CYBERSECURITY & SOFTWARE ENGINEERING
WGU D487 Secure Software Design
Actual Exam —
FINAL EXAMINATION — ANSWER KEY
70 Questions | Verified | 2026/2027 Edition
Aligned with OWASP Top 10 (2026), NIST SSDF, and ISO/IEC 27034
Five Domains • SSDLC • Cryptography • Secure Coding • Testing • Compliance
Prepared per WGU D487 Course Blueprint | Confidential Academic Assessment Material
© 2026 Western Governors University — D487 Secure Software Design
,Key Features
✓ Secure Software Development Life Cycle (SSDLC) and threat modeling methodologies — STRIDE,
PASTA, and attack-tree driven design across all lifecycle phases.
✓ Cryptography, encryption standards, and key management principles — AES, RSA, ECC, hashing,
digital signatures, PKI, and HSM-backed key lifecycle controls.
✓ OWASP Top 10 vulnerabilities and secure coding techniques — injection, broken access control,
cryptographic failures, SSRF, and insecure design mitigations.
✓ Security testing, code inspection, and static/dynamic analysis — SAST, DAST, IAST, fuzzing,
penetration testing, and continuous security regression validation.
✓ Compliance frameworks, risk management, and software supply chain security — NIST SSDF,
SLSA, SBOM, zero-trust integration, and CI/CD pipeline hardening.
Updates for 2026
• Updated OWASP Top 10 for 2026 — New category coverage for AI-driven prompt injection,
advanced API vulnerabilities (BOLA, broken function-level authorization), and insecure LLM
integrations reflecting the rise of generative-AI-enabled application surfaces.
• Revised NIST Secure Software Development Framework (SSDF) guidelines — SP 800-
218 Revision 2 guidance now mandates zero-trust architecture integration, attested build
environments, cryptographic provenance for artifacts, and explicit AI/ML model supply-chain
controls.
• New industry standards for software supply chain security — SLSA Level 3+ build
provenance, signed SBOMs (CycloneDX 1.6 / SPDX 3.0), in-toto attestations, and Sigstore-based
signing are now baseline expectations for CI/CD pipeline hardening.
Abstract
This document presents a verified 70-question actual examination for the WGU D487 Secure
Software Design Objective Assessment, calibrated to the 2026/2027 Western Governors University
course blueprint and aligned with current OWASP, NIST, and ISO secure software engineering
standards. The examination comprehensively assesses the candidate's mastery of integrating security
principles into every phase of the software development lifecycle — from initial threat modeling and
security requirements elicitation through architecture-level risk analysis, secure coding, cryptographic
key management, rigorous security testing, deployment hardening, and ongoing maintenance.
Questions span five weighted domains: SSDLC and Threat Modeling, Cryptography and Key
Management, Secure Coding and the OWASP Top 10, Security Testing and Code Inspection, and
Compliance, Risk, and Supply Chain Security. Each item is accompanied by a verified correct answer, a
Deep Teal rationale explaining the underlying security principle, an analysis of why each distractor is
incorrect, and a precise reference to the authoritative source. The structure is designed to mirror the
rigor of the live assessment and to reinforce the candidate's ability to apply security standards, threat-
driven design decisions, and proven methodologies in realistic software engineering scenarios.
Keywords
,WGU D487, Secure Software Design, SSDLC, OWASP, Threat Modeling, Cryptography, Secure Coding,
Security Testing, NIST SSDF, Supply Chain Security, STRIDE, Key Management, Static Analysis, Zero
Trust, SBOM
Content Area Overview
The 70-question actual exam is distributed across five weighted domains reflecting the official WGU
D487 course blueprint. The table below summarizes each content area, its question allocation, key
topics, and examination weight.
Content Area Questions Key Topics Weight
Lifecycle phases, STRIDE, PASTA, abuse
SSDLC & Threat Modeling 14 20%
cases, risk ranking, attack surface reduction
Cryptography & Key Symmetric/asymmetric, AES/RSA/ECC,
14 20%
Management hashing, PKI, HSM, key rotation, TLS
Secure Coding & OWASP Injection, XSS, CSRF, access control, SSRF,
21 30%
Top 10 input validation, secure session handling
Security Testing & Code SAST/DAST/IAST, fuzzing, penetration
11 15%
Inspection testing, code inspection, DevSecOps
NIST SSDF, ISO 27001, SLSA, SBOM, zero
Compliance, Risk & Supply
10 trust, GDPR/CCPA, dependency 15%
Chain Security
management
Comprehensive Secure Software
TOTAL 70 100%
Design coverage
Examination Questions
Domain: SSDLC & Threat Modeling
, 1. Which activity is performed FIRST in a mature Secure Software Development Life Cycle
(SSDLC)?
A. Writing unit tests for security controls
B. Eliciting and documenting security requirements alongside functional requirements
C. Deploying web application firewall (WAF) rules in production
D. Running dynamic analysis against the staging build
Correct Answer: B. Eliciting and documenting security requirements alongside functional
requirements
Rationale: Security requirements must be elicited and documented during the requirements phase so
that confidentiality, integrity, availability, and compliance needs drive every downstream design and
implementation decision.
Why Wrong:
• A is incorrect because unit testing occurs during the implementation phase, after
requirements and design are established.
• C is incorrect because production WAF deployment is a late-stage operational control, not an
SSDLC initiation activity.
• D is incorrect because dynamic analysis requires a buildable artifact and therefore occurs
much later in the lifecycle.
Reference: WGU D487 Course Module 1 — SSDLC Overview; NIST SP 800-218 (SSDF) PO.1
2. In the STRIDE threat modeling framework, the 'T' represents Tampering. Which
security property does tampering primarily compromise?
A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation
Correct Answer: B. Integrity
Rationale: Tampering involves unauthorized modification of data or code, directly violating the
integrity property. STRIDE maps each threat category to a specific CIA triad property (or related
axiom such as authentication or non-repudiation).
Why Wrong:
• A is incorrect because confidentiality is targeted by Spoofing and Information Disclosure in
STRIDE.
• C is incorrect because availability is targeted by Denial of Service.
• D is incorrect because non-repudiation is targeted by Repudiation, not Tampering.
Reference: WGU D487 Module 2 — Threat Modeling; Microsoft STRIDE Reference (Shostack, Threat
Modeling: Designing for Security)