1|Page
WGU D487 SECURE SOFTWARE DESIGN EXAM
ACCURATE AND FREQUENTLY TESTED QUESTIONS
AND 100% CORRECT ANSWERS|| LATEST AND
COMPLETE UPDATE WITH EXPERT VERIFIED
SOLUTIONS|| SURE PASS
Which secure coding best practice ensures servers, frameworks, and system
components are all running the latest approved versions?
System configuration
Which secure coding best practice says to use parameterized queries, encrypted
connection strings stored in separate configuration files, and strong passwords or
multi-factor authentication?
Database security
Which secure coding best practice says that all information passed to other systems
should be encrypted?
Communication security
eam members are being introduced during sprint zero in the project kickoff
meeting. The person being introduced is a member of the scrum team, responsible
for writing feature logic and attending sprint ceremonies. Which role is the team
member playing?
Software developer
,2|Page
What is a study of real-world software security initiatives organized so companies
can measure their initiatives and understand how to evolve them over time?,
Building Security In Maturity Model (BSIMM)
What is the analysis of computer software that is performed without executing
programs? Static analysis
Which International Organization for Standardization (ISO) standard is the
benchmark for information security today?
ISO/IEC 27001.
What is the analysis of computer software that is performed by executing programs
on a real or virtual processor in real time?,
Dynamic analysis
Which person is responsible for designing, planning, and implementing secure
coding practices and security testing methodologies?
Software security architect
A company is preparing to add a new feature to its flagship software product. The
new feature is similar to features that have been added in previous years, and the
requirements are well-documented. The project is expected to last three to four
,3|Page
months, at which time the new feature will be released to customers. Project team
members will focus solely on the new feature until the project ends. Which
software development methodology is being used?
Waterfall
A new product will require an administration section for a small number of users.
Normal users will be able to view limited customer information and should not see
admin functionality within the application. Which concept is being used?
Principle of least privilege
The scrum team is attending their morning meeting, which is scheduled at the
beginning of the work day. Each team member reports what they accomplished
yesterday, what they plan to accomplish today, and if they have any impediments
that may cause them to miss their delivery deadline. Which scrum ceremony is the
team participating in?
Daily Scrum
What is a list of information security vulnerabilities that aims to provide names for
publicly known problems?
Common computer vulnerabilities and exposures (CVE)
Which secure coding best practice uses well-tested, publicly available algorithms
to hide product data from unauthorized access?
Cryptographic practices
, 4|Page
Which secure coding best practice uses well-tested, publicly available algorithms
to hide product data from unauthorized access?
Cryptographic practices
A software security team member has created data flow diagrams, chosen the
STRIDE methodology to perform threat reviews, and created the security
assessment for the new product. Which category of secure software best practices
did the team member perform?
Architecture analysis
Team members are being introduced during sprint zero in the project kickoff
meeting. The person being introduced will be a facilitator, will try to remove
roadblocks and ensure the team is communicating freely, and will be responsible
for facilitating all scrum ceremonies. Which role is the team member playing?
Scrum master
The new product standards state that all traffic must be secure and encrypted. What
is the name for this secure coding practice?
Communication security
Which DREAD category is based on how easily a threat exploit can be repeated?
Reproducibility
WGU D487 SECURE SOFTWARE DESIGN EXAM
ACCURATE AND FREQUENTLY TESTED QUESTIONS
AND 100% CORRECT ANSWERS|| LATEST AND
COMPLETE UPDATE WITH EXPERT VERIFIED
SOLUTIONS|| SURE PASS
Which secure coding best practice ensures servers, frameworks, and system
components are all running the latest approved versions?
System configuration
Which secure coding best practice says to use parameterized queries, encrypted
connection strings stored in separate configuration files, and strong passwords or
multi-factor authentication?
Database security
Which secure coding best practice says that all information passed to other systems
should be encrypted?
Communication security
eam members are being introduced during sprint zero in the project kickoff
meeting. The person being introduced is a member of the scrum team, responsible
for writing feature logic and attending sprint ceremonies. Which role is the team
member playing?
Software developer
,2|Page
What is a study of real-world software security initiatives organized so companies
can measure their initiatives and understand how to evolve them over time?,
Building Security In Maturity Model (BSIMM)
What is the analysis of computer software that is performed without executing
programs? Static analysis
Which International Organization for Standardization (ISO) standard is the
benchmark for information security today?
ISO/IEC 27001.
What is the analysis of computer software that is performed by executing programs
on a real or virtual processor in real time?,
Dynamic analysis
Which person is responsible for designing, planning, and implementing secure
coding practices and security testing methodologies?
Software security architect
A company is preparing to add a new feature to its flagship software product. The
new feature is similar to features that have been added in previous years, and the
requirements are well-documented. The project is expected to last three to four
,3|Page
months, at which time the new feature will be released to customers. Project team
members will focus solely on the new feature until the project ends. Which
software development methodology is being used?
Waterfall
A new product will require an administration section for a small number of users.
Normal users will be able to view limited customer information and should not see
admin functionality within the application. Which concept is being used?
Principle of least privilege
The scrum team is attending their morning meeting, which is scheduled at the
beginning of the work day. Each team member reports what they accomplished
yesterday, what they plan to accomplish today, and if they have any impediments
that may cause them to miss their delivery deadline. Which scrum ceremony is the
team participating in?
Daily Scrum
What is a list of information security vulnerabilities that aims to provide names for
publicly known problems?
Common computer vulnerabilities and exposures (CVE)
Which secure coding best practice uses well-tested, publicly available algorithms
to hide product data from unauthorized access?
Cryptographic practices
, 4|Page
Which secure coding best practice uses well-tested, publicly available algorithms
to hide product data from unauthorized access?
Cryptographic practices
A software security team member has created data flow diagrams, chosen the
STRIDE methodology to perform threat reviews, and created the security
assessment for the new product. Which category of secure software best practices
did the team member perform?
Architecture analysis
Team members are being introduced during sprint zero in the project kickoff
meeting. The person being introduced will be a facilitator, will try to remove
roadblocks and ensure the team is communicating freely, and will be responsible
for facilitating all scrum ceremonies. Which role is the team member playing?
Scrum master
The new product standards state that all traffic must be secure and encrypted. What
is the name for this secure coding practice?
Communication security
Which DREAD category is based on how easily a threat exploit can be repeated?
Reproducibility
