WGU D487 Oa 2026 With 1080 Questions And Correct
Answers (100% Correct Verified Answers) D487 Secure
Software Design Objective Assessment 2026
COVERING THE MOST TESTED QUESTIONS
GUARANTEE HIGHPASS MARK
What is the study of real-world software security initiatives organized so companies can measure
their initiatives and understand how to evolve them over time?
A) Building Security in Maturity Model (BSIMM)
B) Security features and design
C) OWASP Software Assurance Maturity Model (SAMM)
D) ISO 27001
A) Building Security in Maturity Model (BSIMM)
A software company wants to reduce the number of security incidents in its products. To do so, the
CISO suggests that they adopt a Security Development Lifecycle (SDL) model similar to Microsoft's.
What is a key goal of implementing an SDL model in this context?
A) To focus exclusively on fixing security bugs post-release
B) To ensure security is treated as an afterthought in development
C) To prevent the inclusion of security vulnerabilities in the software's codebase
D) To make security audits unnecessary by automating all security measures
C) To prevent the inclusion of security vulnerabilities in the software's codebase
A software development team has created a new mobile application with high usability and
performance ratings. However, the security team finds multiple vulnerabilities that could expose user
data. What does this situation reveal about the relationship between quality code and secure code?
A) Quality code inherently includes secure coding practices.
B) Quality and secure code are not necessarily the same, and quality does not guarantee security.
C) Secure code can only be developed by prioritizing speed and user experience.
D) Quality and secure code are always achieved through the same development practices.
,B) Quality and secure code are not necessarily the same, and quality does not guarantee security.
A developer writes software that is efficient, easy to maintain, and performs well. However, it later
becomes vulnerable to a data breach. Which of the following statements best explains why this
happened?
A) Quality alone is not sufficient to ensure security, as security must be built into the code explicitly.
B) Quality code never requires additional security checks.
C) Security vulnerabilities only occur in poorly optimized code.
D) A secure development process eliminates the need for quality checks.
A) Quality alone is not sufficient to ensure security, as security must be built into the code explicitly.
During a project review, the development lead emphasizes that software must balance quality and
security attributes. Why is it necessary to consider both quality and security in the development
process?
A) Quality ensures code is optimized, while security ensures resilience against unauthorized access.
B) Quality and security are synonymous, so focusing on one ensures the other.
C) Security automatically guarantees quality.
D) Quality code can't function without security mechanisms.
A) Quality ensures code is optimized, while security ensures resilience against unauthorized access.
A software product designed to handle sensitive financial data is praised for its efficiency and
maintainability but criticized for lacking adequate security measures. Which statement best illustrates
the distinction between quality code and secure code?
A) Quality code is secure by default when optimized correctly.
B) Quality focuses on usability and performance, while secure code focuses on preventing unauthorized
access.
C) Secure code must sacrifice quality to prevent vulnerabilities.
D) Quality code is unimportant in applications handling sensitive data.
B) Quality focuses on usability and performance, while secure code focuses on preventing unauthorized
access.
,A senior developer is training new developers and explains that high-quality code is not always secure
code. Why is it important to differentiate between these two concepts?
A) Quality code emphasizes design efficiency, but secure code focuses on protecting sensitive data.
B) Quality code does not require security updates.
C) Secure code is relevant only for web-based applications.
D) Secure code focuses only on backend development.
A) Quality code emphasizes design efficiency, but secure code focuses on protecting sensitive data.
A software team plans to release a new version of an application and wants to ensure that both
quality and security are integral to the product. Which of the following is true about the relationship
between quality and security in software?
A) Quality is more important than security in most applications.
B) Security practices are always separate from quality practices.
C) Quality and security complement each other and should be integrated into the software's foundation.
D) Security measures do not impact software quality.
C) Quality and security complement each other and should be integrated into the software's foundation.
A company finds that its applications are vulnerable despite being efficient and highly functional. The
CTO emphasizes that security should not be assumed solely from the quality of the code. Why is
secure code not guaranteed by quality code?
A) Because secure code is assessed only after quality testing is complete
B) Because quality is subjective, whereas security directly relates to confidentiality, integrity, and
availability
C) Because quality automatically prevents all vulnerabilities
D) Because secure code does not require any design efficiency
B) Because quality is subjective, whereas security directly relates to confidentiality, integrity, and
availability
A healthcare application development team is preparing a software release. The security lead
emphasizes three main goals to maintain data protection for users' personal health information.
Which of the following goals should the team prioritize as essential components of software security?
A) Usability, reliability, and speed
, B) Confidentiality, integrity, and availability
C) Efficiency, performance, and interoperability
D) Accessibility, reliability, and portability
B) Confidentiality, integrity, and availability
What is the analysis of computer software that is performed without executing programs?
A) Static analysis
B) Fuzzing
C) Dynamic analysis
D) OWASP ZAP
A) Static analysis
What iso standard is the benchmark for information security today?
A) iso/iec 27001
B) iso/iec 7799
C) iso/iec 27034
D) iso 8601
A) iso 27001
what is the analysis of computer software that is performed by executing programs on a real or virtual
processor in real time?
