WGU D487 Secure SW Design
OBJECTIVE ASSESSMENT FINAL
EXAM 2025/2026 COMPLETE
QUESTIONS AND CORRECT DETAILED
ANSWERS WITH RATIONALES ||
100% GUARANTEED PASS!! <LATEST
VERSION>
1. Type of application security testing to identify vulnerabilities within a
product application - ANSWER ✓ dynamic analysis
2. After the developer is done coding a functionality, when should code
review be completed? - ANSWER ✓ Within hours/same day
3. What is the order that code reviews should follow in order to be effective? -
ANSWER ✓ Identify security code review objectives, perform preliminary
scan, review code for security issues, review the code for security issues
unique to the architecture
4. When a software application handles personally identifiable information
(PII) data, what will be the Privacy Impact Rating? - ANSWER ✓ P1 High
Privacy Risk
5. Which key success factor identifies threats to the software? - ANSWER ✓
Effective threat modeling
6. What is the goal of design security review deliverables? - ANSWER ✓ To
make modifications to the design of software components based on
security assessments
, 7. Which application scanner component is useful in identifying vulnerabilities
such as cookie misconfigurations and insecure configuration of HTTP
response headers? - ANSWER ✓ passive scanner
8. Which type of attack occurs when an attacker uses malicious code in the
data sent in a form? - ANSWER ✓ cross-site scripting
9. What tool is a self-managed, automatic code review product? - ANSWER ✓
SonarQube
10.What tool is an open-source automation server? - ANSWER ✓ Jenkins
11.What tool is a proprietary issue tracking product? - ANSWER ✓ JIRA
12.What tool is an AI powered management solution? - ANSWER ✓ Dynatrace
13.A new application is released, and users perform initial testing on the
application.Which type of testing are the users performing? - ANSWER ✓
Beta testing
14.What is a non-system-related component in software security testing
attack surface validation? - ANSWER ✓ Users
15.When an application's input validation is not handled properly, it could
result in which kind of vulnerabilities? - ANSWER ✓ SQL injection, cross-site
scripting
16.What are the advantages of the conducting static code analysis? - ANSWER
✓ access to the actual instructions the software will be guessing
17.What are the advantages of the conducting dynamic code analysis? -
ANSWER ✓ tests a specific operational deployment
18.What are the advantages of the conducting fuzz testing? - ANSWER ✓
testing in a random approach
OBJECTIVE ASSESSMENT FINAL
EXAM 2025/2026 COMPLETE
QUESTIONS AND CORRECT DETAILED
ANSWERS WITH RATIONALES ||
100% GUARANTEED PASS!! <LATEST
VERSION>
1. Type of application security testing to identify vulnerabilities within a
product application - ANSWER ✓ dynamic analysis
2. After the developer is done coding a functionality, when should code
review be completed? - ANSWER ✓ Within hours/same day
3. What is the order that code reviews should follow in order to be effective? -
ANSWER ✓ Identify security code review objectives, perform preliminary
scan, review code for security issues, review the code for security issues
unique to the architecture
4. When a software application handles personally identifiable information
(PII) data, what will be the Privacy Impact Rating? - ANSWER ✓ P1 High
Privacy Risk
5. Which key success factor identifies threats to the software? - ANSWER ✓
Effective threat modeling
6. What is the goal of design security review deliverables? - ANSWER ✓ To
make modifications to the design of software components based on
security assessments
, 7. Which application scanner component is useful in identifying vulnerabilities
such as cookie misconfigurations and insecure configuration of HTTP
response headers? - ANSWER ✓ passive scanner
8. Which type of attack occurs when an attacker uses malicious code in the
data sent in a form? - ANSWER ✓ cross-site scripting
9. What tool is a self-managed, automatic code review product? - ANSWER ✓
SonarQube
10.What tool is an open-source automation server? - ANSWER ✓ Jenkins
11.What tool is a proprietary issue tracking product? - ANSWER ✓ JIRA
12.What tool is an AI powered management solution? - ANSWER ✓ Dynatrace
13.A new application is released, and users perform initial testing on the
application.Which type of testing are the users performing? - ANSWER ✓
Beta testing
14.What is a non-system-related component in software security testing
attack surface validation? - ANSWER ✓ Users
15.When an application's input validation is not handled properly, it could
result in which kind of vulnerabilities? - ANSWER ✓ SQL injection, cross-site
scripting
16.What are the advantages of the conducting static code analysis? - ANSWER
✓ access to the actual instructions the software will be guessing
17.What are the advantages of the conducting dynamic code analysis? -
ANSWER ✓ tests a specific operational deployment
18.What are the advantages of the conducting fuzz testing? - ANSWER ✓
testing in a random approach
