WGU D487 OA EXAM LATEST UPDATED WITH
ACCURATE SOLUTIONS RATED A+ 2026
1. What is the study of real-world software security
initiatives organized so companies can measure their
initiatives and understand how to evolve them over time?
A) Building Security in Maturity Model (BSIMM) ✅
B) Security features and design
C) OWASP Software Assurance Maturity Model (SAMM)
D) ISO 27001
Explanation: BSIMM is a framework that studies how real-world
organizations implement software security initiatives. It provides a
structured way to measure security activities and offers guidance on
evolving software security practices over time.
2. What is the analysis of computer software that is
performed without executing programs?
A) Static analysis ✅
B) Fuzzing
C) Dynamic analysis
D) OWASP ZAP
Explanation: Static analysis examines code, binaries, or other artifacts
without executing the program. It helps identify vulnerabilities such as buffer
overflows, injection flaws, and insecure coding practices early in the
development process.
,3. Which secure coding best practice says to use
parameterized queries, encrypted connection strings stored
in separate configuration files, and strong passwords or
multi-factor authentication?
A) Access control
B) Database security ✅
C) File management
D) Session management
Explanation: Database security ensures that sensitive data is protected
from unauthorized access or manipulation. Using parameterized queries,
encrypted connections, and strong authentication helps prevent SQL
injection and other database-related attacks.
4. Which secure coding best practice says that all
information passed to other systems should be encrypted?
A) Output encoding
B) Memory management
C) Communication security ✅
D) Database security
Explanation: Communication security focuses on protecting data
transmitted across networks. Encryption ensures confidentiality, integrity,
and prevents attackers from intercepting sensitive information.
5. A company is preparing to add a new feature to its
flagship software product. The new feature is similar to
features that have been added in previous years, and the
requirements are well-documented. The project is expected
to last three to four months, at which time the new feature
,will be released to customers. Project team members will
focus solely on the new feature until the project ends. Which
software development methodology is being used?
A) Agile
B) Waterfall ✅
C) Scrum
D) Extreme programming
Explanation: Waterfall methodology is a linear, sequential approach where
each phase must be completed before the next begins. It is best suited for
projects with well-defined requirements and minimal expected changes
during development.
6. A new product will require an administration section for a
small number of users. Normal users will be able to view
limited customer information and should not see admin
functionality within the application. Which concept is being
used?
A) Privacy
B) POLP ✅
C) Software security champion
D) Elevation of privilege
Explanation: The Principle of Least Privilege (POLP) ensures users have only
the permissions necessary to perform their tasks. Limiting access reduces
the risk of accidental or intentional misuse of sensitive functions.
7. The software security team is currently working to
identify approaches for input validation, authentication,
authorization, and configuration management of a new
, software product so they can deliver a security profile.
Which threat modeling step is being described?
A) Rating threats
B) Identifying and documenting threats
C) Analyzing the target ✅
D) Drawing data flow diagram
Explanation: Analyzing the target involves understanding the software, its
architecture, and its components. Security teams identify how attackers
could exploit weaknesses and determine controls needed to mitigate risks.
8. The scrum team is attending their morning meeting,
which is scheduled at the beginning of the work day. Each
team member reports what they accomplished yesterday,
what they plan to accomplish today, and if they have any
impediments that may cause them to miss their delivery
deadline. Which scrum ceremony is the team participating
in?
A) Daily scrum ✅
B) Sprint review
C) Sprint retrospective
D) Sprint planning
Explanation: The Daily Scrum is a short, time-boxed meeting for the
development team to synchronize activities and create a plan for the next 24
hours. It helps detect impediments and ensures progress toward sprint goals.
9. Which software security principle ensures that sensitive
information is not disclosed to unauthorized users?
