WGU D487 OA SECURE SOFTWARE DESIGN EXAM BANK |
ACCURATE AND VERIFIED WITH RATIONALES FOR
GUARANTEED PASS | LATEST UPDATE
1) The ______ report should provide progress against privacy requirements provided in
earlier phases and note any new laws/regulations to roadmap.
A. Security Testing Report
B. Privacy Compliance Report
C. Remediation Dashboard
D. Final Privacy Review
Correct: B
Rationale: You specified “Privacy Compliance Report” tracks progress vs. earlier privacy
requirements and new regs.
2) A findings summary should be prepared for manual code review, static/dynamic analysis,
pen testing, and fuzzing. These are:
A. Remediation Reports
B. Final Security Reviews
C. Security Testing Reports
D. Metrics Templates
Correct: C
Rationale: “Security Testing Reports” summarize test types, issue counts, and themes.
3) A ____ report/dashboard should be prepared and updated to show technical security
posture and risk.
,A. Remediation Report
B. Architecture Threat Analysis
C. Certification Status
D. Policy Compliance Summary
Correct: A
Rationale: You named this as the ongoing technical risk posture dashboard.
4) SDL Phase 1 (A1) key activities (Security team discovery meeting, PIA plan, etc.) belong
to:
A. Security Assessment
B. Architecture
C. Design & Development
D. Ship
Correct: A
Rationale: These bullets were listed under Security Assessment (A1).
5) SDL Phase 2 (A2) key activities (policy scoping, threat modeling, OSS selection, privacy
analysis) are part of:
A. Security Assessment
B. Architecture
C. Design & Development
D. Readiness
Correct: B
Rationale: The “Architecture” phase covers those activities.
6) SDL Phase 3 (A3) key activities (security test plan, static analysis updates, privacy
implementation assessment) belong to:
,A. Architecture
B. Ship
C. Design & Development
D. Readiness
Correct: C
Rationale: Listed as A3 Design & Development.
7) SDL Phase 4 (A4) activities (test execution, static analysis, fuzzing, privacy code
review/validation) correspond to:
A. Security Assessment
B. Architecture
C. Design & Development Cont.
D. Ship
Correct: C
Rationale: You labeled A4 as “Design & Development Cont.”
8) SDL Phase 5 (A5) activities (vuln scan, pen test, OSS license review, final privacy review)
correspond to:
A. Readiness
B. Design & Development
C. Architecture
D. Ship
Correct: D
Rationale: A5 = Ship / Release & Launch.
9) Product risk profile in A1 (Security Assessment) is used to:
, A. Define CIA
B. Estimate actual product cost
C. Build test cases
D. Choose fuzz targets
Correct: B
Rationale: You stated it estimates actual cost.
10) SDL project outline in A1 aims to:
A. Track CVSS
B. Map SDL activities to the dev schedule
C. Approve OSS licenses
D. Run DAST
Correct: B
Rationale: Purpose is aligning SDL with schedule.
11) Applicable laws/regulations in A1 are important because they:
A. Create STRIDE outputs
B. Obtain formal sign-off from stakeholders
C. Select code scanners
D. Approve pen tests
Correct: B
Rationale: Stakeholder sign-off on applicable laws.
12) The A1 Threat profile is used to:
A. Select OSS
B. Guide SDL activities to mitigate threats
ACCURATE AND VERIFIED WITH RATIONALES FOR
GUARANTEED PASS | LATEST UPDATE
1) The ______ report should provide progress against privacy requirements provided in
earlier phases and note any new laws/regulations to roadmap.
A. Security Testing Report
B. Privacy Compliance Report
C. Remediation Dashboard
D. Final Privacy Review
Correct: B
Rationale: You specified “Privacy Compliance Report” tracks progress vs. earlier privacy
requirements and new regs.
2) A findings summary should be prepared for manual code review, static/dynamic analysis,
pen testing, and fuzzing. These are:
A. Remediation Reports
B. Final Security Reviews
C. Security Testing Reports
D. Metrics Templates
Correct: C
Rationale: “Security Testing Reports” summarize test types, issue counts, and themes.
3) A ____ report/dashboard should be prepared and updated to show technical security
posture and risk.
,A. Remediation Report
B. Architecture Threat Analysis
C. Certification Status
D. Policy Compliance Summary
Correct: A
Rationale: You named this as the ongoing technical risk posture dashboard.
4) SDL Phase 1 (A1) key activities (Security team discovery meeting, PIA plan, etc.) belong
to:
A. Security Assessment
B. Architecture
C. Design & Development
D. Ship
Correct: A
Rationale: These bullets were listed under Security Assessment (A1).
5) SDL Phase 2 (A2) key activities (policy scoping, threat modeling, OSS selection, privacy
analysis) are part of:
A. Security Assessment
B. Architecture
C. Design & Development
D. Readiness
Correct: B
Rationale: The “Architecture” phase covers those activities.
6) SDL Phase 3 (A3) key activities (security test plan, static analysis updates, privacy
implementation assessment) belong to:
,A. Architecture
B. Ship
C. Design & Development
D. Readiness
Correct: C
Rationale: Listed as A3 Design & Development.
7) SDL Phase 4 (A4) activities (test execution, static analysis, fuzzing, privacy code
review/validation) correspond to:
A. Security Assessment
B. Architecture
C. Design & Development Cont.
D. Ship
Correct: C
Rationale: You labeled A4 as “Design & Development Cont.”
8) SDL Phase 5 (A5) activities (vuln scan, pen test, OSS license review, final privacy review)
correspond to:
A. Readiness
B. Design & Development
C. Architecture
D. Ship
Correct: D
Rationale: A5 = Ship / Release & Launch.
9) Product risk profile in A1 (Security Assessment) is used to:
, A. Define CIA
B. Estimate actual product cost
C. Build test cases
D. Choose fuzz targets
Correct: B
Rationale: You stated it estimates actual cost.
10) SDL project outline in A1 aims to:
A. Track CVSS
B. Map SDL activities to the dev schedule
C. Approve OSS licenses
D. Run DAST
Correct: B
Rationale: Purpose is aligning SDL with schedule.
11) Applicable laws/regulations in A1 are important because they:
A. Create STRIDE outputs
B. Obtain formal sign-off from stakeholders
C. Select code scanners
D. Approve pen tests
Correct: B
Rationale: Stakeholder sign-off on applicable laws.
12) The A1 Threat profile is used to:
A. Select OSS
B. Guide SDL activities to mitigate threats
