WGU D487 Practice Test: (Latest 2025/2026
Update) Secure Software Design Actual
Questions with Verified Answers &
Rationale |100% Correct| Graded A.
Question:
Which software methodology resembles an assembly-line approach?
i,- i,- i,- i,- i,- i,-
V-model
Agile model
i,-
Iterative model i,-
Waterfall model? i,-
Answer:
Waterfall model i,-
Waterfall model is a continuous software development model in which the
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
development steps flow steadily downwards.
i,- i,- i,- i,-
Question:
Which software methodology approach provides faster time to market
i,- i,- i,- i,- i,- i,- i,- i,- i,-
and higher business value?
i,- i,- i,-
,Iterative model i,-
Waterfall model i,-
V-model
Agile model? i,-
Answer:
Agile model i,-
In the agile model, projects are divided into small incremental builds that
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
provide working software at the end of each iteration and adds value to
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
business.
Question:
In Scrum methodology, who is responsible for making decisions on the
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
requirements?
Scrum Team i,-
Product Owner i,-
ScrumMaster
Technical Lead? i,-
Answer:
Product Owner i,-
The Product Owner is responsible for requirements/backlog items and
i,- i,- i,- i,- i,- i,- i,- i,- i,-
prioritizing them. i,-
,Question:
What is the reason software security teams host discovery meetings with
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
stakeholders early in the development life cycle? i,- i,- i,- i,- i,- i,-
To determine how much budget is available for new security tools
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
To meet the development team
i,- i,- i,- i,-
To refactor functional requirements to ensure security is included
i,- i,- i,- i,- i,- i,- i,- i,-
To ensure that security is built into the product from the start?
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
Answer:
To ensure that security is built into the product from the start
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
To correctly and cost-effectively introduce security into the software
i,- i,- i,- i,- i,- i,- i,- i,- i,-
development life cycle, it needs to be done early. i,- i,- i,- i,- i,- i,- i,- i,-
Question:
Why should a security team provide documented certification
i,- i,- i,- i,- i,- i,- i,- i,-
requirements during the software assessment phase? i,- i,- i,- i,- i,-
Certification is required if the organization wants to move to the cloud.
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
Depending on the environment in which the product resides, certifications
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
may be required by corporate or government entities before the software
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
can be released to customers.
i,- i,- i,- i,-
By ensuring software products are certified, the organization is protected
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
from future litigation.
i,- i,-
, By ensuring all developers have security certifications before writing any
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
code, teams can forego discovery sessions.?
i,- i,- i,- i,- i,-
Answer:
Depending on the environment in which the product resides, certifications
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
may be required by corporate or government entities before the software
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
can be released to customers.
i,- i,- i,- i,-
Any new product may need to be certified based on the data it stores, the
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
frameworks it uses, or the domain in which it resides. Those certification
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
requirements need to be analyzed and documented early in thei,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
development life cycle. i,- i,-
Question:
What are two items that should be included in the privacy impact
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
assessment plan regardless of which methodology is used?Choose 2
i,- i,- i,- i,- i,- i,- i,- i,- i,-
answers.
Required process steps i,- i,-
Technologies and techniques i,- i,-
SDL project outline
i,- i,-
Threat modeling i,-
Post-implementation signoffs? i,-
Answer:
Required process steps i,- i,-
Technologies and techniques i,- i,-
Update) Secure Software Design Actual
Questions with Verified Answers &
Rationale |100% Correct| Graded A.
Question:
Which software methodology resembles an assembly-line approach?
i,- i,- i,- i,- i,- i,-
V-model
Agile model
i,-
Iterative model i,-
Waterfall model? i,-
Answer:
Waterfall model i,-
Waterfall model is a continuous software development model in which the
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
development steps flow steadily downwards.
i,- i,- i,- i,-
Question:
Which software methodology approach provides faster time to market
i,- i,- i,- i,- i,- i,- i,- i,- i,-
and higher business value?
i,- i,- i,-
,Iterative model i,-
Waterfall model i,-
V-model
Agile model? i,-
Answer:
Agile model i,-
In the agile model, projects are divided into small incremental builds that
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
provide working software at the end of each iteration and adds value to
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
business.
Question:
In Scrum methodology, who is responsible for making decisions on the
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
requirements?
Scrum Team i,-
Product Owner i,-
ScrumMaster
Technical Lead? i,-
Answer:
Product Owner i,-
The Product Owner is responsible for requirements/backlog items and
i,- i,- i,- i,- i,- i,- i,- i,- i,-
prioritizing them. i,-
,Question:
What is the reason software security teams host discovery meetings with
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
stakeholders early in the development life cycle? i,- i,- i,- i,- i,- i,-
To determine how much budget is available for new security tools
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
To meet the development team
i,- i,- i,- i,-
To refactor functional requirements to ensure security is included
i,- i,- i,- i,- i,- i,- i,- i,-
To ensure that security is built into the product from the start?
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
Answer:
To ensure that security is built into the product from the start
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
To correctly and cost-effectively introduce security into the software
i,- i,- i,- i,- i,- i,- i,- i,- i,-
development life cycle, it needs to be done early. i,- i,- i,- i,- i,- i,- i,- i,-
Question:
Why should a security team provide documented certification
i,- i,- i,- i,- i,- i,- i,- i,-
requirements during the software assessment phase? i,- i,- i,- i,- i,-
Certification is required if the organization wants to move to the cloud.
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
Depending on the environment in which the product resides, certifications
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
may be required by corporate or government entities before the software
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
can be released to customers.
i,- i,- i,- i,-
By ensuring software products are certified, the organization is protected
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
from future litigation.
i,- i,-
, By ensuring all developers have security certifications before writing any
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
code, teams can forego discovery sessions.?
i,- i,- i,- i,- i,-
Answer:
Depending on the environment in which the product resides, certifications
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
may be required by corporate or government entities before the software
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
can be released to customers.
i,- i,- i,- i,-
Any new product may need to be certified based on the data it stores, the
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
frameworks it uses, or the domain in which it resides. Those certification
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
requirements need to be analyzed and documented early in thei,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
development life cycle. i,- i,-
Question:
What are two items that should be included in the privacy impact
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-
assessment plan regardless of which methodology is used?Choose 2
i,- i,- i,- i,- i,- i,- i,- i,- i,-
answers.
Required process steps i,- i,-
Technologies and techniques i,- i,-
SDL project outline
i,- i,-
Threat modeling i,-
Post-implementation signoffs? i,-
Answer:
Required process steps i,- i,-
Technologies and techniques i,- i,-