A) Integrity
B) Confidentiality ✅
C) Availability
D) Authentication
Explanation: Confidentiality is the protection of sensitive information from
unauthorized access. Techniques like encryption, access controls, and secure
ACCURATE SOLUTIONS RATED A+ 2026
1. What is the study of real-world software security
initiatives organized so companies can measure their
initiatives and understand how to evolve them over time?
A) Building Security in Maturity Model (BSIMM) ✅
B) Security features and design
C) OWASP Software Assurance Maturity Model (SAMM)
D) ISO 27001
Explanation: BSIMM is a framework that studies how real-world
organizations implement software security initiatives. It provides a
structured way to measure security activities and offers guidance on
evolving software security practices over time.
2. What is the analysis of computer software that is
performed without executing programs?
A) Static analysis ✅
B) Fuzzing
C) Dynamic analysis
D) OWASP ZAP
Explanation: Static analysis examines code, binaries, or other artifacts
without executing the program. It helps identify vulnerabilities such as buffer
overflows, injection flaws, and insecure coding practices early in the
development process.
,3. Which secure coding best practice says to use
parameterized queries, encrypted connection strings stored
in separate configuration files, and strong passwords or
multi-factor authentication?
A) Access control
B) Database security ✅
C) File management
D) Session management
Explanation: Database security ensures that sensitive data is protected
from unauthorized access or manipulation. Using parameterized queries,
encrypted connections, and strong authentication helps prevent SQL
injection and other database-related attacks.
4. Which secure coding best practice says that all
information passed to other systems should be encrypted?
A) Output encoding
B) Memory management
C) Communication security ✅
D) Database security
Explanation: Communication security focuses on protecting data
transmitted across networks. Encryption ensures confidentiality, integrity,
and prevents attackers from intercepting sensitive information.
5. A company is preparing to add a new feature to its
flagship software product. The new feature is similar to
features that have been added in previous years, and the
requirements are well-documented. The project is expected
to last three to four months, at which time the new feature
,will be released to customers. Project team members will
focus solely on the new feature until the project ends. Which
software development methodology is being used?
A) Agile
B) Waterfall ✅
C) Scrum
D) Extreme programming
Explanation: Waterfall methodology is a linear, sequential approach where
each phase must be completed before the next begins. It is best suited for
projects with well-defined requirements and minimal expected changes
during development.
6. A new product will require an administration section for a
small number of users. Normal users will be able to view
limited customer information and should not see admin
functionality within the application. Which concept is being
used?
A) Privacy
B) POLP ✅
C) Software security champion
D) Elevation of privilege
Explanation: The Principle of Least Privilege (POLP) ensures users have only
the permissions necessary to perform their tasks. Limiting access reduces
the risk of accidental or intentional misuse of sensitive functions.
7. The software security team is currently working to
identify approaches for input validation, authentication,
authorization, and configuration management of a new
, software product so they can deliver a security profile.
Which threat modeling step is being described?
A) Rating threats
B) Identifying and documenting threats
C) Analyzing the target ✅
D) Drawing data flow diagram
Explanation: Analyzing the target involves understanding the software, its
architecture, and its components. Security teams identify how attackers
could exploit weaknesses and determine controls needed to mitigate risks.
8. The scrum team is attending their morning meeting,
which is scheduled at the beginning of the work day. Each
team member reports what they accomplished yesterday,
what they plan to accomplish today, and if they have any
impediments that may cause them to miss their delivery
deadline. Which scrum ceremony is the team participating
in?
A) Daily scrum ✅
B) Sprint review
C) Sprint retrospective
D) Sprint planning
Explanation: The Daily Scrum is a short, time-boxed meeting for the
development team to synchronize activities and create a plan for the next 24
hours. It helps detect impediments and ensures progress toward sprint goals.
9. Which software security principle ensures that sensitive
information is not disclosed to unauthorized users?
A) Integrity
B) Confidentiality ✅
C) Availability
D) Authentication
Explanation: Confidentiality is the protection of sensitive information from
unauthorized access. Techniques like encryption, access controls, and secure
