1|Page
WGU D487 OA 2025 TEST BANK 1, 2 & 3 WITH 1460
QUESTIONS AND CORRECT ANSWERS (100%
CORRECT VERIFIED ANSWERS) D487 SECURE
SOFTWARE DESIGN OBJECTIVE ASSESSMENT 2025
bundle
What is a study of real-world software security initiatives
organized so companies can measure their initiatives and
understand how to evolve them over time?, -
...ANSWER...✓✓Building Security In Maturity Model
(BSIMM)
What is the analysis of computer software that is
performed without executing programs? -
...ANSWER...✓✓Static analysis
Which International Organization for Standardization (ISO)
standard is the benchmark for information security today?
- ...ANSWER...✓✓ISO/IEC 27001.
What is the analysis of computer software that is
performed by executing programs on a real or virtual
processor in real time?, - ...ANSWER...✓✓Dynamic
analysis
,2|Page
Which person is responsible for designing, planning, and
implementing secure coding practices and security
testing methodologies? - ...ANSWER...✓✓Software
security architect
A company is preparing to add a new feature to its
flagship software product. The new feature is similar to
features that have been added in previous years, and the
requirements are well-documented. The project is
expected to last three to four months, at which time the
new feature will be released to customers. Project team
members will focus solely on the new feature until the
project ends. Which software development methodology
is being used? - ...ANSWER...✓✓Waterfall
A new product will require an administration section for a
small number of users. Normal users will be able to view
limited customer information and should not see admin
functionality within the application. Which concept is
being used? - ...ANSWER...✓✓Principle of least privilege
The scrum team is attending their morning meeting,
which is scheduled at the beginning of the work day. Each
team member reports what they accomplished yesterday,
,3|Page
what they plan to accomplish today, and if they have any
impediments that may cause them to miss their delivery
deadline. Which scrum ceremony is the team participating
in? - ...ANSWER...✓✓Daily Scrum
What is a list of information security vulnerabilities that
aims to provide names for publicly known problems? -
...ANSWER...✓✓Common computer vulnerabilities and
exposures (CVE)
Which secure coding best practice uses well-tested,
publicly available algorithms to hide product data from
unauthorized access? - ...ANSWER...✓✓Cryptographic
practices
Which secure coding best practice uses well-tested,
publicly available algorithms to hide product data from
unauthorized access? - ...ANSWER...✓✓Cryptographic
practices
Which secure coding best practice ensures servers,
frameworks, and system components are all running the
latest approved versions? - ...ANSWER...✓✓System
configuration
, 4|Page
Which secure coding best practice says to use
parameterized queries, encrypted connection strings
stored in separate configuration files, and strong
passwords or multi-factor authentication? -
...ANSWER...✓✓Database security
Which secure coding best practice says that all
information passed to other systems should be
encrypted? - ...ANSWER...✓✓Communication security
eam members are being introduced during sprint zero in
the project kickoff meeting. The person being introduced
is a member of the scrum team, responsible for writing
feature logic and attending sprint ceremonies. Which role
is the team member playing? - ...ANSWER...✓✓Software
developer
A software security team member has created data flow
diagrams, chosen the STRIDE methodology to perform
threat reviews, and created the security assessment for
the new product. Which category of secure software best
practices did the team member perform? -
...ANSWER...✓✓Architecture analysis
WGU D487 OA 2025 TEST BANK 1, 2 & 3 WITH 1460
QUESTIONS AND CORRECT ANSWERS (100%
CORRECT VERIFIED ANSWERS) D487 SECURE
SOFTWARE DESIGN OBJECTIVE ASSESSMENT 2025
bundle
What is a study of real-world software security initiatives
organized so companies can measure their initiatives and
understand how to evolve them over time?, -
...ANSWER...✓✓Building Security In Maturity Model
(BSIMM)
What is the analysis of computer software that is
performed without executing programs? -
...ANSWER...✓✓Static analysis
Which International Organization for Standardization (ISO)
standard is the benchmark for information security today?
- ...ANSWER...✓✓ISO/IEC 27001.
What is the analysis of computer software that is
performed by executing programs on a real or virtual
processor in real time?, - ...ANSWER...✓✓Dynamic
analysis
,2|Page
Which person is responsible for designing, planning, and
implementing secure coding practices and security
testing methodologies? - ...ANSWER...✓✓Software
security architect
A company is preparing to add a new feature to its
flagship software product. The new feature is similar to
features that have been added in previous years, and the
requirements are well-documented. The project is
expected to last three to four months, at which time the
new feature will be released to customers. Project team
members will focus solely on the new feature until the
project ends. Which software development methodology
is being used? - ...ANSWER...✓✓Waterfall
A new product will require an administration section for a
small number of users. Normal users will be able to view
limited customer information and should not see admin
functionality within the application. Which concept is
being used? - ...ANSWER...✓✓Principle of least privilege
The scrum team is attending their morning meeting,
which is scheduled at the beginning of the work day. Each
team member reports what they accomplished yesterday,
,3|Page
what they plan to accomplish today, and if they have any
impediments that may cause them to miss their delivery
deadline. Which scrum ceremony is the team participating
in? - ...ANSWER...✓✓Daily Scrum
What is a list of information security vulnerabilities that
aims to provide names for publicly known problems? -
...ANSWER...✓✓Common computer vulnerabilities and
exposures (CVE)
Which secure coding best practice uses well-tested,
publicly available algorithms to hide product data from
unauthorized access? - ...ANSWER...✓✓Cryptographic
practices
Which secure coding best practice uses well-tested,
publicly available algorithms to hide product data from
unauthorized access? - ...ANSWER...✓✓Cryptographic
practices
Which secure coding best practice ensures servers,
frameworks, and system components are all running the
latest approved versions? - ...ANSWER...✓✓System
configuration
, 4|Page
Which secure coding best practice says to use
parameterized queries, encrypted connection strings
stored in separate configuration files, and strong
passwords or multi-factor authentication? -
...ANSWER...✓✓Database security
Which secure coding best practice says that all
information passed to other systems should be
encrypted? - ...ANSWER...✓✓Communication security
eam members are being introduced during sprint zero in
the project kickoff meeting. The person being introduced
is a member of the scrum team, responsible for writing
feature logic and attending sprint ceremonies. Which role
is the team member playing? - ...ANSWER...✓✓Software
developer
A software security team member has created data flow
diagrams, chosen the STRIDE methodology to perform
threat reviews, and created the security assessment for
the new product. Which category of secure software best
practices did the team member perform? -
...ANSWER...✓✓Architecture analysis
