WGU - D487 Questions with Detailed Verified
Answers
Deployment Phase (SDLC) Ans: Security is pushed out
Design Phase (SDLC) Ans: Requirements are prepared for the technical design
Implementation Phase Ans: The resources involved in the application from a known
resource are determined
Maintenance Phase Ans: Ongoing security monitoring is implemented
Planning Phase of SDLC Ans: vision and next steps are created
secure code Ans: a principle design in coding that refers to code security best
practices, safeguards, and protection against vulnerabilities
threat modeling Ans: a structured process to protect against vulnerabilities
What are the three core elements of security Ans: confidentiality, integrity, and
availability
8 phases of the SDLC Ans: planning, requirements, design, implementation, testing,
deployment, maintenance and end of life
What is software security Ans: Security that deals with securing the foundational
programmatic logic of the underlying software
Which part of the CIA keeps unauthorized users from accessing confidential
information Ans: Confidentiality
,BSIMM Ans: a study of real-world software security that allows you to develop your
software security over time
dynamic analysis Ans: analysis of computer software that is performed when executing
the program on a real or virtual processor in real time
fuzz testing Ans: automated or semi-automated testing that provides invalid,
unexpected, or random data to the computer program.
measure model Ans: A set of data security methods that developers take to protect
against vulnerabilities
metric model Ans: allows organizations to determine the effectiveness of their
security controls
OWASP Ans: A flexible and prospective framework to build security into your
software development organization
static analysis Ans: The analysis of computer software that is performed without
executing programs
Computer Vulnerabilities and Exposures Ans: A list of information that aims to
provide common names for publicly known security vulnerabilities
What are the three primary tools basic to the SDLC Ans: Fuzz testing, static analysis,
and dynamic analysis testing
In which phase of the SDLC should the software security team be involved Ans:
Concept
Waterfall Ans: An approach that divides the process of software development into
separate phases. The outcome of one phase acts as the input for the next phase
© Get it right 2025 Getaway - Stuvia US All rights reserved
, Waterfall advantages Ans: Splitting into different stages makes it easier for an
organization to control the development process.
Waterfall Disadvantages Ans: Does not allow time for reflection or a revision to the
design
Agile Ans: Uses collaboration between self-organizing and cross-functional teams. 4
core values and 12 principles
Agile Advantage Ans: customer satisfaction through rapid, continuous delivery of
useful software
Agile disadvantage Ans: difficult to asses the effort required at the beginning of the
SDL
SCRUM Ans: Development team that works flexibly and holistically to reach a
common goal
Extreme Programming (XP) Ans: Intends to improve software quality and
responsiveness
What determines the order of items in a product backlog in Scrum Ans: Order is
decided based on value of the items being delivered
Why is the waterfall methodology most useful for smaller projects Ans: When a
project is smaller, the risk of changing requirements and scope is lower
What are the two common best principles of software applications in the development
process Ans: Quality and Secure code
What ensures that the user has the appropriate role and privilege to view data Ans:
Authorization
© Get it right 2025 Getaway - Stuvia US All rights reserved
Answers
Deployment Phase (SDLC) Ans: Security is pushed out
Design Phase (SDLC) Ans: Requirements are prepared for the technical design
Implementation Phase Ans: The resources involved in the application from a known
resource are determined
Maintenance Phase Ans: Ongoing security monitoring is implemented
Planning Phase of SDLC Ans: vision and next steps are created
secure code Ans: a principle design in coding that refers to code security best
practices, safeguards, and protection against vulnerabilities
threat modeling Ans: a structured process to protect against vulnerabilities
What are the three core elements of security Ans: confidentiality, integrity, and
availability
8 phases of the SDLC Ans: planning, requirements, design, implementation, testing,
deployment, maintenance and end of life
What is software security Ans: Security that deals with securing the foundational
programmatic logic of the underlying software
Which part of the CIA keeps unauthorized users from accessing confidential
information Ans: Confidentiality
,BSIMM Ans: a study of real-world software security that allows you to develop your
software security over time
dynamic analysis Ans: analysis of computer software that is performed when executing
the program on a real or virtual processor in real time
fuzz testing Ans: automated or semi-automated testing that provides invalid,
unexpected, or random data to the computer program.
measure model Ans: A set of data security methods that developers take to protect
against vulnerabilities
metric model Ans: allows organizations to determine the effectiveness of their
security controls
OWASP Ans: A flexible and prospective framework to build security into your
software development organization
static analysis Ans: The analysis of computer software that is performed without
executing programs
Computer Vulnerabilities and Exposures Ans: A list of information that aims to
provide common names for publicly known security vulnerabilities
What are the three primary tools basic to the SDLC Ans: Fuzz testing, static analysis,
and dynamic analysis testing
In which phase of the SDLC should the software security team be involved Ans:
Concept
Waterfall Ans: An approach that divides the process of software development into
separate phases. The outcome of one phase acts as the input for the next phase
© Get it right 2025 Getaway - Stuvia US All rights reserved
, Waterfall advantages Ans: Splitting into different stages makes it easier for an
organization to control the development process.
Waterfall Disadvantages Ans: Does not allow time for reflection or a revision to the
design
Agile Ans: Uses collaboration between self-organizing and cross-functional teams. 4
core values and 12 principles
Agile Advantage Ans: customer satisfaction through rapid, continuous delivery of
useful software
Agile disadvantage Ans: difficult to asses the effort required at the beginning of the
SDL
SCRUM Ans: Development team that works flexibly and holistically to reach a
common goal
Extreme Programming (XP) Ans: Intends to improve software quality and
responsiveness
What determines the order of items in a product backlog in Scrum Ans: Order is
decided based on value of the items being delivered
Why is the waterfall methodology most useful for smaller projects Ans: When a
project is smaller, the risk of changing requirements and scope is lower
What are the two common best principles of software applications in the development
process Ans: Quality and Secure code
What ensures that the user has the appropriate role and privilege to view data Ans:
Authorization
© Get it right 2025 Getaway - Stuvia US All rights reserved
