1
WGU D487 Secure Software Design Exam
2025/2026 | Version 3 Test Bank | 100+
Questions with OWASP & NIST Rationales |
OA Practice Exam
1. Which activity appears first in a secure SDLC?
A. Penetration testing
B. Security requirements elicitation
C. Static code scanning
D. Deployment hardening
Answer: B
Rationale: NIST SP 800-64: security is cheapest and most effective when begun during
requirements ("shift-left").
2. The STRIDE acronym helps designers enumerate:
A. Security patterns
B. Threat categories
C. Cryptographic modes
D. Risk matrices
Answer: B
Rationale: STRIDE = Spoofing, Tampering, Repudiation, Information Disclosure, DoS,
Elevation of Privilege (OWASP Threat Modeling).
3. The primary goal of “Fail Securely” is that after any failure the system:
A. Reboots automatically
B. Returns an error code to the user
C. Remains in a safe state
D. Logs the stack trace
Answer: C
Rationale: OWASP design principle: default to a secure state on failure to deny attackers
an advantage.
, 2
4. Defense-in-depth is best described as:
A. Duplicate servers for HA
B. Multiple, layered security controls
C. Two-person code review
D. Encrypting every database column
Answer: B
Rationale: Layered controls ensure single failures don’t compromise the whole system
(NIST CSF).
5. The Open-Design principle states security must NOT depend on:
A. Strong crypto
B. Secrecy of the algorithm
C. Key confidentiality
D. Correct code
Answer: B
Rationale: Kerckhoffs/OWASP: assume attackers know the design; only keys must stay
secret.
6. Which authentication factor does a one-time SMS code represent?
A. Something you have
B. Something you are
C. Something you know
D. Somewhere you are
Answer: A
Rationale: The phone (SIM) is the possessed factor, per NIST SP 800-63B.
7. The best protection against SQL injection is:
A. Single quotes escaping
B. Stored procedures
C. Parameterized queries / prepared statements
D. Client-side validation
Answer: C
Rationale: Parameterization enforces separation between code and data, making
injection syntactically impossible (OWASP Top 10).
8. Which hashing scheme is currently recommended for passwords?
A. MD5 with salt
, 3
B. SHA-1 with pepper
C. bcrypt or Argon2 with per-user salt
D. RIPEMD-160
Answer: C
Rationale: Adaptive, CPU-hard algorithms resist parallel brute force; NIST SP 800-63B
approves such schemes.
9. Session fixation is best mitigated by:
A. Setting httpOnly flag
B. Regenerating session ID after login
C. Using 128-bit session tokens
D. Storing ID in local-storage
Answer: B
Rationale: Issuing a new unpredictable ID after authentication prevents attacker-supplied
IDs from being used (OWASP Cheat Sheet).
10. A digital signature gives the recipient confidence in:
A. Confidentiality
B. Integrity & origin
C. Availability
D. Perfect-forward secrecy
Answer: B
Rationale: Asymmetric signature verifies sender (non-repudiation) and that message
hasn’t been altered (NIST SP 800-89).
11. The “D” in DREAD risk scoring stands for:
A. Detection difficulty
B. Damage potential
C. Data classification
D. Deployment cost
Answer: B
Rationale: Microsoft DREAD: Damage, Reproducibility, Exploitability, Affected users,
Discoverability.
12. Which item is NOT part of a threat model diagram?
A. Data-flow arrows
B. Trust boundaries
WGU D487 Secure Software Design Exam
2025/2026 | Version 3 Test Bank | 100+
Questions with OWASP & NIST Rationales |
OA Practice Exam
1. Which activity appears first in a secure SDLC?
A. Penetration testing
B. Security requirements elicitation
C. Static code scanning
D. Deployment hardening
Answer: B
Rationale: NIST SP 800-64: security is cheapest and most effective when begun during
requirements ("shift-left").
2. The STRIDE acronym helps designers enumerate:
A. Security patterns
B. Threat categories
C. Cryptographic modes
D. Risk matrices
Answer: B
Rationale: STRIDE = Spoofing, Tampering, Repudiation, Information Disclosure, DoS,
Elevation of Privilege (OWASP Threat Modeling).
3. The primary goal of “Fail Securely” is that after any failure the system:
A. Reboots automatically
B. Returns an error code to the user
C. Remains in a safe state
D. Logs the stack trace
Answer: C
Rationale: OWASP design principle: default to a secure state on failure to deny attackers
an advantage.
, 2
4. Defense-in-depth is best described as:
A. Duplicate servers for HA
B. Multiple, layered security controls
C. Two-person code review
D. Encrypting every database column
Answer: B
Rationale: Layered controls ensure single failures don’t compromise the whole system
(NIST CSF).
5. The Open-Design principle states security must NOT depend on:
A. Strong crypto
B. Secrecy of the algorithm
C. Key confidentiality
D. Correct code
Answer: B
Rationale: Kerckhoffs/OWASP: assume attackers know the design; only keys must stay
secret.
6. Which authentication factor does a one-time SMS code represent?
A. Something you have
B. Something you are
C. Something you know
D. Somewhere you are
Answer: A
Rationale: The phone (SIM) is the possessed factor, per NIST SP 800-63B.
7. The best protection against SQL injection is:
A. Single quotes escaping
B. Stored procedures
C. Parameterized queries / prepared statements
D. Client-side validation
Answer: C
Rationale: Parameterization enforces separation between code and data, making
injection syntactically impossible (OWASP Top 10).
8. Which hashing scheme is currently recommended for passwords?
A. MD5 with salt
, 3
B. SHA-1 with pepper
C. bcrypt or Argon2 with per-user salt
D. RIPEMD-160
Answer: C
Rationale: Adaptive, CPU-hard algorithms resist parallel brute force; NIST SP 800-63B
approves such schemes.
9. Session fixation is best mitigated by:
A. Setting httpOnly flag
B. Regenerating session ID after login
C. Using 128-bit session tokens
D. Storing ID in local-storage
Answer: B
Rationale: Issuing a new unpredictable ID after authentication prevents attacker-supplied
IDs from being used (OWASP Cheat Sheet).
10. A digital signature gives the recipient confidence in:
A. Confidentiality
B. Integrity & origin
C. Availability
D. Perfect-forward secrecy
Answer: B
Rationale: Asymmetric signature verifies sender (non-repudiation) and that message
hasn’t been altered (NIST SP 800-89).
11. The “D” in DREAD risk scoring stands for:
A. Detection difficulty
B. Damage potential
C. Data classification
D. Deployment cost
Answer: B
Rationale: Microsoft DREAD: Damage, Reproducibility, Exploitability, Affected users,
Discoverability.
12. Which item is NOT part of a threat model diagram?
A. Data-flow arrows
B. Trust boundaries
