq bq bq bq bq bq
CORRECT ANSWER enables and improves business activities
bq bq bq bq bq bq bq
Which phase of penetration testing allows for remediation to be
bq bq bq bq bq bq bq bq bq
performed? - CORRECT ANSWER Deploy
bq bq bq bq bq
Which key deliverable occurs during post-release support? - CORRECT
bq bq bq bq bq bq bq bq
ANSWER third-party reviews
bq bq bq
Which business function of OpenSAMM is associated with governance?
bq bq bq bq bq bq bq bq
- CORRECT ANSWER Policy and compliance bq bq bq bq
Which business function of OpenSAMM is associated with construction?
bq bq bq bq bq bq bq bq
- CORRECT ANSWER Threat assessment
bq bq bq bq bq
Which business function of OpenSAMM is associated with verification?
bq bq bq bq bq bq bq bq
- CORRECT ANSWER Code review bq bq bq
Which business function of OpenSAMM is associated with deployment?
bq bq bq bq bq bq bq bq
- CORRECT ANSWER Vulnerability management bq bq bq
