WGU D487 SECURE SW DESIGN OA EXAM 2025/2026 ACTUAL
EXAM COMPLETE ACCURATE EXAM QUESTIONS WITH
DETAILED VERIFIED ANSWERS (100% CORRECT ANSWERS)
/ALREADY GRADED A+
What are the three areas of focus in secure software
requirements? - ANSWER-Gathering the software
requirements, data classification, and managing data
protection requirements
During what phase of SDL is an initial project outline for
security milestones developed and integrated into the
development project schedule? - ANSWER-
A1 Security Assessment
What is the order that code reviews should follow in order to be
effective? - ANSWER-Identify security code review objectives,
perform preliminary scan, review code for security issues,
review the code for security issues unique to the architecture
When a software application handles personally identifiable
information (PII)
data, what will be the Privacy Impact Rating? - ANSWER-P1
High Privacy Risk
,Which key success factor identifies threats to the
software? - ANSWER-
Effective threat
modeling
What is the goal of design security review deliverables? -
ANSWER-To make
modifications to the design of software components
based on security
assessments
Which application scanner component is useful in identifying
vulnerabilities such
as cookie misconfigurations and insecure configuration of
HTTP response
headers? - ANSWER-passive
scanner
Which type of attack occurs when an attacker uses malicious
code in the data
sent in a form? - ANSWER-cross-site
scripting
,What tool is a self-managed, automatic code review
product? - ANSWER-
SonarQube
What tool is an open-source automation server? - ANSWER-
Jenkins
What tool is a proprietary issue tracking product? - ANSWER-
JIRA
What tool is an AI powered management solution? - ANSWER-
Dynatrace
A new application is released, and users perform initial testing
on the application.Which type of testing are the users
performing? - ANSWER-Beta testing
What is a non-system-related component in software
security testing attack
surface validation? -
ANSWER-Users
When an application's input validation is not handled properly,
it could result in
, which kind of vulnerabilities? - ANSWER-SQL injection,
cross-site scripting
What are the advantages of the conducting static code
analysis? - ANSWER-
access to the actual instructions the software will
be guessing
What are the advantages of the conducting dynamic
code analysis? -
ANSWER-tests a specific operational
deployment
What are the advantages of the conducting fuzz testing? -
ANSWER-testing in a
random
approach
What are the advantages of the conducting manual source
code review? -
ANSWER-requires no supporting
technology
What is phase five of the SDL? - ANSWER-A5 Ship
EXAM COMPLETE ACCURATE EXAM QUESTIONS WITH
DETAILED VERIFIED ANSWERS (100% CORRECT ANSWERS)
/ALREADY GRADED A+
What are the three areas of focus in secure software
requirements? - ANSWER-Gathering the software
requirements, data classification, and managing data
protection requirements
During what phase of SDL is an initial project outline for
security milestones developed and integrated into the
development project schedule? - ANSWER-
A1 Security Assessment
What is the order that code reviews should follow in order to be
effective? - ANSWER-Identify security code review objectives,
perform preliminary scan, review code for security issues,
review the code for security issues unique to the architecture
When a software application handles personally identifiable
information (PII)
data, what will be the Privacy Impact Rating? - ANSWER-P1
High Privacy Risk
,Which key success factor identifies threats to the
software? - ANSWER-
Effective threat
modeling
What is the goal of design security review deliverables? -
ANSWER-To make
modifications to the design of software components
based on security
assessments
Which application scanner component is useful in identifying
vulnerabilities such
as cookie misconfigurations and insecure configuration of
HTTP response
headers? - ANSWER-passive
scanner
Which type of attack occurs when an attacker uses malicious
code in the data
sent in a form? - ANSWER-cross-site
scripting
,What tool is a self-managed, automatic code review
product? - ANSWER-
SonarQube
What tool is an open-source automation server? - ANSWER-
Jenkins
What tool is a proprietary issue tracking product? - ANSWER-
JIRA
What tool is an AI powered management solution? - ANSWER-
Dynatrace
A new application is released, and users perform initial testing
on the application.Which type of testing are the users
performing? - ANSWER-Beta testing
What is a non-system-related component in software
security testing attack
surface validation? -
ANSWER-Users
When an application's input validation is not handled properly,
it could result in
, which kind of vulnerabilities? - ANSWER-SQL injection,
cross-site scripting
What are the advantages of the conducting static code
analysis? - ANSWER-
access to the actual instructions the software will
be guessing
What are the advantages of the conducting dynamic
code analysis? -
ANSWER-tests a specific operational
deployment
What are the advantages of the conducting fuzz testing? -
ANSWER-testing in a
random
approach
What are the advantages of the conducting manual source
code review? -
ANSWER-requires no supporting
technology
What is phase five of the SDL? - ANSWER-A5 Ship
