WGU D487 SECURE SW DESIGN OA AND PRE ASSESSMENT EXAM 2026 ACTUAL EXAM COMPLETE ACCURATE EXAM QUESTIONS WITH DETAILED VERIFIED ANSWERS (100% CORRECT ANSWERS) /ALREADY GRADED A+

WGU D487 SECURE SW DESIGN OA AND PRE
ASSESSMENT EXAM 2026 ACTUAL EXAM COMPLETE
ACCURATE EXAM QUESTIONS WITH DETAILED
VERIFIED ANSWERS (100% CORRECT ANSWERS)
/ALREADY GRADED A+

What is a study of real-world software security initiatives organized so companies can measure their
initiatives and understand how to evolve them over time?, - correct answer -Building Security In
Maturity Model (BSIMM)



What is the analysis of computer software that is performed without executing programs? - correct
answer -Static analysis



A software security team member has created data flow diagrams, chosen the STRIDE methodology to
perform threat reviews, and created the security assessment for the new product. Which category of
secure software best practices did the team member perform? - correct answer -Architecture analysis



Team members are being introduced during sprint zero in the project kickoff meeting. The person being
introduced will be a facilitator, will try to remove roadblocks and ensure the team is communicating
freely, and will be responsible for facilitating all scrum ceremonies. Which role is the team member
playing? - correct answer -Scrum master



The new product standards state that all traffic must be secure and encrypted. What is the name for this
secure coding practice? - correct answer -Communication security



Which DREAD category is based on how easily a threat exploit can be repeated? - correct answer -
Reproducibility



Which mitigation technique can be used to fight against a data tampering threat? - correct answer -
Digital signatures



What is a countermeasure to the web application security frame (ASF) configuration management
threat category? - correct answer -Compliance requirement

, Which type of requirement specifies that file formats the application sends to financial institutions must
be certified every four years? - correct answer -Compliance requirement



Which type of requirement specifies that credit card numbers displayed in the application will be
masked so they only show the last four digits? - correct answer -Privacy requirement



Which type of requirement specifies that user passwords will require a minimum of 8 characters and
must include at least one uppercase character, one number, and one special character? - correct answer
-Security requirement



Which type of requirement specifies that credit card numbers are designated as highly sensitive
confidential personal information? - correct answer -Data classification requirement



Which privacy impact statement requirement type defines how personal information is protected on
devices used by more than a single associate? - correct answer -Privacy control requirements



In which step of the PASTA threat modeling methodology does design flaw analysis take place? - correct
answer -Vulnerability and weakness analysis



Which privacy impact statement requirement type defines who has access to personal information
within the product? - correct answer -Access requirements



Which security assessment deliverable defines milestones that will be met during each phase of the
project, merged into the product development schedule? - correct answer -SDL project outline



Which architecture deliverable identifies whether the product adheres to organization security rules? -
correct answer -Policy compliance analysis



Which threat modeling process identifies threats to each individual object in a data flow diagram? -
correct answer -STRIDE-per-element



The DREAD methodology has been used to classify an identified exploit where:

the attacker could log in as an administrator (damage potential)