D487 Secure SW Design Exam comprehensive questions and verified
answers ACTUAL EXAM 2025 TEST!! Graded A+ | 2025|2026 EXAM UPDA
1. Which practice in the Ship (A5) phase of the secu- A5 policy compliance
rity development cycle verifies whether the product analysis
meets security mandates?
2. Which post-release support activity defines the PRSA1: External vulnera-
process to communicate, identify, and alleviate secu- bility disclosure response
rity threats?
3. What are two core practice areas of the OWASP Secu- Governance, Construction
rity Assurance Maturity Model (OpenSAMM)?
4. Which practice in the Ship (A5) phase of the security Vulnerability scan
development cycle uses tools to identify weaknesses
in the product?
5. Which post-release support activity should be com- Security architectural re-
pleted when companies are joining together? views
6. Which of the Ship (A5) deliverables of the security Analyze activities and stan-
development cycle are performed during the A5 policy dards
compliance analysis?
7. Which of the Ship (A5) deliverables of the security white-box security test
development cycle are performed during the code-as-
sisted penetration testing?
8. Which of the Ship (A5) deliverables of the secu- license compliance
rity development cycle are performed during the
open-source licensing review?
9. Which of the Ship (A5) deliverables of the security Release and ship
development cycle are performed during the final se-
curity review?
, D487 Secure SW Design Exam comprehensive questions and verified
answers ACTUAL EXAM 2025 TEST!! Graded A+ | 2025|2026 EXAM UPDA
10. How can you establish your own SDL to build securi- iterative development
ty into a process appropriate for your organization's
needs based on agile?
11. How can you establish your own SDL to build securi- continuous integration
ty into a process appropriate for your organization's and continuous deploy-
needs based on devops? ments
12. How can you establish your own SDL to build securi- API invocation processes
ty into a process appropriate for your organization's
needs based on cloud?
13. How can you establish your own SDL to build securi- enables and improves
ty into a process appropriate for your organization's business activities
needs based on digital enterprise?
14. Which phase of penetration testing allows for remedi- Deploy
ation to be performed?
15. Which key deliverable occurs during post-release sup- third-party reviews
port?
16. Which business function of OpenSAMM is associated Policy and compliance
with governance?
17. Which business function of OpenSAMM is associated Threat assessment
with construction?
18. Which business function of OpenSAMM is associated Code review
with verification?
19. Vulnerability management
, D487 Secure SW Design Exam comprehensive questions and verified
answers ACTUAL EXAM 2025 TEST!! Graded A+ | 2025|2026 EXAM UPDA
Which business function of OpenSAMM is associated
with deployment?
20. What is the product risk profile? A security assessment de-
liverable that estimates
the actual cost of the
product.
21. A software security team member has been tasked Privacy impact assessment
with creating a deliverable that provides details on
where and to what degree sensitive customer infor-
mation is collected, stored, or created within a new
product offering. What does the team member need
to deliver in order to meet the objective?
22. What is the first phase in the security development life A1 Security Assessment
cycle?
23. What are the three areas of compliance requirements? Legal, financial, and in-
dustry standards
24. What term refers to how the system should function operational requirements
based on the environment in which the system will
operate?
25. During what phase of SDL do all key stakeholders dis- A1 Security Assessment
cuss, identify, and have common understandings of
the security and privacy implications, considerations,
and requirements?
26. What are the three areas of focus in secure software Gathering the software
requirements? requirements, data clas-
sification, and managing
answers ACTUAL EXAM 2025 TEST!! Graded A+ | 2025|2026 EXAM UPDA
1. Which practice in the Ship (A5) phase of the secu- A5 policy compliance
rity development cycle verifies whether the product analysis
meets security mandates?
2. Which post-release support activity defines the PRSA1: External vulnera-
process to communicate, identify, and alleviate secu- bility disclosure response
rity threats?
3. What are two core practice areas of the OWASP Secu- Governance, Construction
rity Assurance Maturity Model (OpenSAMM)?
4. Which practice in the Ship (A5) phase of the security Vulnerability scan
development cycle uses tools to identify weaknesses
in the product?
5. Which post-release support activity should be com- Security architectural re-
pleted when companies are joining together? views
6. Which of the Ship (A5) deliverables of the security Analyze activities and stan-
development cycle are performed during the A5 policy dards
compliance analysis?
7. Which of the Ship (A5) deliverables of the security white-box security test
development cycle are performed during the code-as-
sisted penetration testing?
8. Which of the Ship (A5) deliverables of the secu- license compliance
rity development cycle are performed during the
open-source licensing review?
9. Which of the Ship (A5) deliverables of the security Release and ship
development cycle are performed during the final se-
curity review?
, D487 Secure SW Design Exam comprehensive questions and verified
answers ACTUAL EXAM 2025 TEST!! Graded A+ | 2025|2026 EXAM UPDA
10. How can you establish your own SDL to build securi- iterative development
ty into a process appropriate for your organization's
needs based on agile?
11. How can you establish your own SDL to build securi- continuous integration
ty into a process appropriate for your organization's and continuous deploy-
needs based on devops? ments
12. How can you establish your own SDL to build securi- API invocation processes
ty into a process appropriate for your organization's
needs based on cloud?
13. How can you establish your own SDL to build securi- enables and improves
ty into a process appropriate for your organization's business activities
needs based on digital enterprise?
14. Which phase of penetration testing allows for remedi- Deploy
ation to be performed?
15. Which key deliverable occurs during post-release sup- third-party reviews
port?
16. Which business function of OpenSAMM is associated Policy and compliance
with governance?
17. Which business function of OpenSAMM is associated Threat assessment
with construction?
18. Which business function of OpenSAMM is associated Code review
with verification?
19. Vulnerability management
, D487 Secure SW Design Exam comprehensive questions and verified
answers ACTUAL EXAM 2025 TEST!! Graded A+ | 2025|2026 EXAM UPDA
Which business function of OpenSAMM is associated
with deployment?
20. What is the product risk profile? A security assessment de-
liverable that estimates
the actual cost of the
product.
21. A software security team member has been tasked Privacy impact assessment
with creating a deliverable that provides details on
where and to what degree sensitive customer infor-
mation is collected, stored, or created within a new
product offering. What does the team member need
to deliver in order to meet the objective?
22. What is the first phase in the security development life A1 Security Assessment
cycle?
23. What are the three areas of compliance requirements? Legal, financial, and in-
dustry standards
24. What term refers to how the system should function operational requirements
based on the environment in which the system will
operate?
25. During what phase of SDL do all key stakeholders dis- A1 Security Assessment
cuss, identify, and have common understandings of
the security and privacy implications, considerations,
and requirements?
26. What are the three areas of focus in secure software Gathering the software
requirements? requirements, data clas-
sification, and managing
