Escrito por estudiantes que aprobaron Inmediatamente disponible después del pago Leer en línea o como PDF ¿Documento equivocado? Cámbialo gratis 4,6 TrustPilot
logo-home
Examen

WGU D487 Secure Software Design – Western Governors University – 2026/2027 Final Examination Answer Key

Puntuación
-
Vendido
-
Páginas
36
Grado
A+
Subido en
25-06-2026
Escrito en
2025/2026

This document contains questions and answers covering the core topics of WGU D487 Secure Software Design, including secure software development lifecycle (SSDLC), cryptography, secure coding practices, security testing, and compliance requirements. The material is aligned with the course blueprint and references industry frameworks such as OWASP Top 10, NIST SSDF, and ISO/IEC 27034. It serves as a comprehensive exam-preparation resource with verified questions designed to reinforce secure software design principles and cybersecurity best practices. The content is organized across multiple domains commonly assessed in the final examination.

Mostrar más Leer menos
Institución
WGU D487 Secure Software Design
Grado
WGU D487 Secure Software Design

Vista previa del contenido

WESTERN GOVERNORS UNIVERSITY |
CYBERSECURITY & SOFTWARE ENGINEERING

WGU D487 Secure Software Design

Actual Exam —


FINAL EXAMINATION — ANSWER KEY
70 Questions | Verified | 2026/2027 Edition
Aligned with OWASP Top 10 (2026), NIST SSDF, and ISO/IEC 27034
Five Domains • SSDLC • Cryptography • Secure Coding • Testing • Compliance


Prepared per WGU D487 Course Blueprint | Confidential Academic Assessment Material
© 2026 Western Governors University — D487 Secure Software Design

,Key Features



✓ Secure Software Development Life Cycle (SSDLC) and threat modeling methodologies — STRIDE,
PASTA, and attack-tree driven design across all lifecycle phases.
✓ Cryptography, encryption standards, and key management principles — AES, RSA, ECC, hashing,
digital signatures, PKI, and HSM-backed key lifecycle controls.
✓ OWASP Top 10 vulnerabilities and secure coding techniques — injection, broken access control,
cryptographic failures, SSRF, and insecure design mitigations.
✓ Security testing, code inspection, and static/dynamic analysis — SAST, DAST, IAST, fuzzing,
penetration testing, and continuous security regression validation.
✓ Compliance frameworks, risk management, and software supply chain security — NIST SSDF,
SLSA, SBOM, zero-trust integration, and CI/CD pipeline hardening.

Updates for 2026



• Updated OWASP Top 10 for 2026 — New category coverage for AI-driven prompt injection,
advanced API vulnerabilities (BOLA, broken function-level authorization), and insecure LLM
integrations reflecting the rise of generative-AI-enabled application surfaces.
• Revised NIST Secure Software Development Framework (SSDF) guidelines — SP 800-
218 Revision 2 guidance now mandates zero-trust architecture integration, attested build
environments, cryptographic provenance for artifacts, and explicit AI/ML model supply-chain
controls.
• New industry standards for software supply chain security — SLSA Level 3+ build
provenance, signed SBOMs (CycloneDX 1.6 / SPDX 3.0), in-toto attestations, and Sigstore-based
signing are now baseline expectations for CI/CD pipeline hardening.

Abstract



This document presents a verified 70-question actual examination for the WGU D487 Secure
Software Design Objective Assessment, calibrated to the 2026/2027 Western Governors University
course blueprint and aligned with current OWASP, NIST, and ISO secure software engineering
standards. The examination comprehensively assesses the candidate's mastery of integrating security
principles into every phase of the software development lifecycle — from initial threat modeling and
security requirements elicitation through architecture-level risk analysis, secure coding, cryptographic
key management, rigorous security testing, deployment hardening, and ongoing maintenance.
Questions span five weighted domains: SSDLC and Threat Modeling, Cryptography and Key
Management, Secure Coding and the OWASP Top 10, Security Testing and Code Inspection, and
Compliance, Risk, and Supply Chain Security. Each item is accompanied by a verified correct answer, a
Deep Teal rationale explaining the underlying security principle, an analysis of why each distractor is
incorrect, and a precise reference to the authoritative source. The structure is designed to mirror the
rigor of the live assessment and to reinforce the candidate's ability to apply security standards, threat-
driven design decisions, and proven methodologies in realistic software engineering scenarios.

Keywords

,WGU D487, Secure Software Design, SSDLC, OWASP, Threat Modeling, Cryptography, Secure Coding,
Security Testing, NIST SSDF, Supply Chain Security, STRIDE, Key Management, Static Analysis, Zero
Trust, SBOM

Content Area Overview



The 70-question actual exam is distributed across five weighted domains reflecting the official WGU
D487 course blueprint. The table below summarizes each content area, its question allocation, key
topics, and examination weight.

