WGU D487 Pre-Assessment: Secure Software Design (KEO1)
(PKEO) | 60+ (2025–2026 A+ Verified) Exam Q&A
The WGU D487 Pre-Assessment for Secure Software Design (KEO1 / PKEO) provides
an updated and comprehensive review of core security concepts tested in the 2025–2026 WGU
assessment. This verified Q&A resource includes 60+ expertly crafted and validated
questions with detailed solutions to help learners master secure coding and system
protection principles.
Introduction
This latest pre-assessment pack is designed to strengthen your understanding of key topics such
as software vulnerabilities, encryption standards, authentication mechanisms,
threat modeling, security frameworks, and secure system architecture. Each
question is paired with a clear explanation to promote concept retention and exam readiness.
Answer Format
All correct answers are highlighted in bold green, with detailed reasoning that enhances
comprehension of secure software design principles and risk mitigation strategies.
Questions 1–60
1. What is the primary objective of secure software design?
a) To maximize performance
b) To minimize security vulnerabilities and protect system integrity
c) To reduce development time
d) To simplify user interfaces
b) To minimize security vulnerabilities and protect system integrity
Rationale: Secure software design focuses on reducing vulnerabilities, ensuring confidentiality,
integrity, and availability through secure coding and architecture practices.
2. Which of the following is a common software vulnerability listed in the
OWASP Top 10?
a) Excessive logging
b) Injection attacks
c) Over-optimization
d) Code duplication
b) Injection attacks
Rationale: Injection attacks (e.g., SQL, command injection) are a top OWASP vulnerability,
allowing attackers to execute malicious code via unsanitized input.
3. What does the STRIDE model help identify in threat modeling?
a) Software performance issues
, b) Potential security threats
c) User interface flaws
d) Code optimization opportunities
b) Potential security threats
Rationale: STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of
Service, Elevation of Privilege) identifies security threats to guide mitigation.
4. Which encryption standard is recommended for securing sensitive data
in transit?
a) DES
b) TLS/SSL
c) MD5
d) RC4
b) TLS/SSL
Rationale: TLS/SSL is the standard for encrypting data in transit, ensuring secure
communication over networks (e.g., HTTPS).
5. What is a key practice to prevent Cross-Site Scripting (XSS) attacks?
a) Allowing all user input
b) Encoding user output
c) Disabling cookies
d) Using plain text passwords
b) Encoding user output
Rationale: Encoding user output (e.g., HTML or JavaScript encoding) prevents malicious
scripts from executing in users’ browsers.
6. What is the purpose of input validation in secure software design?
a) To improve system performance
b) To prevent injection attacks and ensure data integrity
c) To simplify user input
d) To reduce logging
b) To prevent injection attacks and ensure data integrity
Rationale: Input validation filters and sanitizes user input to prevent attacks like SQL injection
and XSS.
7. Which authentication mechanism provides the highest level of security?
a) Password-only authentication
b) Multi-Factor Authentication (MFA)
c) Single Sign-On (SSO)
d) Token-based authentication
b) Multi-Factor Authentication (MFA)
Rationale: MFA requires multiple verification factors (e.g., password, biometrics, token),
significantly reducing the risk of unauthorized access.
8. What is the primary goal of secure session management?
a) To store user passwords
(PKEO) | 60+ (2025–2026 A+ Verified) Exam Q&A
The WGU D487 Pre-Assessment for Secure Software Design (KEO1 / PKEO) provides
an updated and comprehensive review of core security concepts tested in the 2025–2026 WGU
assessment. This verified Q&A resource includes 60+ expertly crafted and validated
questions with detailed solutions to help learners master secure coding and system
protection principles.
Introduction
This latest pre-assessment pack is designed to strengthen your understanding of key topics such
as software vulnerabilities, encryption standards, authentication mechanisms,
threat modeling, security frameworks, and secure system architecture. Each
question is paired with a clear explanation to promote concept retention and exam readiness.
Answer Format
All correct answers are highlighted in bold green, with detailed reasoning that enhances
comprehension of secure software design principles and risk mitigation strategies.
Questions 1–60
1. What is the primary objective of secure software design?
a) To maximize performance
b) To minimize security vulnerabilities and protect system integrity
c) To reduce development time
d) To simplify user interfaces
b) To minimize security vulnerabilities and protect system integrity
Rationale: Secure software design focuses on reducing vulnerabilities, ensuring confidentiality,
integrity, and availability through secure coding and architecture practices.
2. Which of the following is a common software vulnerability listed in the
OWASP Top 10?
a) Excessive logging
b) Injection attacks
c) Over-optimization
d) Code duplication
b) Injection attacks
Rationale: Injection attacks (e.g., SQL, command injection) are a top OWASP vulnerability,
allowing attackers to execute malicious code via unsanitized input.
3. What does the STRIDE model help identify in threat modeling?
a) Software performance issues
, b) Potential security threats
c) User interface flaws
d) Code optimization opportunities
b) Potential security threats
Rationale: STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of
Service, Elevation of Privilege) identifies security threats to guide mitigation.
4. Which encryption standard is recommended for securing sensitive data
in transit?
a) DES
b) TLS/SSL
c) MD5
d) RC4
b) TLS/SSL
Rationale: TLS/SSL is the standard for encrypting data in transit, ensuring secure
communication over networks (e.g., HTTPS).
5. What is a key practice to prevent Cross-Site Scripting (XSS) attacks?
a) Allowing all user input
b) Encoding user output
c) Disabling cookies
d) Using plain text passwords
b) Encoding user output
Rationale: Encoding user output (e.g., HTML or JavaScript encoding) prevents malicious
scripts from executing in users’ browsers.
6. What is the purpose of input validation in secure software design?
a) To improve system performance
b) To prevent injection attacks and ensure data integrity
c) To simplify user input
d) To reduce logging
b) To prevent injection attacks and ensure data integrity
Rationale: Input validation filters and sanitizes user input to prevent attacks like SQL injection
and XSS.
7. Which authentication mechanism provides the highest level of security?
a) Password-only authentication
b) Multi-Factor Authentication (MFA)
c) Single Sign-On (SSO)
d) Token-based authentication
b) Multi-Factor Authentication (MFA)
Rationale: MFA requires multiple verification factors (e.g., password, biometrics, token),
significantly reducing the risk of unauthorized access.
8. What is the primary goal of secure session management?
a) To store user passwords