A) dynamic analysis
B) static analysis
C) fuzzing
D) security testing
A) dynamic analysis
Answers (100% Correct Verified Answers) D487 Secure
Software Design Objective Assessment 2026
COVERING THE MOST TESTED QUESTIONS
GUARANTEE HIGHPASS MARK
What is the study of real-world software security initiatives organized so companies can measure
their initiatives and understand how to evolve them over time?
A) Building Security in Maturity Model (BSIMM)
B) Security features and design
C) OWASP Software Assurance Maturity Model (SAMM)
D) ISO 27001
A) Building Security in Maturity Model (BSIMM)
A software company wants to reduce the number of security incidents in its products. To do so, the
CISO suggests that they adopt a Security Development Lifecycle (SDL) model similar to Microsoft's.
What is a key goal of implementing an SDL model in this context?
A) To focus exclusively on fixing security bugs post-release
B) To ensure security is treated as an afterthought in development
C) To prevent the inclusion of security vulnerabilities in the software's codebase
D) To make security audits unnecessary by automating all security measures
C) To prevent the inclusion of security vulnerabilities in the software's codebase
A software development team has created a new mobile application with high usability and
performance ratings. However, the security team finds multiple vulnerabilities that could expose user
data. What does this situation reveal about the relationship between quality code and secure code?
A) Quality code inherently includes secure coding practices.
B) Quality and secure code are not necessarily the same, and quality does not guarantee security.
C) Secure code can only be developed by prioritizing speed and user experience.
D) Quality and secure code are always achieved through the same development practices.
,B) Quality and secure code are not necessarily the same, and quality does not guarantee security.
A developer writes software that is efficient, easy to maintain, and performs well. However, it later
becomes vulnerable to a data breach. Which of the following statements best explains why this
happened?
A) Quality alone is not sufficient to ensure security, as security must be built into the code explicitly.
B) Quality code never requires additional security checks.
C) Security vulnerabilities only occur in poorly optimized code.
D) A secure development process eliminates the need for quality checks.
A) Quality alone is not sufficient to ensure security, as security must be built into the code explicitly.
During a project review, the development lead emphasizes that software must balance quality and
security attributes. Why is it necessary to consider both quality and security in the development
process?
A) Quality ensures code is optimized, while security ensures resilience against unauthorized access.
B) Quality and security are synonymous, so focusing on one ensures the other.
C) Security automatically guarantees quality.
D) Quality code can't function without security mechanisms.
A) Quality ensures code is optimized, while security ensures resilience against unauthorized access.
A software product designed to handle sensitive financial data is praised for its efficiency and
maintainability but criticized for lacking adequate security measures. Which statement best illustrates
the distinction between quality code and secure code?
A) Quality code is secure by default when optimized correctly.
B) Quality focuses on usability and performance, while secure code focuses on preventing unauthorized
access.
C) Secure code must sacrifice quality to prevent vulnerabilities.
D) Quality code is unimportant in applications handling sensitive data.
B) Quality focuses on usability and performance, while secure code focuses on preventing unauthorized
access.
,A senior developer is training new developers and explains that high-quality code is not always secure
code. Why is it important to differentiate between these two concepts?
A) Quality code emphasizes design efficiency, but secure code focuses on protecting sensitive data.
B) Quality code does not require security updates.
C) Secure code is relevant only for web-based applications.
D) Secure code focuses only on backend development.
A) Quality code emphasizes design efficiency, but secure code focuses on protecting sensitive data.
A software team plans to release a new version of an application and wants to ensure that both
quality and security are integral to the product. Which of the following is true about the relationship
between quality and security in software?
A) Quality is more important than security in most applications.
B) Security practices are always separate from quality practices.
C) Quality and security complement each other and should be integrated into the software's foundation.
D) Security measures do not impact software quality.
C) Quality and security complement each other and should be integrated into the software's foundation.
A company finds that its applications are vulnerable despite being efficient and highly functional. The
CTO emphasizes that security should not be assumed solely from the quality of the code. Why is
secure code not guaranteed by quality code?
A) Because secure code is assessed only after quality testing is complete
B) Because quality is subjective, whereas security directly relates to confidentiality, integrity, and
availability
C) Because quality automatically prevents all vulnerabilities
D) Because secure code does not require any design efficiency
B) Because quality is subjective, whereas security directly relates to confidentiality, integrity, and
availability
A healthcare application development team is preparing a software release. The security lead
emphasizes three main goals to maintain data protection for users' personal health information.
Which of the following goals should the team prioritize as essential components of software security?
A) Usability, reliability, and speed
, B) Confidentiality, integrity, and availability
C) Efficiency, performance, and interoperability
D) Accessibility, reliability, and portability
B) Confidentiality, integrity, and availability
What is the analysis of computer software that is performed without executing programs?
A) Static analysis
B) Fuzzing
C) Dynamic analysis
D) OWASP ZAP
A) Static analysis
What iso standard is the benchmark for information security today?
A) iso/iec 27001
B) iso/iec 7799
C) iso/iec 27034
D) iso 8601
A) iso 27001
what is the analysis of computer software that is performed by executing programs on a real or virtual
processor in real time?
A) dynamic analysis
B) static analysis
C) fuzzing
D) security testing
A) dynamic analysis