Content Area Questions Key Topics Weight

Lifecycle phases, STRIDE, PASTA, abuse
SSDLC & Threat Modeling 14 20%
cases, risk ranking, attack surface reduction

Cryptography & Key Symmetric/asymmetric, AES/RSA/ECC,
14 20%
Management hashing, PKI, HSM, key rotation, TLS

Secure Coding & OWASP Injection, XSS, CSRF, access control, SSRF,
21 30%
Top 10 input validation, secure session handling

Security Testing & Code SAST/DAST/IAST, fuzzing, penetration
11 15%
Inspection testing, code inspection, DevSecOps

NIST SSDF, ISO 27001, SLSA, SBOM, zero
Compliance, Risk & Supply
10 trust, GDPR/CCPA, dependency 15%
Chain Security
management

Comprehensive Secure Software
TOTAL 70 100%
Design coverage


Examination Questions




Domain: SSDLC & Threat Modeling

, 1. Which activity is performed FIRST in a mature Secure Software Development Life Cycle
(SSDLC)?
A. Writing unit tests for security controls
B. Eliciting and documenting security requirements alongside functional requirements
C. Deploying web application firewall (WAF) rules in production
D. Running dynamic analysis against the staging build
Correct Answer: B. Eliciting and documenting security requirements alongside functional
requirements
Rationale: Security requirements must be elicited and documented during the requirements phase so
that confidentiality, integrity, availability, and compliance needs drive every downstream design and
implementation decision.
Why Wrong:
• A is incorrect because unit testing occurs during the implementation phase, after
requirements and design are established.
• C is incorrect because production WAF deployment is a late-stage operational control, not an
SSDLC initiation activity.
• D is incorrect because dynamic analysis requires a buildable artifact and therefore occurs
much later in the lifecycle.
Reference: WGU D487 Course Module 1 — SSDLC Overview; NIST SP 800-218 (SSDF) PO.1

2. In the STRIDE threat modeling framework, the 'T' represents Tampering. Which
security property does tampering primarily compromise?
A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation
Correct Answer: B. Integrity
Rationale: Tampering involves unauthorized modification of data or code, directly violating the
integrity property. STRIDE maps each threat category to a specific CIA triad property (or related
axiom such as authentication or non-repudiation).
Why Wrong:
• A is incorrect because confidentiality is targeted by Spoofing and Information Disclosure in
STRIDE.
• C is incorrect because availability is targeted by Denial of Service.
• D is incorrect because non-repudiation is targeted by Repudiation, not Tampering.
Reference: WGU D487 Module 2 — Threat Modeling; Microsoft STRIDE Reference (Shostack, Threat
Modeling: Designing for Security)

Escuela, estudio y materia

Institución
WGU D487 Secure Software Design
Grado
WGU D487 Secure Software Design

Información del documento

Subido en
25 de junio de 2026
Número de páginas
36
Escrito en
2025/2026
Tipo
Examen
Contiene
Preguntas y respuestas

Temas

$16.00
Accede al documento completo:

¿Documento equivocado? Cámbialo gratis Dentro de los 14 días posteriores a la compra y antes de descargarlo, puedes elegir otro documento. Puedes gastar el importe de nuevo.
Escrito por estudiantes que aprobaron
Inmediatamente disponible después del pago
Leer en línea o como PDF

Conoce al vendedor

Seller avatar
Los indicadores de reputación están sujetos a la cantidad de artículos vendidos por una tarifa y las reseñas que ha recibido por esos documentos. Hay tres niveles: Bronce, Plata y Oro. Cuanto mayor reputación, más podrás confiar en la calidad del trabajo del vendedor.
BestSellerStuvia Chamberlain College Of Nursing
Seguir Necesitas iniciar sesión para seguir a otros usuarios o asignaturas
Vendido
4562
Miembro desde
5 año
Número de seguidores
2073
Documentos
5890
Última venta
6 horas hace
BestSellerStuvia

Welcome to BESTSELLERSTUVIA, your ultimate destination for high-quality, verified study materials trusted by students, educators, and professionals across the globe. We specialize in providing A+ graded exam files, practice questions, complete study guides, and certification prep tailored to a wide range of academic and professional fields. Whether you're preparing for nursing licensure (NCLEX, ATI, HESI, ANCC, AANP), healthcare certifications (ACLS, BLS, PALS, PMHNP, AGNP), standardized tests (TEAS, HESI, PAX, NLN), or university-specific exams (WGU, Portage Learning, Georgia Tech, and more), our documents are 100% correct, up-to-date for 2025/2026, and reviewed for accuracy. What makes BESTSELLERSTUVIA stand out: ✅ Verified Questions & Correct Answers

Lee mas Leer menos
3.6

653 reseñas

5
269
4
113
3
136
2
31
1
104

Recientemente visto por ti

Por qué los estudiantes eligen Stuvia

Creado por compañeros estudiantes, verificado por reseñas

Calidad en la que puedes confiar: escrito por estudiantes que aprobaron y evaluado por otros que han usado estos resúmenes.

¿No estás satisfecho? Elige otro documento

¡No te preocupes! Puedes elegir directamente otro documento que se ajuste mejor a lo que buscas.

Paga como quieras, empieza a estudiar al instante

Sin suscripción, sin compromisos. Paga como estés acostumbrado con tarjeta de crédito y descarga tu documento PDF inmediatamente.

Student with book image

“Comprado, descargado y aprobado. Así de fácil puede ser.”

Alisha Student

Preguntas frecuentes