WGU D487 SECURE SW DESIGN OBJECTIVE ASSESSMENT (2025) EXAM
QUESTIONS AND ANSWERS
What is a study of real- Building Security In Maturity Model (BSIMM)
world software security
initiatives organized so
companies can measure
their initiatives and
understand how to evolve
them over time?,
What is the analysis of Static analysis
computer software that
is performed without
executing
programs?
Which International ISO/IEC 27001.
Organization for
Standardization (ISO)
standard is the
benchmark for
information security
today?
What is the analysis of Dynamic analysis
computer software that
is performed by
executing programs on
a real or virtual
processor in real time?,
Which person is Software security architect
responsible for
designing, planning,
and implementing
secure coding practices
and security testing
methodologies?
,A company is preparing Waterfall
to add a new
feature to its flagship
software product. The
new feature is similar to
features that have been
added in previous years,
and the
requirements are well-
documented. The
project is expected to
last three to four
months, at which time
the new feature will be
released to customers.
Project team
members will focus
solely on the new
feature until the project
ends. Which software
development
methodology is being
used?
A new product will require Principle of least privilege
an
administration section
for a small number of
users. Normal users will
be able to view limited
customer information
and should not see
admin functionality
, within the
application. Which
concept is being used?
The scrum team is Daily Scrum
attending their morning
meeting, which is
scheduled at the
beginning of the work day.
Each team
member reports what
they accomplished
yesterday, what they
plan to accomplish
today, and if they have
any impediments
that may cause them to
miss their delivery
deadline. Which scrum
ceremony is the team
participating in?
What is a list of Common computer vulnerabilities and exposures (CVE)
information security
vulnerabilities that aims
to provide names for
publicly known
problems?
Which secure coding best Cryptographic practices
practice uses
well-tested, publicly
available algorithms to
hide product data from
unauthorized access?
QUESTIONS AND ANSWERS
What is a study of real- Building Security In Maturity Model (BSIMM)
world software security
initiatives organized so
companies can measure
their initiatives and
understand how to evolve
them over time?,
What is the analysis of Static analysis
computer software that
is performed without
executing
programs?
Which International ISO/IEC 27001.
Organization for
Standardization (ISO)
standard is the
benchmark for
information security
today?
What is the analysis of Dynamic analysis
computer software that
is performed by
executing programs on
a real or virtual
processor in real time?,
Which person is Software security architect
responsible for
designing, planning,
and implementing
secure coding practices
and security testing
methodologies?
,A company is preparing Waterfall
to add a new
feature to its flagship
software product. The
new feature is similar to
features that have been
added in previous years,
and the
requirements are well-
documented. The
project is expected to
last three to four
months, at which time
the new feature will be
released to customers.
Project team
members will focus
solely on the new
feature until the project
ends. Which software
development
methodology is being
used?
A new product will require Principle of least privilege
an
administration section
for a small number of
users. Normal users will
be able to view limited
customer information
and should not see
admin functionality
, within the
application. Which
concept is being used?
The scrum team is Daily Scrum
attending their morning
meeting, which is
scheduled at the
beginning of the work day.
Each team
member reports what
they accomplished
yesterday, what they
plan to accomplish
today, and if they have
any impediments
that may cause them to
miss their delivery
deadline. Which scrum
ceremony is the team
participating in?
What is a list of Common computer vulnerabilities and exposures (CVE)
information security
vulnerabilities that aims
to provide names for
publicly known
problems?
Which secure coding best Cryptographic practices
practice uses
well-tested, publicly
available algorithms to
hide product data from
unauthorized access?
