WGU D487 Secure SW Design Exam 2025
Questions and Answers
Which practice in the Ship (A5) phase of the security development cycle verifies whether the
product meets security mandates? - ANS A5 policy compliance analysis
Which post-release support activity defines the process to communicate, identify, and alleviate
security threats? - ANS PRSA1: External vulnerability disclosure response
What are two core practice areas of the OWASP Security Assurance Maturity Model
(OpenSAMM)? - ANS Governance, Construction
Which practice in the Ship (A5) phase of the security development cycle uses tools to identify
weaknesses in the product? - ANS Vulnerability scan
Which post-release support activity should be completed when companies are joining
together? - ANS Security architectural reviews
Which of the Ship (A5) deliverables of the security development cycle are performed during the
A5 policy compliance analysis? - ANS Analyze activities and standards
Which of the Ship (A5) deliverables of the security development cycle are performed during the
code-assisted penetration testing? - ANS white-box security test
Pg. 1 Copyright © 2025 Jasonmcconell. ALL RIGHTS RESERVED.
, Which of the Ship (A5) deliverables of the security development cycle are performed during the
open-source licensing review? - ANS license compliance
Which of the Ship (A5) deliverables of the security development cycle are performed during the
final security review? - ANS Release and ship
How can you establish your own SDL to build security into a process appropriate for your
organization's needs based on agile? - ANS iterative development
How can you establish your own SDL to build security into a process appropriate for your
organization's needs based on devops? - ANS continuous integration and continuous
deployments
How can you establish your own SDL to build security into a process appropriate for your
organization's needs based on cloud? - ANS API invocation processes
How can you establish your own SDL to build security into a process appropriate for your
organization's needs based on digital enterprise? - ANS enables and improves business
activities
Which phase of penetration testing allows for remediation to be performed? - ANS Deploy
Which key deliverable occurs during post-release support? - ANS third-party reviews
Which business function of OpenSAMM is associated with governance? - ANS Policy and
compliance
Which business function of OpenSAMM is associated with construction? - ANS Threat
assessment
Pg. 2 Copyright © 2025 Jasonmcconell. ALL RIGHTS RESERVED.
Questions and Answers
Which practice in the Ship (A5) phase of the security development cycle verifies whether the
product meets security mandates? - ANS A5 policy compliance analysis
Which post-release support activity defines the process to communicate, identify, and alleviate
security threats? - ANS PRSA1: External vulnerability disclosure response
What are two core practice areas of the OWASP Security Assurance Maturity Model
(OpenSAMM)? - ANS Governance, Construction
Which practice in the Ship (A5) phase of the security development cycle uses tools to identify
weaknesses in the product? - ANS Vulnerability scan
Which post-release support activity should be completed when companies are joining
together? - ANS Security architectural reviews
Which of the Ship (A5) deliverables of the security development cycle are performed during the
A5 policy compliance analysis? - ANS Analyze activities and standards
Which of the Ship (A5) deliverables of the security development cycle are performed during the
code-assisted penetration testing? - ANS white-box security test
Pg. 1 Copyright © 2025 Jasonmcconell. ALL RIGHTS RESERVED.
, Which of the Ship (A5) deliverables of the security development cycle are performed during the
open-source licensing review? - ANS license compliance
Which of the Ship (A5) deliverables of the security development cycle are performed during the
final security review? - ANS Release and ship
How can you establish your own SDL to build security into a process appropriate for your
organization's needs based on agile? - ANS iterative development
How can you establish your own SDL to build security into a process appropriate for your
organization's needs based on devops? - ANS continuous integration and continuous
deployments
How can you establish your own SDL to build security into a process appropriate for your
organization's needs based on cloud? - ANS API invocation processes
How can you establish your own SDL to build security into a process appropriate for your
organization's needs based on digital enterprise? - ANS enables and improves business
activities
Which phase of penetration testing allows for remediation to be performed? - ANS Deploy
Which key deliverable occurs during post-release support? - ANS third-party reviews
Which business function of OpenSAMM is associated with governance? - ANS Policy and
compliance
Which business function of OpenSAMM is associated with construction? - ANS Threat
assessment
Pg. 2 Copyright © 2025 Jasonmcconell. ALL RIGHTS RESERVED.
