WGU D487 SECURE SW DESIGN OA
EXAM 2026 ACTUAL EXAM
COMPLETE ACCURATE EXAM
QUESTIONS WITH DETAILED
ANSWERS | ALREADY GRADED A+
/. Which practice in the Ship (A5) phase of the security development cycle verifies
whether the product meets security mandates? - Answer-✅A5 policy compliance
analysis
/.Which post-release support activity defines the process to communicate, identify, and
alleviate security threats? - Answer-✅PRSA1: External vulnerability disclosure
response
/.What are two core practice areas of the OWASP Security Assurance Maturity Model
(OpenSAMM)? - Answer-✅Governance, Construction
/.Which practice in the Ship (A5) phase of the security development cycle uses tools to
identify weaknesses in the product? - Answer-✅Vulnerability scan
/.Which post-release support activity should be completed when companies are joining
together? - Answer-✅Security architectural reviews
/.Which of the Ship (A5) deliverables of the security development cycle are performed
during the A5 policy compliance analysis? - Answer-✅Analyze activities and standards
/.Which of the Ship (A5) deliverables of the security development cycle are performed
during the code-assisted penetration testing? - Answer-✅white-box security test
/.Which of the Ship (A5) deliverables of the security development cycle are performed
during the open-source licensing review? - Answer-✅license compliance
/.Which of the Ship (A5) deliverables of the security development cycle are performed
during the final security review? - Answer-✅Release and ship
/.How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on agile? - Answer-✅iterative development
, /.How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on devops? - Answer-✅continuous integration and
continuous deployments
/.How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on cloud? - Answer-✅API invocation processes
/.How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on digital enterprise? - Answer-✅enables and
improves business activities
/.Which phase of penetration testing allows for remediation to be performed? - Answer-
✅Deploy
/.Which key deliverable occurs during post-release support? - Answer-✅third-party
reviews
/.Which business function of OpenSAMM is associated with governance? - Answer-
✅Policy and compliance
/.Which business function of OpenSAMM is associated with construction? - Answer-
✅Threat assessment
/.Which business function of OpenSAMM is associated with verification? - Answer-
✅Code review
/.Which business function of OpenSAMM is associated with deployment? - Answer-
✅Vulnerability management
/.What is the product risk profile? - Answer-✅A security assessment deliverable that
estimates the actual cost of the product.
/.A software security team member has been tasked with creating a deliverable that
provides details on where and to what degree sensitive customer information is
collected, stored, or created within a new product offering. What does the team member
need to deliver in order to meet the objective? - Answer-✅Privacy impact assessment
/.What is the first phase in the security development life cycle? - Answer-✅A1 Security
Assessment
/.What are the three areas of compliance requirements? - Answer-✅Legal, financial,
and industry standards
EXAM 2026 ACTUAL EXAM
COMPLETE ACCURATE EXAM
QUESTIONS WITH DETAILED
ANSWERS | ALREADY GRADED A+
/. Which practice in the Ship (A5) phase of the security development cycle verifies
whether the product meets security mandates? - Answer-✅A5 policy compliance
analysis
/.Which post-release support activity defines the process to communicate, identify, and
alleviate security threats? - Answer-✅PRSA1: External vulnerability disclosure
response
/.What are two core practice areas of the OWASP Security Assurance Maturity Model
(OpenSAMM)? - Answer-✅Governance, Construction
/.Which practice in the Ship (A5) phase of the security development cycle uses tools to
identify weaknesses in the product? - Answer-✅Vulnerability scan
/.Which post-release support activity should be completed when companies are joining
together? - Answer-✅Security architectural reviews
/.Which of the Ship (A5) deliverables of the security development cycle are performed
during the A5 policy compliance analysis? - Answer-✅Analyze activities and standards
/.Which of the Ship (A5) deliverables of the security development cycle are performed
during the code-assisted penetration testing? - Answer-✅white-box security test
/.Which of the Ship (A5) deliverables of the security development cycle are performed
during the open-source licensing review? - Answer-✅license compliance
/.Which of the Ship (A5) deliverables of the security development cycle are performed
during the final security review? - Answer-✅Release and ship
/.How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on agile? - Answer-✅iterative development
, /.How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on devops? - Answer-✅continuous integration and
continuous deployments
/.How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on cloud? - Answer-✅API invocation processes
/.How can you establish your own SDL to build security into a process appropriate for
your organization's needs based on digital enterprise? - Answer-✅enables and
improves business activities
/.Which phase of penetration testing allows for remediation to be performed? - Answer-
✅Deploy
/.Which key deliverable occurs during post-release support? - Answer-✅third-party
reviews
/.Which business function of OpenSAMM is associated with governance? - Answer-
✅Policy and compliance
/.Which business function of OpenSAMM is associated with construction? - Answer-
✅Threat assessment
/.Which business function of OpenSAMM is associated with verification? - Answer-
✅Code review
/.Which business function of OpenSAMM is associated with deployment? - Answer-
✅Vulnerability management
/.What is the product risk profile? - Answer-✅A security assessment deliverable that
estimates the actual cost of the product.
/.A software security team member has been tasked with creating a deliverable that
provides details on where and to what degree sensitive customer information is
collected, stored, or created within a new product offering. What does the team member
need to deliver in order to meet the objective? - Answer-✅Privacy impact assessment
/.What is the first phase in the security development life cycle? - Answer-✅A1 Security
Assessment
/.What are the three areas of compliance requirements? - Answer-✅Legal, financial,
and industry standards
